Millions of Thunderbolt-Equipped Devices Open to ‘ThunderSpy’ Attack

thunderspy attack

If an attacker can get his hands on a Thunderbolt-equipped device for five minutes, he can launch a new data-stealing attack called “Thunderspy.”

A new attack enables bad actors to steal data from Windows or Linux devices equipped with Thunderbolt ports – if they can get their hands on the device for just five minutes.

The attack, called “Thunderspy,” specifically targets Thunderbolt technology, which is a hardware interface developed by Intel (in collaboration with Apple) that allows users to consolidate data transfer, charging and video peripherals into a single connector. While Apple first introduced Thunderbolt ports on its MacBook Pro in 2011, the technology has also been widely adopted with varying PCs such as Dell, HP and Lenovo. Researchers say all Thunderbolt-equipped devices manufactured before 2019 are vulnerable — meaning that there are millions of devices at risk.

To launch the Thunderspy attack, one would need physical access to the device. However, the attack can be launched in minutes, and only involves use of a Thunderbolt-equipped computer, a screwdriver and some portable hardware. Attackers could then bypass security measures and access data — even if the target device is locked and its drive encrypted.

“Thunderspy is stealth, meaning that you cannot find any traces of the attack. It does not require your involvement, i.e., there is no phishing link or malicious piece of hardware that the attacker tricks you into using,” said Björn Ruytenberg, a security researcher who is currently a student at the Eindhoven University of Technology, in a Sunday post. “Thunderspy works even if you follow best security practices by locking or suspending your computer when leaving briefly, and if your system administrator has set up the device with Secure Boot, strong BIOS and operating system account passwords, and enabled full disk encryption.”

The Attack  

Based on a slew of flaws related to Thunderbolt protocol security measures, Ruytenberg developed nine attack scenarios for how the vulnerabilities could be exploited by a malicious entity to access victims’ systems – even with the industry standards in place.

In a video proof of concept, Ruytenberg demonstrated one of the Thunderspy attacks that could be launched in minutes.  He was able to create the attack using a screwdriver, a Serial Peripheral Interface (SPI) programmer device and a Thunderbolt peripheral (gear costing about $400 in total). An SPI device is an interface bus commonly used to send data between microcontrollers and small peripherals.

In a proof of concept video, Ruytenberg showed that he was able to unscrew the bottom panel of a Thunderbolt-equipped ThinkPad to access its Thunderbolt controller, then attach the SPI programmer device using  an SOP8 clip (which is a piece of hardware that attaches to controllers’ pins).

 

The SPI programmer can then rewrite the firmware of the chip to ultimately disable its security settings – allowing Ruytenberg to log into the device in about five minutes, sans password.

The Issue

Thunderbolt ports have historically caused concerns about security over the years. That’s because in order to enable high-bandwidth, low-latency use cases (like external graphics cards), the Thunderbolt interface exposes the system’s internal PCI Express (PCIe) domain to external devices. Therefore, Thunderbolt devices possess direct memory access (DMA)-enabled I/O, allowing the ability to read and write all of system memory on a PC. 

In 2019, researchers disclosed a set of vulnerabilities collectively dubbed “Thunderclap” that put computers at risk from weaponized peripheral devices. Due to Thunderbolt devices’ communication via the PCIe protocol, an attacker could abuse the flaw by convincing a user to connect a legitimate – but trojanized – device.

To protect against these flaws, hardware and OS vendors incorporated support for DMA remapping using Input-Output Memory Management Units (IOMMUs), which imposes memory protections on DMA. And, revised Thunderbolt controllers were introduced as a software-based access control measure that only authorizes trusted devices only.

However, Ruytenberg found seven issues related to these Thunderbolt protocol security measures, which could allow for the Thunderspy attacks. These flaws include: Inadequate firmware verification schemes, weak device authentication scheme, use of unauthenticated device metadata, downgrade attack using backwards compatibility, use of unauthenticated controller configurations, SPI flash interface deficiencies and a lack of Thunderbolt security on Boot Camp.

In a blog post responding to the flaws, Intel stressed that Ruytenberg’s research is not new, but instead demonstrates new attack vectors using a customized peripheral device on systems that did not have previous mitigations (including kernel DMA protections) enabled.

Ruytenberg responded that kernel DMA protection mitigates some — but not all of — the Thunderspy vulnerabilities, because devices manufactured earlier than 2019 don’t have kernel DMA protection and are still vulnerable. The only way to fully prevent Thunderspy attacks is to disable Thunderbolt ports from within BIOS, the researcher said.

Disclosure

Ruytenberg disclosed the flaws to Intel on Feb. 10. Intel told the researcher it was aware of the flaws and wouldn’t be issuing further mitigations beyond kernel DMA protection. The researcher and chip maker exchanged some back and forth regarding the notification of affected parties – Intel only listed five companies that they would inform, Ruytenberg said, though researchers said 11 more OEM/ODMs and the Linux kernel security team needed to be notified.

“Eventually they notified us that they informed some parties on 25 March about the vulnerabilities and upcoming disclosure, without giving us details of what this information consisted of and whom exactly they contacted,” said Ruytenberg. “We reached out to several more parties after realizing that they had been skipped by Intel.”

Intel for its part recommends Thunderbolt port users check with their system manufacturers to determine whether their system has mitigations incorporated.

“For all systems, we recommend following standard security practices, including the use of only trusted peripherals and preventing unauthorized physical access to computers,” according to Jerry Bryant, director of communications for Intel Product Assurance and Security in a Sunday disclosure post. “As part of the Security-First Pledge, Intel will continue to improve the security of Thunderbolt technology, and we thank the researchers from Eindhoven University for reporting this to us.”

Ruytenberg plans to present his research at the Black Hat USA conference this summer.

Inbox security is your best defense against today’s fastest growing security threat – phishing and Business Email Compromise attacks. On May 13 at 2 p.m. ET, join Valimail security experts and Threatpost for a FREE webinar, 5 Proven Strategies to Prevent Email Compromise. Get exclusive insights and advanced takeaways on how to lock down your inbox to fend off the latest phishing and BEC assaults. Please register here for this sponsored webinar.

Suggested articles

Discussion

  • Arjen Lentz on

    How would an attacker be able to bypass full-disk encryption such as LUKS on Linux? Naturally, if the computer is merely in stand-by, decryption keys may be retrieved from RAM, but that vector exists even without manipulating Thunderbolt. If, however, the computer is off, proper full-disk encryption such as LUKS cannot be bypassed. There is nothing to bypass.
  • Tom Atkinson on

    This will make secure enclave type off-limits memory more popular. Like on all the Intel Macs and hardware security modules etc.

Leave A Comment

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.