But it’s worth looking back at why this took so long in the first place. Thunderbolt was a technology that nearly all of its big-name Windows OEMs had already embraced in their high-end laptops, making Microsoft’s refusal to support it was a bit quizzical. But last year, a popular Twitter leaker whose account has now been suspended shared the details of a presentation that claimed that Thunderbolt could be exploited directly
via a certain kind of memory stick. This unusual revelation—especially given that, yes, basically all of Microsoft’s partners offered Thunderbolt on their Intel laptops—seemed validated just a week or two later when a new type of attack that worked in a very similar way, called Thunderspy
, emerged from the security community.
In some ways, the nature of the exploit represented something out of spy novels: “All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop,” researcher Björn Ruytenberg said of the attack.
Just one problem: For 99.99 percent of people, this kind of attack is purely theoretical. It cannot be scaled, and it would take time to do. You couldn’t just start randomly sticking things into Thunderbolt ports and hoping you got a positive hit—the user would have to physically be separated from their laptop for a significant period of time, and the user would have to know the exploit was possible on the laptop. But the problem is that Microsoft and other companies make a lot of money off of the 0.01 percent of people who might be at risk of such an attack, those people being enterprise customers, especially in government or the corporate world.