A TU/e master student has found fatal flaws in the security of Thunderbolt, a popular technology to quickly transfer data to and from a computer. The research shows that a hacker can easily get around the protections put in place to prevent malicious attacks.

Access through Thunderbolt should be protected by cryptography, preventing all but the best-funded adversaries from getting unauthorized access. “However”, says master student Björn Ruytenberg (department of Mathematics and Computer Science), "to my surprise there was essentially nothing resembling modern cryptography. The little I found I could easily break or bypass."

Ruytenberg found seven vulnerabilities in Intel’s design and developed nine realistic scenarios (collectively known as Thunderspy) for how these could be exploited by a malicious party. All the attacker needs is five minutes alone with the computer, a screwdriver, and some easily portable hardware. Once they are in, they can read and copy all data, even if the drive is encrypted and the computer is locked or set to sleep. Thunderspy is also stealthy: it leaves no traces of the attack.

The TU/e research team contacted Intel about the findings in February. The company has since confirmed the vulnerabilities.

So, wired connection might give a false sense of security. Proper encryption of both communication and hardware is essential to cyber-security, The robust approach is following the principle of ‘secure-by-design’; start with security, then build the system, and not the other way around...