Vulnerabilities expose Thunderbolt ports

Experts demonstrated an attack technique to compromise a computer through hardware connections

A team of researchers developed a Field-Programmable Gate Array (FPGA) to demonstrate an attack in which a hacker could take control of a computer by exploiting a number of vulnerabilities on the Thunderbolt port, reported experts in network security and ethical hacking from the International Institute of Cyber Security.

It is noteworthy that Thunderbolt, developed by Intel, is the most advanced interconnect peripheral equipment port available. It is a technological implementation of input/output that has great transfer capacity and speed.

This port is available on modern computing equipment via USB-C ports or earlier Display Port versions. Thunderbolt grants access to low-level memory with much higher privilege levels than traditional USB peripherals.

Thunderclap, the set of vulnerabilities in this port, leaves the door open to cyberattacks against virtually any computer with Thunderbolt input/output ports using specially designed peripherals, mention experts in network security.

“A hacker could get unrestricted access to memory and take full control of the compromised device”, the network security experts mention. Attackers could get sensitive information from the victim, such as payment card details, browsing history, or multiple-platform access credentials.

According to experts, the main way to prevent any risk of cybersecurity is through the input/output memory management unit (IOMMU). This feature allows devices to access only the memory needed to perform their tasks, although this mitigation generates negative effects on the computer’s performance.

Microsoft released the relevant updates for Thunderbolt 3 on Windows 10 version 1803 and later, although previous versions remain unprotected. On the other hand, Apple corrected this vulnerability from MacOS 10.12.4.

Systems such as Linux or FreeBDS have support for IOMMU, although it is not a default-enabled feature in many GNU distributions. The investigators said they were able to access the victim’s data traffic on FreeBSD and Linux systems using a fake network card.

There is still no complete fix for this vulnerability, so specialists recommended that users disable Thunderbolt in BIOS/UEFI. Another viable option to mitigate the risks is to be careful with the peripheral hardware that connects to the ports of our machines, because these vulnerabilities require physical access to the equipment for its exploitation.