Vulnerabilities of Thunderbolt will let the attacker steal data from memory and encrypted drives with physical access.
A Dutch researcher has nine comprehensive attack scenarios that work against all Thunderbolt computers shipped since 2011 and that allow a physically-accessed attacker to easily steal data from encrypted drives and memory.
Researcher Björn Ruytenberg outlined the so-called Thunderspy attacks in a report published on Sunday, warning that the attacks operate even when users follow best practices in security, such as locking an unattended device, setting up Stable Boot, using strong BIOS and passwords for operating system accounts, and allowing complete disk encryption.
Microsoft was so shocked at Thunderbolt 3’s susceptibility to Direct Memory Access (DMA) attacks that it decided not to include it in its Surface Products. Some Windows 10 OEMs have embraced Thunderbolt, though Thunderbolt has been a part of all Apple Mac computers since 2011.
This form of attack is vulnerable to the technology because the Thunderbolt controller – a PCIe device – has DMA that can allow an attacker to access system memory through a connected peripheral.
The Thunderclap Thunderbolt vulnerabilities disclosed in 2019, which affected devices in Mac, Linux and Windows, demonstrated this risk.
Ruytenberg states, however, that Thunderspy differs from Thunderbolt, which relied on tricking users into accepting as trusted a malicious tool. On the other hand Thunderspy breaks the reliability of Thunderbolt hardware and protocols.
While all Thunderbolt-equipped computers are vulnerable to Thunderspy, Intel, which is improving Thunderbolt technology, says the attacks have been mitigated with Kernel Direct Memory Access (DMA) security at operating-system level, but this technology is restricted to computers sold since 2019.
In Windows 1803, Microsoft introduced DMA kernel security to defend against physical access attacks using PCI devices connected to Thunderbolt 3 ports on Windows 10 OEM devices that have embraced Thunderbolt, including Dell , HP, and Lenovo.
The protection feature allows system drivers to run in an isolated portion of the kernel memory, read-only. Microsoft also states, however, that kernel DMA security “does not defend against DMA attacks by 1394/FireWire, PCMCIA, CardBus, ExpressCard, etc.
The 5.x and later Linux kernel and MacOS Sierra 10.12.4 and later also include DMA protection for the kernels.
Intel notices that Ruytenberg hasn’t shown successful DMA attacks on DMA secured computers.
Intel has developed a policy management function for Thunderbolt 3, called Protection Rates, which enables administrators to use cryptographic authentication to whitelist PCIe connections to approved peripherals.
Yet Ruytenberg argues that Thunderspy “fully violates” Intel’s Security Levels because Thunderbolt is susceptible to version update attacks due to insufficient firmware testing, poor system authentication, use of unauthenticated software metadata.
Thunderbolt also makes unauthenticated controller configurations and suffers from shortcomings in the SPI flash gui, while Thunderbolt protection is totally lacking on Apple’s Boot Camp for running Windows 10 on a Laptop, he found.
Intel has suggested people use only trustworthy peripherals in light of the Thunderspy vulnerabilities to avoid unwanted physical access to computers.
According to Ruytenberg, the vulnerabilities will allow a so-called ‘evil maid’ intruder – the fictional hotel employee who gains physical access to an unattended device – to bypass controls at Intel’s Security Level.
“The ability to construct arbitrary Thunderbolt device identities, clone user-authorized Thunderbolt devices and finally get PCIe access to execute DMA attacks is demonstrated in an evil-maid threat model and varying security levels,” he writes.
“Additionally, we show unauthenticated overriding of Security Level configurations, including the ability to fully disable Thunderbolt protection, and restoring Thunderbolt connectivity if the device is restricted to passing via USB and/or DisplayPort exclusively.” He also shows that an intruder can permanently disable Thunderbolt protection and block all potential firmware updates.
Ruytenberg says Intel will not be able to patch the Thunderspy bugs with a software update and will need a silicon redesign to solve the problems. The bugs could impact future USB 4 and Thunderbolt 4 standards as well.
Intel has not released CVE identifiers for any of the bugs in Thunderspy and does not plan to release patches for devices that are already on the market.
“The reason for Intel’s decision not to mitigate the Thunderspy vulnerabilities on in-market systems remains unexplained given our repeated efforts,” Ruytenberg said.
“Nonetheless, considering the existence of Thunderspy, we think it will be fair to conclude that these can not be resolved and require a silicon overhaul. Furthermore, Intel has indicated that they would include additional hardware safeguards for potential devices incorporating Thunderbolt technology.” Ruytenberg also states that very few devices sold since 2019 currently support the security feature. The HP EliteBook and ZBook 2019 and later, Lenovo ThinkPad P53 and X1 Carbon 2019 and later, and the Lenovo Yoga C940, if shipped with Intel’s Ice Lake CPU, are among the models which do.
Apple has also agreed not to provide a patch for Thunderspy.
