Fatal vulnerabilities in Thunderbolt

Jasper Hijink • 9 June 2020

TU/e security researchers find fatal vulnerabilities in Thunderbolt

source: https://www.cursor.tue.nl/en/news/2020/mei/week-2/tue-security-researchers-find-fatal-vulnerabilities-in-thunderbolt/

A TU/e master student has found fatal flaws in the security of Thunderbolt, a popular technology to quickly transfer data to and from a computer. The research shows that a hacker can easily get around the protections put in place to prevent malicious attacks.

Access through Thunderbolt should be protected by cryptography, preventing all but the best-funded adversaries from getting unauthorized access. “However”, says master student Björn Ruytenberg (department of Mathematics and Computer Science), "to my surprise there was essentially nothing resembling modern cryptography. The little I found I could easily break or bypass."

Ruytenberg found seven vulnerabilities in Intel’s design and developed nine realistic scenarios (collectively known as Thunderspy) for how these could be exploited by a malicious party. All the attacker needs is five minutes alone with the computer, a screwdriver, and some easily portable hardware. Once they are in, they can read and copy all data, even if the drive is encrypted and the computer is locked or set to sleep. Thunderspy is also stealthy: it leaves no traces of the attack.

The TU/e research team contacted Intel about the findings in February. The company has since confirmed the vulnerabilities.

So, wired connection might give a false sense of security. Proper encryption of both communication and hardware is essential to cyber-security, The robust approach is following the principle of ‘secure-by-design’; start with security, then build the system, and not the other way around...

SHARE

by Jasper Hijink 7 September 2025
The Norwich Community Hospital Willow Therapy Unit is open
by Jasper Hijink 31 August 2025
London Business School adopts Mymesh for refurbishment of the Plowden Building
by Jasper Hijink 31 August 2025
Cabot Circus Shopping Centre - Bristol
by Jasper Hijink 7 August 2025
Circular Lighting Live 2025
by Jasper Hijink 30 July 2025
Empower your Mymesh installation with innovative hardware
by Connor Felstead 7 October 2024
St Thomas’ Hospital expands with The Core
by Connor Felstead 16 September 2024
Gravesend upgrades the lighting in Cascades
by Jasper Hijink 12 September 2024
Unipart - NHS Supply Chain warehouse
by Connor Felstead 12 September 2024
Bluewater uses Mymesh to upgrade the Toilet areas to Smart
MORE POSTS