A series of vulnerabilities in Thunderbolt 2 and 3, collectively called ‘Tunderspy,’ can leave your Mac open to hacking.
Security researcher Björn Ruytenberg with the Eindhoven University of Technology recently published a report detailing a series of serious security vulnerabilities in Thunderbolt 2 and Thunderbolt 3, collectively called “Thunderspy.”
They affect every single computer with a Thunderbolt 2 or Thunderbolt 3 port, including old-style port connectors and new Type-C connectors, whether the computers are running Windows, Linux, or macOS.
How badly does this security flaw impact Mac users? Should you freak out about someone hacking into your MacBook the next time you get up from your desk to refill your coffee?
Ruytenberg describes seven vulnerabilities in his paper. They are as follows.
Inadequate firmware verification schemes.
Weak device authentication scheme.
Use of unauthenticated device metadata.
Backwards compatibility.
Use of unauthenticated controller configurations.
SPI flash interface deficiencies.
No Thunderbolt security on Boot Camp.
It’s beyond the scope of this article to get into exactly what each of these mean and how they can be exploited to breach systems with Thunderbolt ports.
Just know this: Macs are only susceptible to vulnerabilities 2 and 3 when running macOS, and even then only partially so. Running Windows or Linux on your Mac using Boot Camp makes you vulnerable to all of them.
The good news is that it would not necessarily be easy for a hacker to break into your Mac with these exploits. They have to have physical access to your computer and a prepared Thunderbolt hacking device.
These sorts of vulnerabilities are often called “evil maid” threats.
