Eindhoven researcher cracks Thunderbolt 3 security

A researcher from Eindhoven University of Technology has presented Thunderspy, a series of vulnerabilities that breach the security of Thunderbolt 1, 2 and 3. Abuse does require physical access and opening systems.

According to Björn Ruytenberg, Computer Science and Engineering student at TU/e, all Thunderbolt-enabled systems delivered between 2011 and 2020 are vulnerable to Thunderspy. The vulnerabilities may also have consequences for Thunderbolt 4 and USB 4, which are based on Thunderbolt 3. According to Ruytenberg, fixing the vulnerabilities via software updates is not possible and hardware adjustments are required. The vulnerabilities mainly affect Windows and Linux; the impact on macOS is limited. The researcher has released the free open source tool Spycheck for Windows and Linux, which allows users to determine whether their system is vulnerable.

Thunderspy cracks the so-called Security Levels that Intel introduced with Thunderbolt 2 to remedy previous weaknesses in the technology. Security Levels provides cryptographic authentication of trusted Thunderbolt devices to prevent spoofing. Thunderspy covers seven Thunderbolt-related vulnerabilities, including issues related to firmware and device authentication, and the lack of Thunderbolt security when using Boot Camp to run Windows on a Mac. Ruytenberg describes a few scenarios with proof-of-concepts to be able to exploit the vulnerabilities in practice.

Thunderspy allows attackers to create arbitrary “identities” for Thunderbolt devices and clone devices that users have already approved. In addition, the researcher has developed a Thunderbolt Controller Firmware Patcher, which can be used to disable Thunderbolt security without requiring access to the bios or operating system. Finally, there is the SPIblock tool to prevent future firmware updates and make the Thunderbolt protection disablement permanent.

To successfully exploit the vulnerabilities, physical access to the vulnerable systems is required. This scenario is known as evil maid attack, where for example a laptop left in a hotel room can be taken care of by an attacker. The attacker would need to hack into a system to obtain the firmware image of the spi flash memory of a Thunderbolt host controller. A system can remain in sleep mode and there is no need to bypass login.

Systems with Kernel DMA Protection enabled are partially protected against Thunderspy. In practice, these are some systems that have been delivered from 2019. Ruytenberg lists the 2019 and later HP EliteBook and ZBook, the 2019 and later Lenovo ThinkPad P53, 2019 and later X1 Carbon, and the Lenovo Yoga C940 with Intel Ice Lake processors. Users who want to prevent their system from being susceptible to Thunderspy are advised to disable Thunderbolt in the BIOS. In any case, the researcher advises not to leave systems unattended in sleep mode and only connect trusted Thunderbolt accessories. When shutting down the system or in hibernation, the tools he developed cannot be used.

Ruytenberg informed Intel of the various vulnerabilities in February and March. After this, the chip manufacturer would only have informed a limited number of partners. The researcher details his findings in a paper titled Breaking Thunderbolt Protocol Security: Vulnerability Report. He will present more details at the Black Hat conference later this year. His research builds on the Thunderclap attack, which was revealed a year ago.