Thunderbolt Flaws Expose Millions of Computers to Hacks

Thunderbolt port

Millions of Computers and other devices worldwide use Thunderbolt to transfer data from one device to another. But this is not without risk. Research done at the University of Technology in Eindhoven (The Netherlands) shows that the technology has some flaws, which gives hackers access to people’s computers. Users’ data is no longer secure. The vulnerabilities affect all Thunderbolt-enabled PCs manufactured before 2019.


Thunderbolt was developed by Intel and Apple to quickly transfer data from one device to another. The technology is extremely popular and can be found on millions of computers, laptops, notebooks, and external hard drives all over the world. Almost every new laptop or desktop computer released after 2011 has one or more Thunderbolt-port. You can identify it by the lightning bolt icon.

Thunderbolt uses cryptography to protect data exchange. This makes sure that hackers can’t just break in to your computer without your permission. Björn Ruytenberg, a student doing his Masters at the TU Eindhoven, found out  that this is no longer true when he was doing research for his thesis. He said that he couldn’t find anything close to modern cryptography, and the few things that were there were easy to hack or work around.

Ruytenberg said that he found seven different security leaks in Thunderbolt’s design. To show this, he developed software named Thunderspy. This allows him to gain access to computers without having to install a virus or another form of malware. The student said that the only things that an attacker needs are five minutes of uninterrupted access, a screwdriver, and some easy to carry hardware. Once he’s in, all data can be read and copied, even when the hard drive is encrypted, the computer is locked, or is password prtected. Thunderspy does not leave any tracks, so the victim will never know that they’ve been hacked.

Intel’s Response

According to professor Tanja Lange and doctoral candidate Jacob Appelbaum, Ruytenberg’s thesis supervisors, Ruytenberg’s research is an important addition to existing knowledge of Thunderbolt. He has researched Thunderbolt’s security mechanisms and Intel’s attempts to stop unauthorized access to computer data. Vulnerabilities were exposed which endanger nearly every computer with a Thunderbolt-port running on Windows or Linux. The results of Ruytenberg’s research will be presented at BlackHat USA 2020, a renowned information security conference in the US, in August.

Ruytenberg’s findings have been presented to Intel, one of the developers of the Thunderbolt technology. The chip developer writes in a blog that they are aware of the vulnerabilities. But a software update can’t fix it. The only solution is a Kernel Direct Memory Access (DMA), a patch for the hardware. This has been available since 2019, so laptops and computers released since then don’t have the same vulnerabilities.

Disable Thunderbolt

In addition to Thunderspy, Ruytenberg also developed a tool that can check whether your laptop, computer, or external hard drive is exposed to hacks. This is called the Thunderbolt Controller Firmware Patcher. It will disable Tunderbolt security without needing access to the BIOS or the operating system. A SPIblock was developed by Ruytenberg to disable the Thunderbolt-security permanently so that you avoid future firmware updates. As a final tip the student said to never leave your laptop unattended, not even for five minutes.

Cybersecurity analyst
David is a cyber security analyst and one of the founders of Interested in the "digital identity" phenomenon, with special attention to the right to privacy and protection of personal data.