Thunderspy: A New Problem With a Simple Old Solution

Sleeping PCs will harm you! | 5/13/2020

Thunderspy , an exploit of a DMA weakness in the Thunderbolt hardware, can take complete control of your PC, your data and your secret encryption key.  Macs are also partially vulnerable. DMA or Direct Memory Access attacks are not new. Every time a computer designer grants direct access to the computer memory, there are risks that can lead to exploits. Some history can be found here:  

Why should you care? This exploit can affect you even if you have never used Thunderbolt.

Like other DMA exploits, the Thunderspy attack requires physical access to a victim's computer, and several minutes to access internal components. Both PCs and Macs can be affected. This type of exploit is classified as an "Evil Maid Attack" because of people who enter hotel rooms looking for computers that are up and running. 

For anyone who has a system built with Thunderbolt version 3 or earlier - meaning PCs and Macs manufactured prior to 2019, it is a hardware problem, and at this point, cannot be eliminated with a software update. The simplest way to determine if your computer supports Thunderbolt, and which version, is to review your system documentation and specifications. You can also look for the Thunderbolt symbol printed on the side of your computer , which resembles a lightning bolt, to determine which of your port(s) support it.


During this time while we are all mostly working in isolation, the opportunities for this sort of attack are reduced. If you want to take steps to get ahead of the problem, the most effective mitigation step involves disabling the Thunderbolt capability. This may not be easy and will vary between computer models. There is also a risk if for any reason, Thunderbolt is eventually re-enabled. 

Anyone who must use Thunderbolt or does not use it, but can't determine how to disable it, can follow two basic rules. First, do not leave your computer unattended and running: you are vulnerable even if you have logged out or locked the screen. Second, remove "sleep" as an option for shutting down your system. Instead choose the hibernation mode, or better yet, disable both sleep and hibernation. Today's systems start up quite quickly, so you really don't need those settings.

And it's always in your best interest to enable device encryption. That means BitLocker on a PC and Filevault2 on a Mac.

Want to read more? Look here!

Official statement from Intel 

Other sources

Note that the basis of the vulnerability was reported a year ago...

Focus on the Mac 

Apparently the discoverer has written a program to test for the vulnerability. That in itself is a bit worrying! The site was down when I checked. I would advise caution before using any tool that did not originate from an accountable source.