"There is still some simple advice that can be effective: you should never leave your computer unattended for any given time", he said.
Apple and Intel are both aware of this, and Intel says it's not new and was mitigated with Kernel Direct Memory Access (DMA). The security flaw means that it is possible for a hacker with physical access to a computer to copy data even if the files are encrypted and the computer is locked.
Now, a new demonstration led by Björn Ruytenberg, a researcher at the Eindhoven University of Technology in the Netherlands, shows how a physical attack by a hacker can be pulled off just by using a very common component found in millions of PCs: the Intel Thunderbolt port.
"Our existing security bulletin provides home PC mitigations for open case DMA pre-boot type attacks". If that wasn't bad enough, Ruytenberg claims the vulnerabilities can't be patched out in software and, "impact future standards such as USB 4 and Thunderbolt 4, and will require a silicon redesign". Nearly all Macs since 2011 do have Thunderbolt, although the Thunderspy flaws are mostly defanged by Apple software precautions.
Only devices with Thunderbolt connectivity are vulnerable to these attacks. With hack gear costly roughly $400, hackers can easily gain access via Thunderbolt.
However, Thunderspy is a stealth attack, therefore, the victim would fail to notice that his/her device was tampered with once the attacker is done with the procedure.
Interestingly, vulnerabilities linked to Thunderbolt ports are not particularly new, and its chipmaker, Intel, has been aware of the issues. Researchers found out that there are no Dell-manufactured PCs with kernel DMA and only a few Lenovo and HP models manufactured in 2019 or before that are equipped with DMA. This vulnerability might explain why Microsoft didn't include Thunderbolt in its Surface laptops.
As a result, effectively, all devices released before 2019 remain fully vulnerable to Thunderspy forever, including those manufactured a year ago without Kernel DMA Protection.
The issue reportedly can not be resolved via a simple software fix - but only by deactivating the vulnerable port. The system becomes vulnerable to attacks similar to BadUSB. Thunderbolt ports look like regular USB-C or MiniDisplay ports, except they've got a little lighting bolt printed next to the port instead or or alongside the regular USB or display symbols.
"Given the nature of Thunderspy, however, we believe it would be reasonable to assume these can not be fixed and require a silicon redesign". It's a different story for Mac users, with Apple stating to Ruytenberg that, "Some of the hardware security features you outlined are only available when users run macOS".
Fortunately, this vulnerability is something that everyday users shouldn't be concerned with.