Thunderbolt Vulnerability

This is a bit technical, so I will try to explain it in simple language that most people can understand, and if you want to read the technical detail I will post a link to the research at the end of this blog post.

A lot of PC’s and Laptops (Windows, Mac’s and Linux based machines) support the Thunderbolt protocol, normally as part of a USB Type-C port. This is a rectangular port on the side of your machine with rounded edges, and in all likelihood is where you plug in a docking station, your power adaptor or a video monitor (see the headline picture for an example). Most people don’t know the Thunderbolt capability is there, and if they do they probably don’t know what it is.

A vulnerability has been discovered that exploits a Direct Memory Access (DMA) bug whereby if a device is plugged into this port with malicious code on it, it can exploit the vulnerability and steal information that is currently in memory and/or implant malware into your PC. This could be names, addresses, password, encryption keys – anything in memory at the time. This does require physical access to the machine, so probably not an issue for home users. However, for enterprises this is more of an issue.

The research pointed out that this vulnerability has been patched using the IOMMU (Input–Output Memory Management Unit), but in all but MacOS has not been enabled. I am guessing this will change as a result of this disclosure.

The general advice is that if you don’t need this function, then it is often possible to turn it off in your BIOS. However, for most people a simple awareness of what you are plugging into your PC is sufficient. You should also not leave your PC unattended and especially not switched on (not a possibility in most company environments though).

As a general warning, you should always be wary of plugging in any USB device that you don’t know the origins of. This will normally be a USB Pen Drive, but could easily be a USB based fan or printer. It is generally known that USB Type A/B are vulnerable to malware infected USB devices. As Thunderbolt enabled USB Type-C ports become more widespread, this will become more of an issue on unsupported/unpatched devices.

If you want the full technical detail, you can read the research paper here, and an article over at Bleeping Computer here.


Headline image provided by ShutterStock

Comments are closed.

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: