According to Bj?rn Ruytenberg, a security researcher at the University of Science and Technology in Eindhoven, all PCs produced before 2019 could be hacked due to defects in the commonly used Thunderbolt port. This attack, known as Thunderbspy, can read and copy all data from the user’s PC, even if the PC is in sleep mode or locked. It also steals data from encrypted drives.
Thunderspy falls into the evil-maid attack category, which means that it requires physical access to the device to attack it, so it is less utilized than other attacks that can be performed remotely. But Thunderspy, on the other hand, is an stealth attack, and after a successful invasion, the criminals leave little trace of exploitation.
In fact, as early as February 2019, a group of security researchers discovered a Thunderspy-related intrusion event similar to Thunderspy. That same year, Intel released a security mechanism to prevent Thunderspy attacks, called Kernel Direct Memory Access Protection.
However, this mechanism was not implemented in an earlier configuration, which is why computers produced before 2019 are more vulnerable. But interestingly, when an Apple MacOS notebook starts to Bootcamp, all Thunderbolt security is disabled.
Ruytenberg points out that all Thunderbolt-equipped devices shipped between 2011 and 2020 are vulnerable. Devices that have been delivered since 2019 to provide kernel DMA protection are also somewhat vulnerable.
Thunderspy vulnerabilities cannot be fixed in the software, affecting future standards such as USB 4 and Thunderbolt 4, and will eventually require a chip redesign.