‘Thunderclap’ vulnerability could leave Thunderbolt computers open to attacks

A team of researchers uncovered a new security vulnerability in the Thunderbolt data transfer specification called "Thunderclap." This Thunderbolt can keep the computer open from serious attacks on USB-C or DisplayPort hardware.

Researcher Theo Markettos explains: Thunderclap uses the privileged direct memory access (DMA) granted by the Thunderbolt accessory to access the target device. Without proper protection, hackers can use that access to steal data, track files, and execute malicious code.

This is a kind of OS level access that is usually given an accessory such as a GPL or a network card. Because Thunderbolt is designed to replicate these features from the outside, it requires the same level of access, but is more vulnerable to attacks due to the external nature of the configuration. Fundamentally, connecting a malicious device to a port is easier than opening someone's computer and connecting a hacked graphics card.

Thunderclap vulnerability isn not unique to Thunderbolt 3. Older Thunderbolt devices based on DisplayPort instead of USB-C are theoretically at risk.

Markettos and his team discovered this vulnerability in 2016 and released it to manufacturers who have already made the fix. Apple discovered a specific part of the bug in macOS 10.12.4 that same year, and the most recently updated Mac should be protected from attack. Windows 10 version 1803 protects against the latest firmware-level vulnerabilities.

This is not an attack most users will encounter. (Hackers who use USB-C devices specially poisoned on the target computer, pretending to be fake GPUs, are usually not suitable for most people.) However, you should be careful about connecting your computer to an accessory or charger.

Even if Thunderclap does not attack the device, it underscores that even the best of standards on the high end side of Thunderbolt's peripherals industry are not perfect

Please Note: This content is provided and hosted by a 3rd party server. Sometimes these servers may include advertisements. igetintopc.com does not host or upload this material and is not responsible for the content.