Thunderspy: New Thunderbolt Flaw Enables Stealth Attack on Ports

Thunderbolt is the brand name of a hardware interface that allows the connection of external peripherals to a computer. You’ll find this port on tons of Windows, Linux, as well as Apple machines.

One primary feature of Thunderbolt is its incredible speed – up to 40Gbps. To achieve such speed, the interface usually allows direct access to computer memory than other types of ports.

As you may have guessed, the increased exposure to system resources poses a significant security threat.

In 2019, security researchers discovered a series of flaws that they called “Thunderclap.” The vulnerability enabled the planting of malicious components that could bypass security measures.

At the time, the researchers recommended using Thunderbolt security levels to limit system access. Now, a Dutch security researcher Björn Ruytenberg has discovered a new Thunderbolt vulnerability that can bypass those security measures.

The flaw is called “ThunderSpy.”

How ThunderSpy Allows Unauthorized Access to a Computer

ThunderSpy allows a hacker to bypass locks, password-protection, and encryption on ports produced before 2019.

According to Ruytenberg, the attack requires physical access to the computer to carry out the exploit. What’s more, the security researcher described this category of attack as “the evil maid.”

He explained:

“All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop.”

The whole process could take as little as five minutes, and leave zero evidence of physical of digital tampering. Furthermore, it only requires about $400 worth of equipment, says Ruytenberg.

Since there’s no software patch for the attack, the security researcher recommends the following: