Thunderbolt, explains Ruytenberg, is a high-bandwidth interconnect promoted by Intel and included in laptops, desktops, and other systems. Being PCIe-based, Thunderbolt devices possess Direct Memory Access (DMA)-enabled I/O, he says. In an evil maid DMA attack, where adversaries obtain brief physical access to the victim system, Thunderbolt has been shown to be a viable entry point in stealing data from encrypted drives and reading and writing all of system memory, he adds. In response, Intel introduced Security Levels, a security architecture designed to enable users to authorize trusted Thunderbolt devices only and is said to provide “cryptographic authentication of connections” to prevent devices from spoofing user-authorized devices.