Thunderclap vulnerability can infect your PC or Mac via Thunderbolt

Posted on Monday, March 04 2019 @ 10:42 CET by Thomas De Maesschalck
When someone has physical access to your computer, all sorts of things can go wrong, but certain vulnerabilities can make it easier to infect your system. A joint collaboration between the Department of Computer Science and Technology at the University of Cambridge, Rice University and SRI International revealed that Thunderbolt has a "Thunderclap" vulnerability that can be used to compromise systems running Window, MacOS, Linux, and FreeBSD. The attack works over USB-C devices ranging from projectors to power adapters.
The Thunderclap vulnerability uses Thunderbolt over USB-C connections, aka Thunderbolt 3, to bypass the Input-Output Memory Management Units (IOMMUs) that defend against Direct Memory Access (DMA) attacks. This in turn "allows attackers to extract private data (sniffing cleartext VPN traffic) and hijack kernel control flow (launching a root shell) in seconds," according to the research report. PCs that use the Thunderbolt interface and have ports for connecting devices using PCIe and USB-C are vulnerable.

"An essential insight is that, while IOMMUs allow peripheral devices to be constrained, the DMA interface between device drivers and peripherals is a porous and complex attack surface that malicious actors can manipulate to influence software behavior and trigger vulnerabilities," the report says.
At the moment, there's no good mitigation method other than turning off the Thunderbolt interface in your UEFI settings. More details at Tom's Hardware.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments