Thunderbolt, a new I/O interface, was introduced last week on the latest line of Macbook Pro portable computers. Physically, it uses a DisplayPort connector – and, if you like, it can be used as a simple DisplayPort interface to connect a monitor or projector to the computer. But it is also a successor to Firewire, capable of daisy-chaining up to five devices with a shared bus bandwidth of 10Gb/s.
It is also a successor to Firewire in that it is an unauthenticated peer-to-peer bus protocol (as distinct from a master-slave protocol like USB). This characteristic has been exploited in Firewire to forensically read the contents of RAM or attached disks from a live machine. While the details on Thunderbolt are rather sketchy right now, it’s easy to imagine that an adversary could rig a display device to surreptitiously harvest data from a client machine, while appearing to function normally.
Physical security is tricky to enforce. Most people are smart enough to avoid plugging a random USB drive or Ethernet cable into a machine that holds sensitive data – but they won’t think twice about using a projector in a classroom or at a conference. Thunderbolt adds a whole new class of peripherals into the “untrusted” group. Watching the professionals take a crack at this will be very interesting.