Bypass for Thunderbolt 3-ports security found

Get a free Techzine subscription!

A Dutch researcher found a way to bypass the security of the Thunderbolt 3-ports. The results were published with a presentation on Thunderspy.

Björn Ruytenberg, a student at the Eindhoven University of Technology, explains how he gained access to data from computer owners. According to Ruytenberg, all it took to bypass the Thunderbolt 3-port security were five minutes, a screwdriver and certain (pocket) hardware. Physical access to a system is therefore required to abuse these vulnerabilities, but according to the researcher, all system data can be accessed without a user noticing the breach.

Thunderspy could be used to clone already authorised Thunderbolt devices, even if Security Levels are present. It would also be possible to disable Thunderbolt security without the need to access a device BIOS or operating system.

The vulnerabilities can be exploited when a system is in sleep mode. According to the researcher, systems using Kernel DMA Protection could avoid some vulnerabilities, but it is still recommended to disable the port in the BIOS.

According to the researchers, it is up to Intel to fix these mistakes, but the tech giant refuses to do so. One reason might be that a software update would be insufficient and that a complete redesign of the chip is needed. The previously announced Thunderbolt 4-port is supposed to have improved security.  

Microsoft recently said that Thunderbolt 3 is not secure enough for its Surface products.