Thunderspy: Risk to Computers Without Thunderbolt Ports?

TL;DR

Computers *without* physical Thunderbolt ports are generally not directly vulnerable to the Thunderspy attack. However, there’s a small risk if your computer uses a Thunderbolt-enabled dock or adapter connected via another interface (like USB-C) that contains a malicious Thunderbolt chip. We’ll cover how to check and mitigate this.

Understanding the Risk

Thunderspy exploits vulnerabilities in the way Thunderbolt devices negotiate connections. It requires physical access to a Thunderbolt port to inject malicious firmware. If your computer doesn’t *have* a Thunderbolt port, an attacker can’t directly use Thunderspy against it.

Checking for Indirect Vulnerability

The risk comes from docks and adapters. These devices often contain Thunderbolt controllers even if your laptop only has USB-C ports. Here’s how to check:

1. Identify Your Docks/Adapters: List all the docks, hubs, or adapters you use with your computer, especially those connecting via USB-C.
2. Manufacturer Information: Find the manufacturer and model number of each dock/adapter. Look for this on the device itself, its packaging, or in your purchase history.
3. Check for Firmware Updates: Visit the manufacturer’s website and search for firmware updates specifically for your dock/adapter model.
   • Many manufacturers released updates to address Thunderspy vulnerabilities after it was discovered.
   • Apply any available firmware updates immediately.
4. Check the Device Manager (Windows): This can help identify Thunderbolt controllers even if they aren’t explicitly advertised.

   devmgmt.msc

   • Open Device Manager by typing this into the Windows search bar and pressing Enter.
   • Expand ‘Thunderbolt(TM) controller’. If you see entries here for docks/adapters, it confirms they contain a Thunderbolt chip.
5. Check System Information (macOS): macOS provides some information about connected devices.

   system_profiler SPThunderboltDataType

   • Open Terminal and run this command. It will list Thunderbolt devices, including those within docks/adapters.

Mitigation Steps

If you suspect a dock/adapter might be vulnerable (no recent firmware updates, unknown manufacturer), take these steps:

1. Stop Using the Device: The simplest solution is to temporarily stop using the potentially vulnerable dock/adapter.
2. Contact the Manufacturer: Reach out to the manufacturer for information about Thunderspy support and firmware updates.
3. Consider a Different Dock/Adapter: If the manufacturer doesn’t offer updates or isn’t responsive, replace the device with one from a reputable brand known for security updates.
4. BIOS Updates (Rare): In some cases, laptop manufacturers have released BIOS updates to improve Thunderbolt security. Check your laptop manufacturer’s website.
   • Be very careful when updating your BIOS – follow the instructions precisely! A failed update can brick your computer.

Important Considerations

• USB-C ≠ Thunderbolt: Just because a port is USB-C doesn’t mean it supports Thunderbolt. Many USB-C ports only support data and power delivery.
• Attack Complexity: While Thunderspy is serious, it requires physical access to the dock/adapter’s circuitry for direct exploitation. It’s not a remote attack.