Seven severe Thunderbolt security flaws have recently been discovered affecting two variants of Mac systems, Thunderbolt equipped Mac’s and Type-C compatible thunderbolt equipped Mac’s. The severe security flaw allows an attacker to access data when the machine is locked and when the drive is encrypted. The flaws are present in all machines equipped with thunderbolt/type-c thunderbolt ports shipped between 2011 and 2020.
Björn Ruytenberg found seven vulnerabilities in Intel’s thunderbolt chips:
- Inadequate firmware verification schemes
- Weak device authentication scheme
- Use of unauthenticated device metadata
- Downgrade attack using backwards compatibility
- Use of unauthenticated controller configurations
- SPI flash interface deficiencies
- No Thunderbolt security on Boot Camp
There is no way to detect a machine that has been compromised. Apple is yet to comment on this security issue.
You can read the full summary here: https://thunderspy.io