Cryptography
Thunderbolt was developed by Intel and Apple to quickly transfer data from one device to another. The technology is extremely popular and can be found on millions of computers, laptops, notebooks, and external hard drives all over the world. Almost every new laptop or desktop computer released after 2011 has one or more Thunderbolt-port. You can identify it by the lightning bolt icon. Thunderbolt uses cryptography to protect data exchange. This makes sure that hackers can’t just break in to your computer without your permission. Björn Ruytenberg, a student doing his Masters at the TU Eindhoven, found out that this is no longer true when he was doing research for his thesis. He said that he couldn’t find anything close to modern cryptography, and the few things that were there were easy to hack or work around. Ruytenberg said that he found seven different security leaks in Thunderbolt’s design. To show this, he developed software named Thunderspy. This allows him to gain access to computers without having to install a virus or another form of malware. The student said that the only things that an attacker needs are five minutes of uninterrupted access, a screwdriver, and some easy to carry hardware. Once he’s in, all data can be read and copied, even when the hard drive is encrypted, the computer is locked, or is password prtected. Thunderspy does not leave any tracks, so the victim will never know that they’ve been hacked.
Intel’s Response
According to professor Tanja Lange and doctoral candidate Jacob Appelbaum, Ruytenberg’s thesis supervisors, Ruytenberg’s research is an important addition to existing knowledge of Thunderbolt. He has researched Thunderbolt’s security mechanisms and Intel’s attempts to stop unauthorized access to computer data. Vulnerabilities were exposed which endanger nearly every computer with a Thunderbolt-port running on Windows or Linux. The results of Ruytenberg’s research will be presented at BlackHat USA 2020, a renowned information security conference in the US, in August. Ruytenberg’s findings have been presented to Intel, one of the developers of the Thunderbolt technology. The chip developer writes in a blog that they are aware of the vulnerabilities. But a software update can’t fix it. The only solution is a Kernel Direct Memory Access (DMA), a patch for the hardware. This has been available since 2019, so laptops and computers released since then don’t have the same vulnerabilities.
Disable Thunderbolt
In addition to Thunderspy, Ruytenberg also developed a tool that can check whether your laptop, computer, or external hard drive is exposed to hacks. This is called the Thunderbolt Controller Firmware Patcher. It will disable Tunderbolt security without needing access to the BIOS or the operating system. A SPIblock was developed by Ruytenberg to disable the Thunderbolt-security permanently so that you avoid future firmware updates. As a final tip the student said to never leave your laptop unattended, not even for five minutes.