Thunderclap exploit makes all modern computers vulnerable

Thunderclap exploit
Almost all computers are effected by Thunderclap and can be exploited via peripheral devices Credit: (CC)

A group of researchers from the University of Cambridge and Rice University have demonstrated using an exploit named Thunderclap, that all modern laptops and most desktops can be hacked.

Thunderclap vulnerabilities are security flaws that affect the way modern computers interact with peripheral devices like network cards, storage, and graphics cards, which uses Thunderbolt ports to connect to the laptop or desktop.

Thunderclap affects USB-C port supporting Thunderbolt

According to the researchers, attackers can elevate their priviledge to run malicious codes and steal passwords, bank logins, encryptions keys, private files and almost anything else on the computer.

The researchers created an open-source platform, Thunderclap, to the test the vulnerabilities by plugging into USB-C ports that support Thunderbolt interface, and found that computers running Windows, macOS, and several Linux distributions were affected.

The vulnerability in a USB port means innocuous-looking devices like chargers or even a simple USB cable.

Variation of DMA attack

MacBook USB-C Thunderbolt Thunderclap
Thunderclap exploit effect USB-C ports that supports Thunderbolt interface
Credit: / CC

The exploit is based on a well-known principle of Direct Memory Access (DMA) attacks. DMA-enabled devices have full access to the state of the computer and can read and write anything in the system memory. The Operating Systems (OS) like Windows, Linux distribution etc. protect against it by building support for Input-Output Memory management Units (IOMMUs).

However, the researchers found that the protections are not adequate when a peripheral is performing complex interactions, which can be used to hide malicious code executions.

Using Thunderclap, the researchers were able to extract private data by sniffing cleartext VPN traffic and also managed to hijack kernel control flow by launching a root shell.

The vulnerabilities were first discovered in 2016 and the researchers have been working with OS vendors since to remedy the exploit, however, the solutions are made complicated due to the adoption of hardware interconnects like Thunderbolt 3 that can combine several functions together, e.g. input, video, etc.

Essentially, the old age adage about not connecting unknown devices to your computer remains true even in this modern era, a sentiment summed up by the lead researcher, Theodore Markettos who stated, ” platforms remain insufficiently defended from malicious peripheral devices over Thunderbolt and users should not connect devices they do not know the origin of or do not trust. “

You can read the research here.

ALSO READ  PortSmash: New vulnerabilty found on Intel CPUs

Leave a Comment