If you thought your data was secured on a Mac that is locked and encrypted, then think again. Alarming new vulnerabilities have been discovered in Thunderbolt ports that can be used by an attacker to gain access to data stored on a locked Mac.
A total of 7 vulnerabilities have been found in Macs shipped between 2011 all the way to 2020. They affect all varieties of Thunderbolt ports including the USB-C ports found on modern machines.
What makes these vulnerabilities even more alarming according to the researcher who discovered them is the fact that there’s no way to tell if a machine has been compromised. A Mac running Bootcamp is fully vulnerable to the attacks through these exploits while a system running macOS is partly affected.
The thunderbolt security flaws were found by security researcher Björn Ruytenberg according to whom they can be exploited in 7 different ways.
- Inadequate firmware verification schemes
- Weak device authentication scheme
- Use of unauthenticated device metadata
- Downgrade attack using backwards compatibility
- Use of unauthenticated controller configurations
- SPI flash interface deficiencies
- No Thunderbolt security on Boot Camp
He has shared details about these vulnerability methods on his research paper that you can read here.
Both Apple and Intel have been informed about the vulnerabilities however there’s little they can do about fixing them as they are found in the hardware. Even if it wanted to Apple could not just fix these security flaws via a software update.