7 Thunderbolt Security Flaws Can Compromise User Data On Locked And Encrypted Macs

MacBook Thunderbolt

MacBook Thunderbolt

If you thought your data was secured on a Mac that is locked and encrypted, then think again. Alarming new vulnerabilities have been discovered in Thunderbolt ports that can be used by an attacker to gain access to data stored on a locked Mac.

A total of 7 vulnerabilities have been found in Macs shipped between 2011 all the way to 2020. They affect all varieties of Thunderbolt ports including the USB-C ports found on modern machines.

What makes these vulnerabilities even more alarming according to the researcher who discovered them is the fact that there’s no way to tell if a machine has been compromised. A Mac running Bootcamp is fully vulnerable to the attacks through these exploits while a system running macOS is partly affected.

The thunderbolt security flaws were found by security researcher Björn Ruytenberg according to whom they can be exploited in 7 different ways.

  1. Inadequate firmware verification schemes
  2. Weak device authentication scheme
  3. Use of unauthenticated device metadata
  4. Downgrade attack using backwards compatibility
  5. Use of unauthenticated controller configurations
  6. SPI flash interface deficiencies
  7. No Thunderbolt security on Boot Camp

He has shared details about these vulnerability methods on his research paper that you can read here.

Both Apple and Intel have been informed about the vulnerabilities however there’s little they can do about fixing them as they are found in the hardware. Even if it wanted to Apple could not just fix these security flaws via a software update.

Also read: 10 Ways To Keep Data And Computer Secure (Work From Home Tips)

Disclosure: iOSHacker may receive a commission if you purchase products through our affiliate links. For more visit our privacy policy page.
Total
1
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Previous Article
Mac Automatic Sleep and Wake Time

10 Ways To Keep Data And Computer Secure (Work From Home Tips)

Next Article
iPhone 12 Concept

New Details About iPhone 12 Lineup's Specs And Pricing Revealed