Thunderbolt 3 has a security issue – and that is so big that Microsoft refrains from installing corresponding ports in its own Surface devices, such as WindowsArea reported. The Dutch security researcher Björn Ruytenberg has determined that hackers can access the data of a laptop with the interface within a few minutes via Thunderbolt 3 (via Wired).
However, there are ways to protect your own laptops with Thunderbolt 3 against such attacks. We will therefore explain in detail what you should pay attention to now and which protective measures you can take.
Thunderspy: No solution via software
What is Thunderbolt 3? Intel developed Thunderbolt 3 as the successor to the Thunderbolt 2 connection standard and doubled the theoretically possible transmission speed to 40 Gb / s. Thunderbolt 3 also combines the Thunderbolt standard with USB, a display port and a power connector in one USB-C connector.
more on the subject
USB 4 – USB becomes Thunderbolt 3
Why does Thunderbolt 3 have a security problem? Intel buys the advantages of Thunderbolt 3 by the fact that the connection can directly access the working memory – and without the operating system having a control function.
Hackers can use the attack Ruytenberg Thunderspy calls to bypass the login screen and hard drive encryption of a laptop. It does not matter which operating system is installed on the device or whether security mechanisms such as Secure Boot and secure BIOS and OS passwords are used.
The researcher warns that a hacker only needs a few minutes to attack:
"All the (the hacker) has to do is unscrew the back of the laptop, connect a device, reprogram the firmware, lock the back, and he has full access to the laptop. All of this can be done in under five minutes do."
Although Thunderbolt has had security issues such as the Thunderclap vulnerability in the past, the discovery of Ruytenberg is particularly difficult. Because Thunderclap could still be fixed by users deactivating the port in the system settings and using it only as a USB and display port.
But this no longer works in the case of Thunderspy because hackers can bypass these settings by changing the firmware on the internal chip of the Thunderbolt port accordingly. They don't even leave traces of their attack in the system, as a video from Ruytenberg to Thunderspy shows:
Because the security problem of Thunderbolt 3 is directly related to the chip of the port, there is no way to fix the gap by software or firmware update.
How can I protect myself from Thunderspy? If you have a laptop with Thunderbolt 3, you can still take a number of measures to protect yourself from attacks:
- Download the open source tool Spycheck from Thunderspy.io to check whether your system is affected by the vulnerability.
- If you don't want to use Thunderbolt, definitely deactivate the Thunderbolt controller in the UEFI (BIOS) of your laptop. Note, however, that this also turns off the USB and DisplayPort connectivity of the ports.
- Only connect your own Thunderbolt devices and do not lend them to anyone.
- Don't leave your laptop unattended anywhere – as I said: five minutes is enough for an attack!
- Don't leave your Thunderbolt hardware unattended.
- Take appropriate physical security precautions when storing your laptop and Thunderbolt hardware.
- No use of energy-saving and standby modes.
USB 4 may also be affected
It is currently unclear to what extent USB 4 will be affected by the Thunderspy vulnerability. USB 4 uses Thunderbolt signaling, which is why the security problem may also be exploited via the new USB standard.
The research team behind Thunderspy therefore advises against buying devices with USB 4 until it is clarified whether Thunderspy also makes USB 4 vulnerable or not.
