Security researcher Björn Ruytenberg with the Eindhoven University of Technology recently published a report detailing a series of serious security vulnerabilities in Thunderbolt 2 and Thunderbolt 3, collectively called “Thunderspy.”
They affect every single computer with a Thunderbolt 2 or Thunderbolt 3 port, including old-style port connectors and new Type-C connectors, whether the computers are running Windows, Linux, or macOS.
Seven Thunderspy vulnerabilities
Ruytenberg describes seven vulnerabilities in his paper. They are as follows.
- Inadequate firmware verification schemes.
- Weak device authentication scheme.
- Use of unauthenticated device metadata.
- Backwards compatibility.
- Use of unauthenticated controller configurations.
- SPI flash interface deficiencies.
- No Thunderbolt security on Boot Camp.
Read more at MacWorld.com