So, how many theoretical physical attacks are there?
This all boils down how feasible it is to re-write the Thunderbolt firmware (or more exactly, the NVRAM where the approved devices are listed) Apparently not too hard. And also obtaining a TB device that can be commanded to read or modify RAM.
1. What's to stop an attacker inserting data-stealing PCIe cards in office desktops or servers? Design the card as hot-pluggable and presto! Direct Memory Access. Alternatively PCIe M.2 cards can be used. Or hot-plug NVME slots. No need for the 're-write firmware' portion, unless the the PCIe/M.2 slots are disabled. Typically all slots are enabled at the factory.
2. Attach a data-stealing device between CPU and memory.
3. Attach a data-stealing device between CPU and PCIe, or any other bus with DMA.
4. Attach a keylogger into straight into USB traces on the mobo.
5. Monitor for "micro changes in air density" (Alien style) at the air intake to determine computer operation.
With advancing technology, any of those are becoming more and more feasible to do. Except the last one. Maybe.
Biting the hand that feeds IT
