Last month, Microsoft finally shed some light as to why the Surface lineup is yet to include Thunderbolt ports. While the latest models have shipped with USB-Type-C, the manufacturer seems to be against its inclusion. It appears that this versatile interface is apparently plagued by a security flaw that can put the user's computer at risk. This vulnerability called Thunderspy was finally in the headlines earlier this week after Björn Ruytenberg – a student of the Eindhoven University of Technology in the Netherlands – publicly reported his findings.
In a worst-case scenario, a hacker can take advantage of the direct access memory port to browse all the contents of the device without restrictions. This allegedly affects computers with Thunderbolt ports running on Windows, Linux, and macOS. Practically all modern, hardware that ship with the interface is potentially at risk. Moreover, it does not matter if the system is password-protected, locked, or even encrypted because it can be bypassed in a couple of minutes.
Alarming as it sounds, there is a caveat that should keep user's data safe from those who have ill intentions. According to Ruytenberg, the attack requires physical access to the computer in question and some technical know-how. However, once it has been initiated, everything is exposed. What this implies is that stolen units are vulnerable to the Thunderspy exploit. Independent notes that tech pundits refer to this type of scenario as an "evil maid attack."
To help users identify if their systems are at risk, they must check if any of the ports that resemble a USB-Type-C has a lightning symbol. If there are none, the unit is likely safe from unwanted access through the Thunderspy method. Meanwhile, those that have Thunderbolt ports but were bought after 2019 can check if Kernel DMA Protection is available via the Startup menu.
Unlike Windows and Linux-based computers, experts claim that the recent security updates from Apple should mitigate Thunderspy attacks on devices with macOS. While the exploit will technically work, access will be limited with certain safeguards in place. It remains to be seen if hardware manufacturers and developers will come up with a fix later on.