Thunderspy PoC demo 2: Permanently disabling all Thunderbolt security on a Windows PC

So what we have here is an Intel NUC, which was purchased in 2018. And as you can see, we’re entering the BIOS. Now, we’ll be going to the security settings. As you can see, the Thunderbolt Security Level is set to “Legacy Mode”, which essentially disables all Thunderbolt security. We haven’t changed anything, so we’re not going to save the settings. OK, so now I’m going to attach an arbitrary Thunderbolt device. And this will wake up the Thunderbolt controller. As you can see, it recognizes the device. So, we’re going to check the currently active Security Level. And as expected, it says “no security”, or SL0. Disconnecting the device. And rebooting the NUC into the BIOS. So now, we’re going to change the Security Level to the most secure setting which is “one time saved key” or SL2. This time we’re saving the changes.

02:56 - So we’re booting back into the BIOS to make sure that the Security Level is really set to “one time saved key”. And as you can see, this is the case. Booting back into Windows. Now we’re going to attach the Thunderbolt device again. Now, because we’ve set the Security Level to SL2, we should get a popup asking us to authorize the device. But as you can see, the device just connects immediately. So, let’s check the currently active Security Level. And as you see here, the Security Level is still SL0, meaning no security at all. So, this variant of the Thunderspy attack prevents the user from changing the Security Level. The effect of this attack is persistent. So, Thunderbolt security on this system has now been disabled forever. Thank you for watching. .