Suggestions on protecting your Thunderbolt devices
01
Thunderbolt vulnerabilities rely on a physical hack. Hackers usual pretend a fake "USB like" type-c cable, but it actually performs the Thunderbolt function to access the user's system. In order to defend against the attacks, it is better to stay away from dangerous cables.
Avoid plugging in any non-trusted USB-C cables
02
Thunderbolt supports daisy-chaining. You never know what devices are connected behind a single Thunderbolt cable. You should be aware of the other Thunderbolt devices, don't connect them if you have doubts.
Only connect your trusted Thunderbolt devices
03
You should always keep an eye on your Thunderbolt devices, do not giving a chance to the hacker to touch your computer is the most secure way. If you need to repair your Thunderbolt devices, only take them back to the official service providers.
Never let your computer being unwatched
04
Thunderspy vulnerabilities could easily hack the system in sleeping mode even if you have locked the screen. Powering off or hibernating the system would be safer.
Always shut down the computer
05
Ruythenberg has developed Spycheck software to scan your computer and verify whether the computer is being hacked. You can get it from thunderspy.io
Spycheck your computer if you think you are affected
In CES 2020, Intel announced Thunderbolt 4 and claims that the new version enhances security with VT-d based DMA protection.
"However, we would like to emphasise Kernel DMA Protection only partially mitigates Thunderspy". (Ruytenberg, 2021)