[4] The Thunderspy security vulnerabilities were first publicly reported by Björn Ruytenberg of Eindhoven University of Technology in the Netherlands on 10 May 2020.

[9] Thunderspy is similar to Thunderclap,[10][11] another security vulnerability, reported in 2019, that also involves access to computer files through the Thunderbolt port.

[4] Additionally, part of Thunderspy, specifically the portion involving re-writing the firmware of the controller, requires the device to be in sleep,[4] or at least in some sort of powered-on state, to be effective.

[12][13] The researchers claim there is no easy software solution, and may only be mitigated by disabling the Thunderbolt port altogether.

[16] Using hibernation in place of sleep mode turns the device off, mitigating potential risks of attack on encrypted data.