An international team of scientists from rice University, Cambridge University and the research Institute SRI International has published a report which described a new method of attack that allows you to take control of your computer and get access to important data by connecting malicious devices that work via the Thunderbolt port.
The attack, called the Thunderclap, involves the use of a series of vulnerabilities that can be proekspluatirovat through the Thunderbolt interface designed to connect peripheral devices to the computer.
The vulnerabilities affect the vast majority of notebooks and computers produced by Apple since 2011. In addition, the affected laptops and desktops, which can be running Windows and Linux, but under two conditions: they must be relatively new (made no earlier than 2016) and to support Thunderbolt. Exploitation of vulnerabilities is also possible by means of devices connected via the PCI Express bus or the chips are soldered directly to the motherboard your computer’s.
According to experts, Thunderclap affects all versions of Thunderbolt: Thunderbolt 1, Thunderbolt 2 and 3 Thunderbolt. The problem is that the OS automatically trusts the device connected over this interface. Thus, the gadget is by default granted full access to system memory, which can store valuable information, like passwords, financial data, etc. furthermore, attackers can inject malicious code that will be executed with maximum privileges, allowing complete control over the computer.
Thunderclap attack can be prevented on Windows devices and some Linux systems where the access control mechanism is Thunderbolt, which gives warning when connecting devices, however, experts say, many users often ignore this notice. Besides, there is no warning if an attack is carried out through connection to PCI Express.
The researchers reported the vulnerabilities to operating systems even in 2016. Apple and Microsoft has partially fixed the problem with release updates for macOS (since version 10.12.4) and Windows (Windows 10). Intel engineers are preparing to release the appropriate patches for the Linux kernel. As seen in the table below, many vulnerabilities remain unpatched.
More information about the vulnerabilities available in the report researchers.
Read more •••