Thunderspy: can Apple fix this?

Apparently a student found several vulnerabilities in Thunderbolt:

Can Apple fix this? (In the 16" MBP 2019)

(the article mentions that specific hardware is required for the proposed fix)

That article reads as very sensationalist news.

A few key things to remember.

This is an attack based on physical access to your computer. This should be restricted anyway.

A low level attack such as this is exploiting the interface between the thunderbolt firmware and the kernel.

All modern macs come with the T2 security chip, which is in these computers to help mitigate attacks such as this.

Even if the recommendation of the vulnerability detectors are a hardware level change, that does not rule out the use of software mitigation’s or solutions, which are much easier to implement when controlling the whole stack, as apple does.

The long and the short of it is, these kind of problems happen every day and it will be fine.


Here is a quote from the article that proof that this is nothing we have to panic about:

“ All the attacker needs is five minutes alone with the computer, a screwdriver, and some easily portable hardgware. “

When given physical access to any computer with enough time and skills it’s game over…


Intel’s reply seems to suggest that it can be solved in software (and Apple already did)?

Unfortunately I cannot run the test tool, as it is blocked as malware by my company…

1 Like

But I also see this:

Five minutes alone with a computer and gravity can result in data loss. :slight_smile:


A cat using gravity gets to the same results in less than five minutes :grin:


"Computers running Apple’s MacOS are unaffected."

1 Like

They talk about bypassing encryption - I would like to think that FileVault wouldn’t be breakable via a Thunderbolt exploit though … ?

My Assumption when they are talking about encryption, in this instance is not the disk encryption of the machine is question, but the data flowing through the port.

That what I was thinking too…which would mean that even under Windows, just turning on BitLocker would frustrate their efforts.

And…I mean…if they have 5 minutes with a standard Windows laptop and a screwdriver, they could just steal the hard drive and take it back to their thieves’ den where they could work on it in peace. :slight_smile:

Some attacks like this give access to the system’s RAM. On Macs that don’t have T2 processors, the FileVault keys are held in RAM while the disk/SSD is unlocked, so there’s a possibility that they could be recovered and the disk/SSD accessed.

I’m not saying that this attack can be used to access RAM, but that’s a mechanism that can be used to bypass FileVault on some Macs. It’s one of the reasons that I like how Apple has mated the T2 with the internal storage: the cryptographic keys are never exposed to the system.