Thunderbolt Vulnerability Could Allow Hackers Access

March 29, 2019

Written by wukovits

A new vulnerability was revealed to the world at the 2019 NDSS security conference. It’s a grim one with the potential to impact FreeBSD, Linux, Windows and Mac systems worldwide.

Dubbed ‘Thunderclap,’ the flaw can be exploited to impact the way that Thunderbolt-based peripherals connect and interact with a target system.

If you’re not familiar with Thunderbolt, it’s a hardware interface jointly designed by Intel and Apple that allows users to connect peripherals like chargers, keyboards, video projectors (and the like) to computers.  The interface was originally available only in the Apple ecosystem, but subsequent generations of Thunderbolt expanded its reach.  These days, Thunderbolt has hooks in every major OS in use today.

At a high level, Thunderclap is nothing more than a union of various security flaws found in the interface.  The main flaw stems from the fact that OS’s tend to implicitly trust any newly connected device, granting it access to all system memory.  A hacker attacking a system using this exploit can even bypass a system’s IOMMU (Input-Output Memory Management Unit), which is specifically designed to counter such threats.

Research conducted jointly at the University of Cambridge, SRI International, and Rice University discovered Thunderclap in late 2016. They have been quietly sounding the alarm since.  Unfortunately, the companies that design and sell operating systems have been slow to act, in a classic case of passing the buck.  The most common reason for failing to act is that the OS vendors say the responsibility lies on the peripheral side and vice versa.

The issue is finally getting the attention it deserves, but to date, none of the OS development companies have published a timeframe for when they’ll be issuing a patch to cover the security flaw.  Until that happens, the best thing you can do is to disable Thunderbolt ports via your system’s BIOS.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

New Graphene Technology May Increase Hard Drive Storage

HDDs are old, well understood technology. They haven't changed much in recent years. In fact, increasingly, people are writing them off, preferring SSDs for their greater speed and smaller size, even though HDDs are less expensive. The clever folks at the University...

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Email Unsubscribe Scam Can Easily Fool Any User

Scammers are increasingly relying on a tried and true bit of social engineering to fool unsuspecting users into unwittingly signing up to receive a flood of additional spam email. They accomplish this by blasting out an email asking recipients if they wish to...

Send us a message

Your message was sent.