Microsoft has now joined Intel in confirming a newly reported security vulnerability with Thunderbolt ports, one that enables an attacker with physical access to a PC to modify the port’s controller firmware, disabling its security. As I reported last week, almost all Windows PCs with Thunderbolt ports are vulnerable, except a few from last year that shipped with Kernel DMA protection enabled.
This new security threat has been dubbed “Thunderspy” by Björn Ruytenberg, the Eindhoven University of Technology researcher who discovered and disclosed it. Ruytenberg warns that despite locking or suspending a PC, setting up a Secure Boot and strong system passwords, and enabling disk encryption, “all an attacker needs is five minutes alone with the computer” to compromise a machine.
Such physical attacks on computers are complex, high-risk and thankfully rare. But they do happen. A physical compromise such as this is nicknamed an “evil maid” attack—the idea being that your machine is targeted when you’re staying in a hotel and away from your room, or when the overnight cleaning crew come to blitz your office. An attacker needs a few undisturbed minutes with no eyes-on.
If you’re a target, this will happen when you’re down at breakfast, out to dinner or using the gym in your hotel. “I have even heard of someone finding all the screws from his laptop on the table top after he took it out from his hotel safe,” former British intel officer Philip Ingram told me. This is why security professionals leave a “do not disturb” sign on their hotel room doors even when they’re not inside—you get your room serviced by calling down and asking for it to be done at a time of your choosing. And you have your devices with you while it’s being done.
Now Microsoft has confirmed the risk that “an attacker with physical access to a system can use Thunderspy to read and copy data even from systems that have encryption with password protection enabled.” The vulnerability is in hardware, and so cannot be patched. According to Microsoft, someone with physical access to the device “could sign in and exfiltrate data or install malicious software.” Microsoft’s advice to “stay ahead of advanced data theft” is to buy a new PC.
Not just any PC, of course, but one of their newly minted “secured-core PCs.” These have been around since late last year and come with all the security bells and whistles enabled in hardware and firmware, “mitigating Thunderspy and any similar attacks that rely on malicious DMA.” Intel told me that a Thunderspy attack “could not be successfully demonstrated on systems with Kernel DMA protection,” a feature enabled by default on Microsoft’s Secured-core PCs.
As Microsoft explains, “even if an attacker was able to copy malicious Thunderbolt firmware to a device, the Kernel DMA protection on a Secured-core PC would prevent any accesses over the Thunderbolt port unless the attacker gains the user’s password… significantly raising the degree of difficulty.”
There is now a range of Secured-core PCs available, aimed at business users, likely those with a heightened sense of security awareness, who travel regularly (albeit not just at the moment), and who have valuable data on their machines. This isn’t just spooks—business leaders, VIPs, negotiators, politicians, anyone with sensitive data who travels and leaves their PC out of sight for periods of time.
The alternative mitigation to a locked-down machine, according to Ingram, is worse. “Take a burner device with only the data you need for those meetings on a separate USB. Never connect it to any network when you return home and only use it for travel to that country. If you ever leave it unattended assume the hardware has been compromised. If you have been subject to extended searches at an airport and have lost sight of your IT, assume it has been compromised.” You get the point.
As security vulnerabilities go, Thunderspy is pretty niche—an issue on a massive scale, but one which realistically only puts a very small percentage of users at risk. That said, it is a security flaw and it does leave PCs open to compromise. With that in mind, plus the fact this is now in the public domain, I’m sure many users will look at the availability of Kernel DMA protection when they next trade-up.
