Thunderbolt™ security research published by Eindhoven University - Thunderspy

Updated -

On 10 May 2020, researchers released a paper on weaknesses in the Thunderbolt version 3 protocol. This research discloses several issues in the Thunderbolt specification and related hardware implementations. Red Hat considers these Thunderbolt weaknesses an issue that hardware vendors need to address and customers are advised to contact them for additional information, as required. This does not impact Red Hat products. All vectors require physical access to the target machine, and either access to a trusted Thunderbolt device to clone, or the ability to physically open the machine and reprogram flash chips on the motherboard with malicious firmware.

This level of physical access, additional hardware, and skill requirement to exploit test weaknesses are not within the consideration of a viable attack vector due to the many simpler attacks that can be performed with equivalent access.

Additional Resources:


Intel insights