This month’s Bug With An Impressive Name, or BWAIN for short, is Thunderspy.
As well as a cool name, Thunderspy also has its own logo, its own domain name, its own website and a “recorded live” video showing a Thunderspy attack in action.
There’s also a technical paper that’s detailed but nevertheless readable, by security researcher Björn Ruytenberg from Eindhoven University of Technology in The Netherlands.
As you’ve probably guessed, Thunderspy gets its name from Thunderbolt, a type of hardware interconnection system for plugging high-performance external devices into your computer.
You might wonder why Thunderbolt ever came along in a world that already has USB, Display Port, HDMI and other methods of connecting almost any peripheral to your computer that you might want, including microphones, webcams, headphones, screens, keyboards, mobile phones, scanners, printers, memory sticks and hard disks.
The answer, as with so many features in modern devices, is performance.
Thunderbolt doesn’t just let you plug devices into your computers so they can communicate with one another – it pretty much lets you hook up devices directly to the internal memory bus of the computer, as if you had taken the lid off your gaming desktop and plugged a PCI card directly into one of the slots on the motherboard.
Whatever you can do with USB (and these days, that is plenty) you can do even faster with Thunderbolt, all without needing to open up your computer and find a free bus slot – which also means you can use Thunderbolt on laptops that aren’t meant to be opened up and don’t have internal expansion slots anyway.
Interestingly, Thunderbolt was originally designed to use fibre optics to improve data throughput, and was known as Light Peak.
During development, however, it was adapted to run over regular copper wires, which meant that Thunderbolt ports could easily carry both data and power, making them more convenient for use in portable devices such as high-speed hard disks or video capture cards.
To avoid introducing yet another connector, the first two incarnations of Thunderbolt use Display Port connectors, while the latest Thunderbolt 3 connectors are the same as USB-C – those thin, round-ended USB cables that have identical, symmetrical connectors on each end and can therefore very conveniently be plugged in either way up and either way around.
The major difference between Thunderbolt and USB is that Thunderbolt ports support what’s called DMA, short for direct memory access, which means that a Thunderbolt device, if suitably configured and authorised, can read data straight out of system memory at blindingly fast speeds, without having to defer to the computer’s own processor or operating system.
Data can flow in the other direction too, so Thunderbolt devices, in theory at least, can poke blocks of data straight into system memory for the operating system to consume later on.
That’s immensely powerful, and gives astonishing data throughput results…
…but it comes with a security risk, namely that an untrusted device that was accepted by your computer might be able to bypass pretty much all the security enforced by your operating system.
Indeed, DMA has also been a boon to law enforcement over the years, right back to the risky old days when computers were electrically less resilient that they are now, and before Thunderbolt brought direct-to-RAM connectivity out to a small and convenient external port.
Forensic investigators who could get access to computers while the power was still on could plunge PCI cards right into a bus slots on live motherboards to grab data from the running system for subsequent analysis.
But in regular life, you don’t want just anyone to be able to sneakily plug a Thunderbolt cable into your laptop while your back is turned and quietly suck out the memory contents of all your running apps onto a storage device in their pocket.
As a result, Thunderbolt-equipped computers come with numerous hardware-level protections that let you limit the ease with which external devices can get access to the computer’s RAM.
Circumventing the checks
Ruytenberg describes in his paper, however, how an attacker with physical access to your computer could work around several of these hardware protections.
This means that even if you have set your Thunderbolt security to prevent unauthorised passers-by from plugging in memory-scraping hardware tools…
…then a crook might, admittedly with some difficulty and a few minutes of hard-to-disguise fiddling, be able to turn off the security settings and attack your computer via the Thunderbolt port anyway.
The attack shown in his video relies on a series of steps something like this:
- Wait for the victim’s laptop to go into sleep mode and then open it up with a screwdriver. (Fairly easy and under a minute’s work on some models.)
- Remove the back of the computer and find the flash chip (permanent storage) that contains the Thunderbolt firmware. (Not too difficult on many laptops.)
- Connect a piggy-back connector to the pins on the flash chip and read out its contents. (No desoldering required.)
- Put the laptop back together. (Not needed if you have plenty of time and won’t get spotted with the computer in pieces.)
- Take the firmware image away and, at your leisure, modify its internal data, for example so that it now trusts devices with different hardware identifiers, or so that it runs with its security controls at the most liberal level.
- Repeat the first four steps but this time write the modified firmware back to the Thunderbolt flash chip.
- Later on, at your lesisure, plug in a rogue Thunderbolt direct memory access device and profit.
In particular, Ruytenberg’s proof-of-concept video shows a rogue Thunderbolt device being used on a laptop that, when woken from sleep, was stuck (apparently safely) at the Windows lock screen.
The rogue hardware device, which would normally have been ignored by the computer thanks to the Thunderbolt hardware settings, was given direct access to system memory, at which point it implanted a rogue software driver directly into the Windows operating system kernel that skipped past the lockscreen without needing a the password.
