Monday, March 4th 2019

New "Thunderclap" Vulnerability Threatens to Infect Your PC Over Thunderbolt Peripherals

A new security vulnerability named "Thunderclap" severely compromises security of computers with USB type-C Thunderbolt ports, or machines with Thunderbolt 3 (40 Gbps) ports. This would be pretty much every MacBook released in the past two years, Macs, and PCs with certain aftermarket Thunderbolt 3 adapters. Chronicled in a paper by the Department of Computer Science and Technology at the University of Cambridge, Rice University and SRI International, is a method for Thunderbolt devices to bypass the host machine's IOMMU (I/O memory management unit), and read its main memory over DMA.

An IOMMU translates address-spaces between devices and main memory, and hence protects your memory's contents being read by just about any device. The group has detailed possible ways to mitigate this vulnerability, and forwarded these mitigations to Apple, Intel, and Microsoft. For now no public mitigation exists other than disabling the Thunderbolt controller of your machine in your motherboard's UEFI setup program.
Source: Tom's Hardware
Add your own comment

14 Comments on New "Thunderclap" Vulnerability Threatens to Infect Your PC Over Thunderbolt Peripherals

#1
TheLostSwede
News Editor
Device access = p0wned

This is really quite silly, as it's being blown out of proportion. Yes, be careful what you plug in, there are rouge devices, but this isn't nearly as bad as it's hyped up to be.
Posted on Reply
#2
ArbitraryAffection
TheLostSwedeDevice access = p0wned

This is really quite silly, as it's being blown out of proportion. Yes, be careful what you plug in, there are rouge devices, but this isn't nearly as bad as it's hyped up to be.
Sure if a criminal has physical access to your PC you have bigger problems than worrying about thunderbolt lol. Thing is I would worry this could be abused in institutions or places with public computers (Schools, colleges etc). Those places usually have a lot of Macs.
Posted on Reply
#3
Brusfantomet
Was there not a similar exploit for firewire some years ago?
External interfaces with direct memory access is always trouble (but facilitates faster transfer)
Posted on Reply
#4
TheLostSwede
News Editor
ArbitraryAffectionSure if a criminal has physical access to your PC you have bigger problems than worrying about thunderbolt lol. Thing is I would worry this could be abused in institutions or places with public computers (Schools, colleges etc). Those places usually have a lot of Macs.
The issue in this case is that the are already done rouge devices on sale. I saw a comment elsewhere that someone had bought a rouge device from some no-name Chinese company and it injected some malware on its host system. This then tried to access some server online, which fortunately was blocked by the company firewall.

That's the real concern with this.
Posted on Reply
#5
R00kie
i like the naming scheme ( ͡° ͜ʖ ͡°)
Posted on Reply
#6
Easy Rhino
Linux Advocate
Interesting find but I am not seeing this as a legit attack vector. Even if it can read the computer's memory once plugged in there is no way to exploit it unless the owner of the computer is using it right then and is deaf, dumb, and blind. I mean, how many hackers do you know come right up to you while you are using your computer and ask if they can plug in their external device to your machine. They promise nothing bad will happen!
Posted on Reply
#7
R-T-B
TheLostSwedeDevice access = p0wned

This is really quite silly, as it's being blown out of proportion. Yes, be careful what you plug in, there are rouge devices, but this isn't nearly as bad as it's hyped up to be.
If you agree to plug in an R-T-B provided USB stick, odds are I can "pwn" your PC too.

Physical access and mailed materials. Be careful what you plug in. This isn't new.
Posted on Reply
#8
trparky
The only truly safe computer is one that's been encased in six feet of concrete and dumped into the Marianas Trench.

Again, if you have local access to a device then that device is as good as p0wned.
Posted on Reply
#10
FordGT90Concept
"I go fast!1!11!1!"
Not news. This vulnerability was known about since 2011. Solution is simple: don't let any untrusted Thunderbolt devices anywhere close to a computer.
Posted on Reply
#11
eidairaman1
The Exiled Airman
FordGT90ConceptNot news. This vulnerability was known about since 2011. Solution is simple: don't let any untrusted Thunderbolt devices anywhere close to a computer.
Buy official thunderbolt devices, or dont use thunderbolt at all...
Posted on Reply
#12
FordGT90Concept
"I go fast!1!11!1!"
Corporations are going to have to blanket ban the use of USB4 sticks because of the threat they pose to the machines. Hell, can anyone even trust any USB4 device? Every controller included in every implementation of the standard could be a DMA spying device. There's going to have to be a security certification process that the chips won't step out of the bounds of what they're expected to do by implementers and consumers alike.

The risk USB4 poses, thanks to Thunderbolt, far exceeds that of USB 3.2 and older.
Posted on Reply
Add your own comment
Dec 23rd, 2024 02:41 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts