The vulnerability applies to all DMA-capable devices (ie Thunderbolt, PCIe, wifi and NVMe chips on mobiles, on-chip peripherals like mobile basebands). Thunderbolt 3 makes drive-by attacks easier, but in principle the attack could be carried out from any DMA device (subject to practical limitations like reverse engineering of firmware). Our earlier attacks were done with PCIe and Thunderbolt 2.