Thunderbolt Flaw Exposes Modern Computers to Attacks

A new vulnerability that affects all the major operating systems allowing attackers to bypass the protective mechanism that defends DMA attacks has been discovered.

It was spotted by security experts from Rice University, the University of Cambridge and SRI International who explained in a paper that the flaw can be exploited through Thunderbolt – a hardware interface for connecting peripheral devices to a computer.

The paper also contains detailed technical information on the new vulnerability they had discovered using a software and hardware stack dubbed Thunderclap. This is an open source platform they had built to study the nature of computer peripherals in relation to operating systems with Thunderbolt parts. 

They noted that the USB-C and Thunderbolt 3 ports of Apple MacOS, Microsoft Windows, Linux, and FreeBSD computers were all found to be vulnerable.

This vulnerability was possible because Thunderbolt ports usually permit peripheral devices to directly read and write system memory, thereby bypassing the OS security policies.

This, an attacker could exploit by plugging in malware in the form of legitimate devices like mouse, printer, network or graphics card, and compromise a computer in a matter of seconds.

They also noted that peripheral devices that had been created with tools like Interception could do a whole lot of damage to the computer – from executing arbitrary codes, manipulating the contents of the memory, to controlling the PC remotely.

The experts also stated that since the advent of operating systems having USB-C ports, the attack has significantly increased which had been previously limited to Apple computers with Thunderbolt 3 ports.

They noted that all Apple computers manufactured since 2011 were vulnerable, with the exception of the 12-inch MacBook.

The experts have also reported their findings to all the operating systems vendors affected and noted that they had started shipping patches to fix the vulnerabilities.

While Apple addressed the specific network card vulnerability, Intel released patches to the Linux Kernel 5.0

Albeit not all patches could solve the flaw, users are advised to download and install the necessary updates. They observed that the best way to end the vulnerability completely was to disable the Thunderbolt ports on the computer.