Experts demonstrated an attack technique to compromise a computer through hardware connections
A team of researchers developed a
Field-Programmable Gate Array (FPGA) to demonstrate an attack in which a hacker
could take control of a computer by exploiting a number of vulnerabilities on
the Thunderbolt
port, reported experts in network
security and ethical hacking from the International Institute of Cyber
Security.
It is noteworthy that Thunderbolt, developed by
Intel, is the most advanced interconnect peripheral equipment port available.
It is a technological implementation of input/output that has great transfer
capacity and speed.
This port is available on modern computing
equipment via USB-C
ports or earlier Display Port versions. Thunderbolt grants access to low-level memory
with much higher privilege levels than traditional USB peripherals.
Thunderclap, the set of vulnerabilities in this
port, leaves the door open to cyberattacks against virtually any computer with
Thunderbolt input/output ports using specially designed peripherals, mention
experts in network security.
“A hacker could get unrestricted access to
memory and take full control of the compromised device”, the network security
experts mention. Attackers could get sensitive information from the victim,
such as payment card details, browsing history, or multiple-platform access
credentials.
According to experts, the main way to prevent
any risk of cybersecurity is through the input/output memory management unit (IOMMU).
This feature allows devices to access only the memory needed to perform their
tasks, although this mitigation generates negative effects on the computer’s
performance.
Microsoft released the relevant updates for
Thunderbolt 3 on Windows 10 version 1803 and later, although previous versions
remain unprotected. On the other hand, Apple corrected this vulnerability from
MacOS 10.12.4.
Systems such as Linux or FreeBDS have support
for IOMMU, although it is not a default-enabled feature in many GNU
distributions. The investigators said they were able to access the victim’s
data traffic on FreeBSD and Linux systems using a fake network card.
There is still no complete fix for this
vulnerability, so specialists recommended that users disable Thunderbolt in
BIOS/UEFI. Another viable option to mitigate the risks is to be careful with
the peripheral hardware that connects to the ports of our machines, because
these vulnerabilities require physical access to the equipment for its
exploitation.
