https://www.techpowerup.com/266917/unfixable-flaw-found-in-thunderbolt-port-that-unlocks-any-pc-in-less-than-5-minutes

Dutch researcher from the Eindhoven University of Technology has found a new vulnerability in Thunderbolt port that allows attackers with physical access to unlock any PC running Windows or Linux kernel-based OS in less than 5 minutes. The researcher of the university called Björn Ruytenberg found a method which he calls Thunderspy, which can bypass the login screen of any PC. This attack requires physical access to the device, which is, of course, dangerous on its own if left with a person of knowledge. The Thunderbolt port is a fast protocol, and part of the reason why it is so fast is that it partially allows direct access to computer memory. And anything that can access memory directly is a potential vulnerability.

The Thunderspy attack relies on just that. There is a feature built into the Thunderbolt firmware called "Security Level", which disallows access to untrusted devices or even turns off Thunderbolt port altogether. This feature would make the port be a simple USB or display output. However, the researcher has found a way to alter the firmware setting of Thunderbolt control chip in a way so it allows any device to access the PC. This procedure is done without any trace and OS can not detect that there was a change. From there, the magic happens. Using an SPI (Serial Peripheral Interface) programmer with a SOP8 clip that connects the pins of the programmer device to the controller, the attacker just runs a script from there. This procedure requires around $400 worth of hardware. Intel already put some protection last year for the Thunderbolt port called Kernel Direct Memory Access Protection, but that feature isn't implemented on PCs manufactured before 2019. And even starting from 2019, not all PC manufacturers implement the feature, so there is a wide group of devices vulnerable to this unfixable attack.

https://www.youtube.com/watch?v=7uvSZA1F9os

I always felt that thunderbolt was a hugely expensive, unnessary port.... and now it even turns out it had a flaw like this in it the whole time too.

Thoughts? Surprised at another Intel related vulnerability?

Another day, another Intel vulnerability. Not surprising.

I do like the main idea of Thunderbolt. You have a thin and light laptop that has a good CPU with Thunderbolt ports and you can go to work or come home and connect to an External dock that has a beefy GPU and other things.

The problem is that you can generally get a better laptop that also has a beefy gpu which can also be fairly thin and light these days for less than the price of the weak laptop + thunderbolt dock + external GPU. So it's more of a rarity case I would say than anything.

Oh, Thunderbolt.... you never cease to disappoint.

That's not a flaw but a feature.

I've seen easier backdoors in security relevant devices that were put there on purpose and are well documented.
It's like leaving the door wide open to the server room and then complaining that someone stole a server because of the "flaw" that the server was light enough to be carried away.

Not a single technology on this planet is safe if you allow undisturbed physical access to it.

Why make the life of hackers harder right? If you take the fun and challenge they won't bother.

True.

Thunderbolt defenders are probably, as we speak, coming up with ways they can spin this into something positive.

Are there people who religiously defend a port? There's no way to spin this, this just sucks lol. Though I do like my notebook's Thunderbolt ports from a user experience. It's convenient to have one cable for my external monitor that also charges my notebook.