Devices offering support to Thunderbolt peripheral and charging connectors are vulnerable to hacking, according to newly published research.
Thunderbolt is a peripheral standard developed by Apple Inc. and Intel Corp. that was first seen on Apple computers with Thunderbolt 1 and 2 and then later in other devices through Thunderbolt 3, which is compatible with USB-C ports.
Detailed by security researchers from the University of Cambridge and Rice University at the NDSS 2019 security conference this week, the “Thunderclap” vulnerabilities relate to how devices running Windows, macOS, Linux and FreeBSD connect and interact with a Thunderbolt connection.
The vulnerabilities exploit the way operating systems automatically give access to a plugged-in Thunderbolt peripheral, granting it access to the memory of the device. With this access, hackers can create malicious peripherals that can run malware and other software on a computer without any restrictions.
“These vulnerabilities allow an attacker with physical access to a Thunderbolt port to compromise a target machine in a matter of seconds, running arbitrary code at the highest privilege level and potentially gaining access to passwords, banking logins, encryption keys, private files, browsing and other data,” the researchers explain.
Some attempts have been made by vendors to mitigate the risks against Thunderbolt-based attacks using Input-Output Memory Management, but the researchers noted that can be bypassed.
In some cases, such as with Windows 7 and 10, IOMMU is disabled by default. In other systems, the operating system leaves user data outside of IOMMU protection, leaving it as susceptible to a Thunderclap attack as if IOMMU were not implemented at all.
The researchers noted that they discovered Thunderclap in 2016 and had been advising operating-system makers since then in an attempt to have the issued addressed but only with limited success.
Windows 10 since version 1803, shipping in 2018, enabled support for the IOMMU for Thunderbolt devices but requires users to run the update. Apple starting with macOS 10.12.4 is said to have addressed some of the issues but that OS is still susceptible to a Thunderclap attack.
The Thunderclap vulnerabilities are known to exist on all Apple laptops and desktops produced since 2011 except the 12-inch MacBook and various laptops and desktops designed to run Windows or Linux produced since 2016, which support Thunderbolt interfacing.
The researchers concluded that the best way for users to protect themselves from a Thunderclap attack is to avoid interfacing with dubious Thunderbolt connections.
“Protect yourself by not leaving your computer unattended in public and not using public USB-C charging stations,” the researchers advise. “Be wary of connecting an unknown device to the Thunderbolt port of your machine, even chargers and projectors that may seem harmless.”
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.