Security researcher Björn Ruytenberg found [PDF] seven vulnerabilities in Intel Thunderbolt chips. Critically, an attacker needs physical access to the machine, otherwise known as an evil maid attack, though it only takes roughly five minutes to perform.
Here are the vulnerabilities:
- Inadequate firmware verification schemes.
- Weak device authentication scheme.
- Use of unauthenticated device metadata.
- Backwards compatibility.
- Use of unauthenticated controller configurations.
- SPI flash interface deficiencies.
- No Thunderbolt security on Boot Camp.
Mr. Ruytenberg uploaded a video showing how an attack is performed:
By itself, macOS is partially affected by numbers 2 and 3. However, when a user runs Windows or Linux in Boot Camp, then it becomes affected by all except 5 and 6. Since these vulnerabilities are found in the physical chips, there is no way to fix them with a software update.
Apple and Intel are both aware of this, and Intel says it’s not new and was mitigated with Kernel Direct Memory Access (DMA).