The bad news is that’s all they need, provided you’re using a Thunderbolt port released between 2011 and 2020 (since inception, in other words). Nothing else you do makes much difference:
“Thunderspy is stealth, meaning that you cannot find any traces of the attack. It does not require your involvement, i.e., there is no phishing link or malicious piece of hardware that the attacker tricks you into using. Thunderspy works even if you follow best security practices by locking or suspending your computer when leaving briefly, and if your system administrator has set up the device with Secure Boot, strong BIOS and operating system account passwords, and enabled full disk encryption.”
So er… what can you do? Well, make sure you’re not in trouble, for one. And, if you are, then you can a) choose to hope for the best and do what you can to mitigate the flaw or b) completely disable Thunderbolt ports on your machine. The latter… may not be the easiest course of action, since some machines only have Thunderbolt ports.
Get yourself checked
There are a couple of ways to check if you’re affected by the Thunderbolt vulnerability. The fine folks over at Thunderspy.io have developed two tools — one for Windows systems and one for Linux. Sadly, if you’re using an Apple Mac there’s no tool for you just yet.
For Windows: Download the SpyCheck for Windows file. It’s in a ZIP archive so you’ll need to extract it. It’s an installer so as long as you’ve installed software at some point in the last few years, you should be fine. If you haven’t… double-click the SpyCheck icon and follow the prompts. Running the software begins the check, which may involve the installation of new drivers, after which the software will give you a report of whether you’re affected.
For Linux: The method here is a little easier, except you’re already using Linux so everything is harder. Download the SpyCheck for Linux file. Then, open the command terminal and type “$ sudo python3 spycheck.py” — be aware that you need root privileges to do so. If you don’t know what that means, you shouldn’t be doing this. If you don’t have root access, remove the ‘sudo’ from the command. Spycheck will run and pop out a report for you. Save it to JSON with “-o FILE.json”.