New found thunderclap vulnerability allows hackers to use a Thunderbolt/USB-C peripheral attack PC-vulnerability warning-the black bar safety net

ID MYHACK58:62201992983
Type myhack58
Reporter 佚名
Modified 2019-03-01T00:00:00


Earlier by the Cambridge University computer science and Technology Department, Rice University, and Stanford Institute of International Studies a group of researchers announced a new vulnerability Thunderclap, affecting all major platforms, including MacOS and Windows. The vulnerability affects all use of the Thunderbolt interface of the device and allows a hacker by inserting the data cable to hack into the PC.

Related papers published in the San Diego, California, held of the network and distributed system security Symposium. It describes the macos, freebsd and linux, a set of vulnerabilities nominally utilizing iommus to protect against DMA attacks. The issue with the Thunderbolt enabled direct memory access, the existing IOMMU protection system is not properly prevent the problem.

According to the paper, most modern computers are affected by this problem, including through the USB-Type C port Thunderbolt 3 PC, via the Mini DisplayPort port offers an older version of Thunderbolt computer, since 2011 the production of all Apple laptops and desktops, but the 12-inch MacBook except. From 2016 since the production of the support for Thunderbolt on Windows or Linux laptops and some desktops are also affected.

In 2016, theoperating systemthe vendor on its platform to add a Thunderclap mitigation measures, but these measures are not 100%effective, the security vulnerability still affects the use of the IOMMU to protect the system. Although some platforms such as Windows 7 or even not equipped with an IOMMU, but in the otheroperating system, the IOMMU or the limited role of Windows 10 Enterprise Edition, or is disabled, and only enable the platform is macOS, but even so, the user is also unsafe, because the Thunderclap vulnerability can still bypass the IOMMU protection.

Currently protect against this vulnerability is the best way to ensure that you disable all of the Thunderbolt port, and does not share hardware, such as chargers, because they might be changed for the target device. Maintaining security best practices is to ensure that do not let the laptop unattended. Security personnel said that this attack in practice is very reasonable. Thunderbolt 3 ports on the power supply, and peripheral devices DMA combination helps to create a malicious charging station or monitor, these charging stations or the display function is normal, but at the same time the control connected to the machine.