In February 2019 researchers from the University of Cambridge in the United Kingdom, Rice University in Texas, and SRI International* published details and a proof of concept exploit they called "Thunderclap."
They demonstrate a direct memory access (DMA) vulnerability affecting Thunderbolt™, USB, and other peripheral devices. Using an FPGA-based hardware platform, the researchers demonstrated how a malicious peripheral device could access secret data and change system behavior on systems with USB or Thunderbolt interfaces.
As the researchers note in their whitepaper, major operating systems (OSes), including Windows* (Windows® 10 1803 RS4 and later), Linux* (kernel 5.x and later), and MacOS* (MacOS 10.12.4 and later), have already released mitigations for DMA attacks. The researchers did not demonstrate successful DMA attacks against systems with these mitigations enabled.
After careful assessment, Intel determined that this vulnerability is mitigated on most up-to-date systems that include kernel DMA protection, and by following good security practices, including the use of only trusted peripherals and preventing unauthorized physical access to computers.
For additional resources on Thunderclap, refer to the Microsoft* blog on DMA protection for Thunderbolt technology. Existing security options for the Thunderbolt interface also allow you to whitelist trusted Thunderbolt devices to help protect your systems from malicious peripherals.
Intel will continue to improve the security of Thunderbolt technology as part of our Security First pledge.
Software Security Guidance Home | Advisory Guidance | Technical Documentation | Best Practices | Resources