If you have a computer with Thunderbolt ports, you may be at risk of a serious firmware flaw known as “Thunderspy.” The vulnerability, which was discovered by security researcher Björn Ruytenberg, affects all Thunderbolt ports and USB-C or DisplayPort ports that support Thunderbolt cables. It gives a hacker full access to everything on your computer, even if it’s stored on encrypted hardware. Not only can someone steal all your data in a manner of minutes—an executed Thunderspy attack is also untraceable. You’d never even know the hack took place.
It’s a serious vulnerability, but it’s only exploitable if the attacker has physical access to your machine and enough time to open it up and carry out the attack. While that might sound difficult to pull off, Ruytenberg and other researchers have detailed nine real-world scenarios in which a hacker could easily conduct a Thunderspy attack in under 5 minutes—including the “evil maid” method, in which someone breaks into a hotel room and applies Thunderspy while the computer’s owner is elsewhere.
Some hardware is safe from Thunderspy, however.
MacOS computers are safe as long as they don’t have Windows or Linux installed via Bootcamp, as are Windows PCs that lack Thunderbolt support. There’s also a small selection of recent computers that are equipped with a specific security system from Intel known as Kernel Direct Memory Access Protection (Kernel DMA) that will prevent Thunderspy attacks. You can read more about Kernel DMA here.
Unfortunately, Kernel DMA was only introduced in 2019, which means the majority of computers with Thunderbolt-compliant USB and DisplayPort plugs are at risk.
Concerned users can check if their machine is vulnerable using a free, open-source diagnostic app, which can immediately inform you if you are at risk.
- Download Spycheck here (available for Windows and Linux).
- Unzip the file.
- Find and run the “Spycheck” application in the unzipped folder.
- Select your language (defaults to English), then click “Next.”
- Click “Accept” to agree to the Spycheck license agreement.
- Select your PC’s port configuration from the options listed. Click “Next” to run the check.
- The next screen will display the test results.
- Click “Exit” to close the app.
If Spycheck says you’re at risk, you need to make sure you’re keeping your hardware safe—both digitally and physically.
While it’s unlikely that average users are going to be directly targeted, you should still be practicing data security while out in public. A lot of it is pretty basic:
- Watch your belongings and never them unattended.
- Never let strangers use your devices.
- If you decided to let someone you trust briefly borrow your devices, make sure to create a guest profile for them to use instead of your main account.
- And lastly, if you’re giving away or selling your old hardware, make sure you wipe any data stored on it by performing a factory