Flaw with Thunderbolt Technology Puts User Security at Risk

Posted by
May 11, 2020
Reviewed by
Jan 16, 2024
min. read
Table of Contents

What was designed to be a tool for transferring data at faster speeds is now found to be anything but a convenient advancement. The Thunderbolt cable by Apple allows one computer system to connect to another for system migration or connects an external storage device to a host system. A security researcher recently found that hackers can steal data from Thunderbolt-equipped PCs or Linux computers even if the computer is locked.

Uses for Thunderbolt Technology

Thunderbolt technology is a somewhat newer development in device connectivity. It allows you to add several devices to your computer through multiple cords. The overarching goal of the technology is to support fast data transfer. The original Thunderbolt can transfer at speeds of 10Gb per second while Thunderbolt 2 can connect channels at 20Gb per second. The Thunderbolt 3 is the newest addition to the family with a 40Gb per second transfer rate and 100 watts of power to charge laptops and smartphones.

The Thunderbolt cables are used in a variety of ways to make the computer user’s experience better:

  • Watching videos in high-resolution with connectivity to 4K and 5K video output
  • Charging Macbooks and other devices with 100 watts of power
  • Data transfer between a Mac device and an external hard drive or another dock
  • Bi-directional connectivity to allow for transmitting and receiving data simultaneously
  • Encoding and burning disks at faster speeds

Security Concerns with the Fast and Furious Connection

Both Macs and PCs are equipped to handle Thunderbolt connectivity, which unfortunately means both machines are vulnerable to its security flaw. According to 9to5 Mac, at least seven serious security flaws have been identified in Thunderbolt ports and Thunderbolt-compatible USB-C ports used on the more advanced Mac machines. Security researcher Bjorn Ruytenberg found the following issues in Intel’s Thunderbolt chips:

  • Inadequate firmware verification schemes
  • Weak device authentication methods
  • Use of unauthenticated metadata
  • Unauthenticated controller configurations
  • SPI flash interface deficiencies
  • Downgrade attack with backwards compatibility
  • Lack of Thunderbolt security on Boot Camp

Ruytenberg explained that hackers could utilize a method known as “Thunderspy” where an attacker uses a screwdriver and portable hardware to gain physical access to your machine. The malicious actor could then change the firmware that controls the Thunderbolt port, giving access to any device. The worst part is a user won’t even know that their host device has been altered.

This only affects PCs such as Dell, HP, Lenovo, though Apple computers that run Boot Camp and a Mac OS are also vulnerable. The vulnerabilities allow an attacker to bypass the first level of security and compromise the authenticity of Thunderbolt metadata in the Mac OS system information. An attacker could even permanently disable Thunderbolt security and block any future firmware updates.

Protecting Devices from Unauthorized Access

The security flaws are present in the controller chips in the computer, meaning that a software update would not be able to fix the problem. Intel has created a Thunderbolt security system called Kernel Direct Memory Access Protection that would prevent a Thundespy attack. This level of protection is only available on computers that were manufactured in 2019 and later. That is a huge blow to PC users with older host devices as well as Mac users whose computers that were shipped between 2011 and 2020.

In order to protect themselves from these types of attacks, users should abide by the following suggestions:

  • Don’t leave your system unattended while powered on, even if the screen is locked
  • Connect only your own Thunderbolt cables and do not lend them to someone else
  • Ensure there is appropriate physical security when storing your host device and Thunderbolt media
  • Avoid using sleep mode and power your host device off completely when not in use

The ideal way to protect your critical data is to use a hardware encrypted SecureDrive BT. The device is FIPS 140-2 Level 3 Validated, meaning it was tested in a government facility to ensure security. The device itself has parts coated in epoxy, so even if a hacker stole the device, they would not be able to reverse engineer the drive or steal your information. The BT drive can only be accessed through our secure mobile app, including biometric authentication through fingerprints or facial recognition.

With security features like Step-Away AutoLock and inactivity AutoLock, your device will be protected from unauthorized access, even when your device is plugged into the computer. You can avoid data transfer concerns with flawed Thunderbolt technology and share data via the SecureDrive, which offers read-only mode so data on the drive cannot be altered.

Data Security

Discover our secure data Solutions

Data Recovery Services

From single external hard drives, SSD’s, mobile devices to enterprise NAS, SAN, and RAID failures, we are ready to help recover from digital disasters, anywhere.

Request Help
Laura Bednar

© 2024 SecureData Corporation or its affiliates. All rights reserved.