In February 2020, researchers from Eindhoven University of Technology reached out to Intel with a report on Thunderbolt™, which they refer to as “Thunderspy”.
In the report, they discussed issues related to invasive physical attacks on Thunderbolt™ hosts and devices. While the underlying vulnerability is not new and was addressed in operating system releases last year, the researchers demonstrated new potential physical attack vectors using a customized peripheral device on systems that did not have these mitigations enabled.
In 2019, major operating systems implemented Kernel Direct Memory Access (DMA) protection to mitigate against attacks such as these. This includes Windows (Windows 10 1803 RS4 and later), Linux (kernel 5.x and later), and MacOS (MacOS 10.12.4 and later). The researchers did not demonstrate successful DMA attacks against systems with these mitigations enabled. Please check with your system manufacturer to determine if your system has these mitigations incorporated. For all systems, we recommend following standard security practices, including the use of only trusted peripherals and preventing unauthorized physical access to computers.
As part of the Security-First Pledge, Intel will continue to improve the security of Thunderbolt™ technology, and we thank the researchers from Eindhoven University for reporting this to us.
Director of Communications
Intel Product Assurance and Security