SoylentNews is people
SoylentNews
from the you've-got-the-thunderclap dept.
Security researches at the Network and Distributed Systems Security Symposium in San Diego unveiled a series of new Thunderbolt vulnerabilities collectively named Thunderclap.
We look at the security of input/output devices that use the Thunderbolt interface, which is available via USB-C ports in many modern laptops. Our work also covers PCI Express (PCIe) peripherals which are found in desktops and servers.
Such ports offer very privileged, low-level, direct memory access (DMA), which gives peripherals much more privilege than regular USB devices. If no defences are used on the host, an attacker has unrestricted memory access, and can completely take control of a target computer: they can steal passwords, banking logins, encryption keys, browser sessions and private files, and they can also inject malicious software that can run anywhere in the system.
We studied the defences of existing systems in the face of malicious DMA-enabled peripheral devices and found them to be very weak.
[...] We built a fake network card that is capable of interacting with the operating system in the same way as a real one, including announcing itself correctly, causing drivers to attach, and sending and receiving network packets. To do this, we extracted a software model of an Intel E1000 from the QEMU full-system emulator and ran it on an FPGA. Because this is a software model, we can easily add malicious behaviour to find and exploit vulnerabilities.
We found the attack surface available to a network card was much richer and more nuanced than was previously thought. By examining the memory it was given access to while sending and receiving packets, our device was able to read traffic from networks that it wasn't supposed to. This included VPN plaintext and traffic from Unix domain sockets that should never leave the machine.
[...] More generally, since this is a new space of many vulnerabilities, rather than a specific example, we believe all operating systems are vulnerable to similar attacks, and that more substantial design changes will be needed to remedy these problems. We noticed similarities between the vulnerability surface available to malicious peripherals in the face of IOMMU protections and that of the kernel system call interface, long a source of operating system vulnerabilities. The kernel system call interface has been subjected to much scrutiny, security analysis, and code hardening over the years, which must now be applied to the interface between peripherals and the IOMMU.
In short, consider disabling Thunderbolt drivers on important machines now.
You can read up more on Thunderclap here.
(Score: 2) by Rich on Wednesday February 27 2019, @11:46AM (5 children)
Thunderbolt is PCI. I bloody expect from any PCI peripheral that it can do DMA and that the PCI subsystem doesn't make one jump through stupid hoops (which WILL eventually break) to get there. All this IOMMU stuff isn't there to make your machine safe against ninja burglar intruders (or maybe customs officers), but to lock you out of your own data.
The proper solution for the topic of TFA is a mechanical lock.
(Score: 2, Interesting) by Anonymous Coward on Wednesday February 27 2019, @12:00PM (1 child)
Did you miss the bit in the summary where it says "laptop"? You know, the type of computer that is often taken out from behind locked doors and into public? I agree, it's not as big a concern for servers and other machines where it's easy to restrict physical access.
(Score: 2) by Rich on Wednesday February 27 2019, @05:57PM
Did you think I wanted to lug a big server past mentioned customs officer?
That said, for convenience on small devices, I could live with a port that simply stays disabled until it is authorized by the user. And I don't want to hear anything about helpless hipsters who'd run out of ideas on how to boot from an external drive with such a switch.
(Score: 4, Interesting) by theluggage on Wednesday February 27 2019, @01:30PM (2 children)
Agreed - in other news, if you let strangers into your house they can steal your stuff.
However, with Thunderbolt, there's a wrinkle - Thunderbolt 3 combines Thunderbolt, USB2/3, DisplayPort (HDMI coming soon) and power supply into a single universal connector* (even Thunderbolt 1/2 incorporated DisplayPort) - and the happy shiny future (already embraced by Apple MacBooks**) is that its the only port you need.
So whereas you could (e.g.) put a mechanical lock on a desktop PC case, or on an old-school laptop's ExpressCard slot, do that on a TB3/USB-C-only laptop and you can't even charge it with the supplied adapter or plug into a data projector.
* ...but, unfortunately, a stupid combinatorial explosion of visually-identical cable types that undoes any 'simplicity'.
** ...don't bother to snark - I already think this is 'strike one' against current MacBooks. Shame about that nice world where you could have Unix with a half-decent GUI and still run Office/Adobe stuff natively when you needed to work with others...
(Score: 2) by Apparition on Wednesday February 27 2019, @02:06PM (1 child)
In the case of only a Thunderbolt port, your best bet is to use a USB hub that doesn't support Thunderbolt.
(Score: 3, Interesting) by theluggage on Wednesday February 27 2019, @03:17PM
Your best bet is to use known safe peripherals that don't support malware. Its not as if plugging an untrusted device into your computer is security city... that shouldn't be something that non-tech users have to think about when plugging in a charger.
In a sense, the wider problem goes back to USB-A ports in hotel rooms etc. becoming the standard low-voltage power supply. Of course, that 110v outlet could be sniffing your devices power consumption to try and deduce what you're typing but unless you're a spook of some sort that's far less likely than the hotel entertainment system getting infected (or even BigHotelCorp trying to install a rootkit for 'legitimate business purposes').