https://thunderspy.io/assets/reports/breaking-thunderbolt-security-bjorn-ruy... https://github.com/BjornRuytenberg/spycheck-linux Thunderspy targets devices with a Thunderbolt port... an attacker who gets brief physical access to it can read and copy all your data, even if your drive is encrypted and your computer is locked or set to sleep. Thunderbolt devices possess DMA-enabled I/O. In an evil maid DMA attack Thunderbolt has been shown to be a viable entry point in stealing data from encrypted drives and reading and writing all of system memory. In response, Intel introduced Security Levels. We present Thunderspy, a series of attacks that break all primary security claims for Thunderbolt 1, 2, and 3. Inadequate firmware verification schemes Weak device authentication scheme Use of unauthenticated device metadata Downgrade attack using backwards compatibility Use of unauthenticated controller configurations SPI flash interface deficiencies No Thunderbolt security on Boot Camp These vulnerabilities lead to nine practical exploitation scenarios. Cloning user-authorized device identities to arbitrary attacker devices Permanently disabling Thunderbolt security and future firmware updates All Thunderbolt-equipped systems shipped between 2011-2020 are vulnerable. The Thunderspy vulnerabilities cannot be fixed in software Avoid leaving your system unattended while powered on, even when screenlocked. Disable the Thunderbolt controller entirely in UEFI (BIOS). Stay tuned for Thunderspy 2: Judgment Day. Intel has stated they had been already aware of Thunderspy variants... Intel has not shared why they have chosen not to inform the general public. The author of Thunderspy would like to thank prof. dr. Tanja Lange and Jacob Appelbaum for supervising his MSc thesis, of which this work is part, at Eindhoven University of Technology, the Netherlands. Oops!... ClosedHW did it again! https://www.youtube.com/watch?v=oIkRKc8wX24