Security news that informs and inspires

Thunderspy Attack Underscores Existing Thunderbolt Security Issues

By

A researcher has developed a new attack that exploits some weaknesses in the security model of the Intel Thunderbolt specification to bypass the Thunderbolt security settings and even gain access to any of the data on the machine. While the method is new, the security issues with Thunderbolt are not, and for many people the attack does not significanlty increase the risk that was already present.

The attack, known as Thunderspy, exploits vulnerabilities present in Thunderbolt 1, 2, and 3 and it works on any Windows or Linux computer with Thunderbolt ports sold before 2019. But there are some important caveats to the attack: it requires several minutes of physical access to the target computer, removing the backplate of the machine, and some specialized hardware in order to execute. If an attacker has that level of access to a computer, the machine is pretty much at his disposal, regardless of the details of the attack.

A typical attack scenario might involve a victim who leaves her laptop unattended in a hotel room or restaurant long enough for an attacker to take it, remove the back plate to access the correct port, attach the malicious peripheral, and run his code. The attack can work even if the machine is locked and in sleep mode, but the threat for most people is not much higher than with other hardware attacks that require physical access.

The new method, which was developed by Björn Ruytenberg, a masters student at Eindhoven University of Technology, is complex and relies on custom tools Ruytenberg developed to disable the Thunderbolt security settings and rewrite the target chip’s firmware.

Thunderbolt is a hardware connection that Intel developed in order to connect peripheral devices to computers over a faster interface. Ruytenberg disclosed the weaknesses to Intel several months ago and while the vendor acknowledged the issues, there are no fixes available at the moment, nor are there any simple ways to address the core problem in software.

“Despite our repeated efforts, the rationale to Intel's decision not to mitigate the Thunderspy vulnerabilities on in-market systems remains unknown. Given the nature of Thunderspy, however, we believe it would be reasonable to assume these cannot be fixed and require a silicon redesign. Indeed, for future systems implementing Thunderbolt technology, Intel has stated they will incorporate additional hardware protections,” Ruytenberg said in his explanation of the attack.

One of the key foundational problems that Ruytenberg’s attack shines a light on is that once a Thunderbolt-connected device is trusted by the computer, it then has deep access to the machine’s memory. There is some level of authentication between devices and the computer but if an attacker is able to make his own malicious device look like a trusted Thunderbolt device, as Ruytenberg has shown he can do, then he’s in business.

“There’s no real authentication going on. Intel addressed the authentication layer but that’s managed by the flash memory on the chip. They’ve chosen a method that’s cloneable. If I can get my hands on one device, I can extract anything I want to clone any other device,” said Joe FitzPatrick, a hardware security researcher and trainer.

“That could be your laptop or it could be your docking station or anything else.”

In recent years, Intel has added a couple of security features that are designed to protect against some of the weaknesses that Thunderspy exploits. The main addition is a feature called Security Levels that allows individuals to explicitly trust only specific Thunderbolt devices, but Ruytenberg is able to modify the firmware of the Thunderbolt-controlling chip in order to bypass that feature and allow other devices. Thunderbolt devices by design have direct memory access (DMA), giving them the ability to read and write system memory outside of the control of the operating system. This is a powerful function, and attackers have been able to exploit it in the past to steal data through Thunderbolt peripherals, so to defend against those attacks, Intel last year introduced a function called Kernel DMA Protection that restricts Thunderbolt devices to specific memory ranges.

“They need to change the silicon to only run signed code and that’s not a simple thing."

That feature mitigates some of the vulnerabilities that Ruytenberg’s attack exploits, but not all of them, and it is only available on a small number of computers from 2019 forward. Other researchers have uncovered similar issues with Thunderbolt in the past, including the Thunderclap bugs disclosed in 2019.

“In an evil maid threat model and varying Security Levels, we demonstrate the ability to create arbitrary Thunderbolt device identities, clone user-authorized Thunderbolt devices, and finally obtain PCIe connectivity to perform DMA attacks. In addition, we show unauthenticated overriding of Security Level configurations, including the ability to disable Thunderbolt security entirely, and restoring Thunderbolt connectivity if the system is restricted to exclusively passing through USB and/or DisplayPort. We conclude with demonstrating the ability to permanently disable Thunderbolt security and block all future firmware updates,” the attack description says.

In order to fully address the core problems with the Thunderbolt security model, Intel would need to make changes to the chips themselves, an expensive and time-consuming process.

“They need to change the silicon to only run signed code and that’s not a simple thing. They’d have to develop it, manufacture new chips, test them, and then ship them. That could be years,” said FitzPatrick.

For owners of computers running affected chips, the most effective workarounds are to enable the Kernel DMA protection if it’s available and to only connect trusted Thunderbolt peripherals.

Intel said in a statement that machines with Kernel DMA Protection enabled are safe from this type of attack.

"This attack could not be successfully demonstrated on systems with Kernel DMA protection enabled. As always, we encourage everyone to follow good security practices, including preventing unauthorized physical access to computers," the company said.