The Thunderclap vulnerability uses Thunderbolt over USB-C connections, aka Thunderbolt 3, to bypass the Input-Output Memory Management Units (IOMMUs) that defend against Direct Memory Access (DMA) attacks. This in turn "allows attackers to extract private data (sniffing cleartext VPN traffic) and hijack kernel control flow (launching a root shell) in seconds," according to the research report. PCs that use the Thunderbolt interface and have ports for connecting devices using PCIe and USB-C are vulnerable.At the moment, there's no good mitigation method other than turning off the Thunderbolt interface in your UEFI settings. More details at Tom's Hardware.
"An essential insight is that, while IOMMUs allow peripheral devices to be constrained, the DMA interface between device drivers and peripherals is a porous and complex attack surface that malicious actors can manipulate to influence software behavior and trigger vulnerabilities," the report says.
Thunderclap vulnerability can infect your PC or Mac via Thunderbolt
Posted on Monday, March 04 2019 @ 10:42 CET by Thomas De MaesschalckWhen someone has physical access to your computer, all sorts of things can go wrong, but certain vulnerabilities can make it easier to infect your system. A joint collaboration between the Department of Computer Science and Technology at the University of Cambridge, Rice University and SRI International revealed that Thunderbolt has a "Thunderclap" vulnerability that can be used to compromise systems running Window, MacOS, Linux, and FreeBSD. The attack works over USB-C devices ranging from projectors to power adapters.
