UPDATED 21:44 EDT / FEBRUARY 26 2019


Vulnerabilities leave devices supporting Thunderbolt open to hacking

Devices offering support to Thunderbolt peripheral and charging connectors are vulnerable to hacking, according to newly published research.

Thunderbolt is a peripheral standard developed by Apple Inc. and Intel Corp. that was first seen on Apple computers with Thunderbolt 1 and 2 and then later in other devices through Thunderbolt 3, which is compatible with USB-C ports.

Detailed by security researchers from the University of Cambridge and Rice University at the NDSS 2019 security conference this week, the “Thunderclap” vulnerabilities relate to how devices running Windows, macOS, Linux and FreeBSD connect and interact with a Thunderbolt connection.

The vulnerabilities exploit the way operating systems automatically give access to a plugged-in Thunderbolt peripheral, granting it access to the memory of the device. With this access, hackers can create malicious peripherals that can run malware and other software on a computer without any restrictions.

“These vulnerabilities allow an attacker with physical access to a Thunderbolt port to compromise a target machine in a matter of seconds, running arbitrary code at the highest privilege level and potentially gaining access to passwords, banking logins, encryption keys, private files, browsing and other data,” the researchers explain.

Some attempts have been made by vendors to mitigate the risks against Thunderbolt-based attacks using Input-Output Memory Management, but the researchers noted that can be bypassed.

In some cases, such as with Windows 7 and 10, IOMMU is disabled by default. In other systems, the operating system leaves user data outside of IOMMU protection, leaving it as susceptible to a Thunderclap attack as if IOMMU were not implemented at all.

The researchers noted that they discovered Thunderclap in 2016 and had been advising operating-system makers since then in an attempt to have the issued addressed but only with limited success.

Windows 10 since version 1803, shipping in 2018, enabled support for the IOMMU for Thunderbolt devices but requires users to run the update. Apple starting with macOS 10.12.4 is said to have addressed some of the issues but that OS is still susceptible to a Thunderclap attack.

The Thunderclap vulnerabilities are known to exist on all Apple laptops and desktops produced since 2011 except the 12-inch MacBook and various laptops and desktops designed to run Windows or Linux produced since 2016, which support Thunderbolt interfacing.

The researchers concluded that the best way for users to protect themselves from a Thunderclap attack is to avoid interfacing with dubious Thunderbolt connections.

“Protect yourself by not leaving your computer unattended in public and not using public USB-C charging stations,” the researchers advise. “Be wary of connecting an unknown device to the Thunderbolt port of your machine, even chargers and projectors that may seem harmless.”

Photo: Malcolm Koo/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy