News

Thunderclap attack allows access to system memory via Thunderbolt

By admin
Spread the love

Security researchers have found vulnerabilities in systems with Thunderbolt ports running Windows, macOS, Linux, and FreeBSD. The vulnerabilities allow access to system memory via peripheral devices.

Malicious individuals can connect specially crafted peripherals via Thunderbolt to perform a series of direct memory access or DMA attacks to extract sensitive data from memory. They can also arbitrarily execute code through vulnerable systems. The vulnerabilities can be exploited with Thunderbolt 3, which often works via USB-C, and older versions of the standard, which functions via mini-displayport. Apple, among others, has been equipping its Mac systems with the interface since 2011, but more and more other computers are also being supplied with Thunderbolt connections.

The Thunderclap vulnerabilities can also be exploited via peripherals that are otherwise connected via pci-e, such as internal video cards, but physical connection is easier to realize with Thunderbolt devices, increasing the threat of this. The nature of the vulnerabilities lies in the direct DMA access of peripherals via Thunderbolt or PCI-e, whereby OS security can be circumvented.

There is protection against too wide access to memory via peripherals, via input-output memory management units or iommus. However, according to the researchers, this protection is disabled by default on Linux and FreeBSD due to its performance impact, and support is limited on Windows 10 Enterprise.

For Windows 10 from version 1803, Microsoft has added support, previous versions require a firmware update from the manufacturer. For Linux, Intel has released a patch and Apple has disabled root access via network cards with the vulnerabilities in macOS 10.12.4 and later versions.

The researchers from the University of Cambridge, Rice University and SRI International have created an open source platform to facilitate research and enable parties to determine the risk associated with products. The Thunderclap platform consists of an fpga that runs the Thunderclap application and connects to the system via Thunderbolt or PCI-e. The application pretends to be an Ethernet card.

You might also like
News

Apple has been working on its own search engine for years. It’s called…

News

Rumor: Apple is working on its own applications based on a large language model

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Microsoft and Activision Blizzard postpone acquisition deadline until October

News

Citrix warns of critical vulnerability in NetScaler ADC and Gateway