Bingo, passwordless access to a locked computer!
What went wrong?
Interestingly, as Ruytenberg points out in his paper, this sort of attack really shouldn’t work, not least because the Thunderbolt system includes cryptographic protection that is supposed to stop unauthorised firmware from being accepted by the motherboard.
After tweaking the firmware in step 5 above, which invalidated its digital signature, Ruytenberg couldn’t re-authorise it because he would have needed a private signing key known only to Intel.
However, he found that the firmware certificates are apparently verified only when the firmware is updated via official means, e.g. via the computer’s BIOS.
The certificates aren’t re-validated every time the computer wakes up from sleep mode, or even every time it’s booted up, so that when the computer woke up with the Thunderbolt ports less secure than when it shut down, it didn’t notice.
Ruytenberg’s article also details numerous other related weaknesses that could allow unauthorised tampering with the Thunderbolt system.
What to do?
The Thunderspy name makes this situation sound pretty dramatic, but it’s important to remember that the attacks that Ruytenberg describes can’t be pulled off remotely, so phishing attacks and rogue websites can’t use them – unless a website could persuade you to open up your own laptop and hack it yourself.
Intel has written about this issue on its blog, and contacted us with the following comment:
This attack could not be successfully demonstrated on systems with Kernel DMA protection enabled. As always, we encourage everyone to follow good security practices, including preventing unauthorized physical access to computers.
Indeed, if you’re worried about how vulnerable you might be when coronavirus lockdown ends and you are back on the road with your laptop, there is one simple change you can make to your digital lifestyle: shut your computer down when you travel instead of just putting it into sleep mode.
It’s less convenient, to be sure, but it’s much more secure – and with a bit of effort, you should be able to get a modern laptop’s boot-up-from-cold time down to a few seconds rather than a few minutes.
After all, Ruytenberg’s lock screen bypass only makes sense if the hard disk decryption password has already been entered, the operating system is already running, and there is a lock screen to bypass in the first place.
Thunderspy or no Thunderspy, a powered-on computer that can be woken from sleep just by touching a key inevitably has its RAM chips packed full of juicy secrets.
Secrets in your laptop’s RAM can’t be read out, by fair means or foul, if they aren’t there in the first place.
Latest Naked Security podcast
Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.
11 comments on “Thunderspy – why turning your computer off is a cool idea!”
Very interesting, and a very good description of the inner workings of Thunderbolt without technical jargon … thank you! It would be interesting to know if systems using macOS / Apple hardware – especially with the T2 chip and/or Linux are also vulnerable. Or if it‘s a Win 10 specific vulnerability.
Thanks, glad you found the article useful!
The paper goes into details about which OSes are protected in what sort of way against which aspects of this issue. (Recent Windows 10, plus Linux and macOS, have some sort of protection against the sort of kernel driver injection shown in the video, where the lockscreen trickery happens.)
Received wisdom seems to be that Macs are OK in this case as long as they are running macOS only (no dual partition or non-Apple OS installed), perhaps because Apple only allows specific listed Thunderbolt devices to connect at all, based on some kind of Apple-curated allow list. But I don’t have a Mac handy for any experiments, I’m afraid.
Received wisdom also suugests that Microsoft isn’t putting Thunderbolt on its new Surfaces, thus sidesteppin the issue of managing it safely by not having it at all.
Anyone have more definitive answers than I do?
Yet another highly accessible article, nice!
Thank you for the clarification and for explaining stuff that I easily could have checked myself (lazy me :o))).
So it‘s something that can be fixed on the OS-level – that’s reassuring…
The various OS fixes to prevent kernel DMA do seem to depend on the model/age of laptop you have. I’ve updated the article to include a link to Intel’s blog article on this issue, which gives some information about where we are now, and where to next. Here’s the link again:
Maintaining physical control of your laptop seems like the easiest way to head off a Thunderspy attack, though. Correct?
Yes. Turn it off when not in use, and don’t leave it lying around unattended :-)
On a Windows machine, would someone would need to disable Fast Startup or hold down their shift key while shutting down in order to prevent this attack?
I *think* so, because “Fast Startup” just seems to be special case of sleep. In other words, when you wake the computer up, it reloads the Windows kernel from disk so you are effectively back in sleep mode but with all the apps closed and logged out. So you emerge from shutdown straight at the login screen rather than the lock screen.
There’s obviously a lot less on immediate offer (e.g. no active login, no open documents, no logged-in websites), but there is bound to be something that a DMA spying attack could look for. In particular, it seems that you wind up in a post-Bitlocker world, so a DMA attack would, in theory, have access to what’s on the disk at the point where the full disk encryption is tranparently stripped off during disk reads.
Easily fixable with a firmware update. Just check the thunderbolt controller firmware signature on boot and when waking.
Unless you’re involved in top security work, Thunderspy is not a serious threat, but losing your powered down MacBook without having disabled automatic login is.