UPDATE
A set of vulnerabilities collectively dubbed “Thunderclap” is putting computers at risk from weaponized peripheral devices (think network cards, storage and graphics cards, and even chargers and video projectors).
The flaws reside in the Thunderbolt hardware interface developed by Intel (in collaboration with Apple), that allows the connection of external peripherals to a computer. And they pose an alarming risk, according to researchers from the University of Cambridge, Rice University and SRI International.
“These vulnerabilities allow an attacker with physical access to a Thunderbolt port to compromise a target machine in a matter of seconds, running arbitrary code at the highest privilege level and potentially gaining access to passwords, banking logins, encryption keys, private files, browsing and other data,” the researchers said in a breakdown of the flaws this week.
Thunderbolt interfaces are widely deployed, and the team said that the Thunderclap vulnerabilities thus affect a range of computers with Thunderbolt ports running Windows, macOS, Linux and FreeBSD – including all Apple laptops and desktops produced since 2011, with the exception of the 12-inch MacBook.
It also impacts many other laptops and an increasing number of desktops, especially those produced since 2016.
“Thunderbolt 3 is often supported via USB Type-C ports on modern laptops,” the team said. “Machines with older versions of Thunderbolt (carried over a Mini DisplayPort connector) are also affected.”
Thunderclap Up Close
The Thunderclap vulnerabilities allow attackers to get around protection mechanisms preventing attacks that take advantage of peripherals’ direct memory access (DMA).
Network cards, GPUs and the like have traditionally been trusted parts of a computer system, using DMA to read and write all of system memory without operating system oversight, the team explained.
“DMA allows peripherals to bypass operating system security policies, and DMA attacks abusing this access have been widely employed by hackers and the intelligence community to take control of and exfiltrate sensitive data from target machines,” according to the report. “This means passwords, banking logins, private files and browser activity are all exposed, and an attacker can inject any code they wish onto your machine.”
To mitigate those kinds of attacks, a set of protections has been added to modern machines, known as input-output memory management units (IOMMUs) – these allow the operating system to block all memory access from unrecognized devices and only allow access to non-sensitive regions of memory.
However, there are two issues around IOMMU protection – for one, it is often turned off by default because it impacts performance.
“This [performance] cost has led current operating systems to trade off security for performance gains – in some cases even disabling the IOMMU by default,” the report noted.
The second issue stems from the fact that current operating systems also put sensitive data in the same regions of memory used for peripheral device communication, which facilitates attacks even when the IOMMU is enabled.
“A simple example [of this latter issue] we found was regarding the VPN on macOS, Linux and FreeBSD,” Markettos told Threatpost. “A VPN encrypts sensitive data (‘plaintext’) and sends it encrypted over the internet (this is the ‘ciphertext’). The plaintext is never supposed to leave the machine, but we found it exposed to the network card, which would then be able to exfiltrate it over the internet.”
Another example, which the team found to be possible but did not explore in detail, is that on macOS our network card can access data from other peripherals.
“For example, it can read/write the contents of the screen (at least, on machines with a discrete GPU),” the research said. “It can also read/write the buffers used by the USB drivers, so should be able to read keystrokes from the USB keyboard.”
Attack Vectors
An attacker can exploiting the vulnerabilities by convincing a user to connect a malicious device.
This is made easier by the fact that Thunderbolt devices communicate via PCI Express protocol, which allows legitimate devices to be trojanized and which supports hotplugging.
“Previous work has shown it’s possible to swap out a PCI Express device for another without causing Thunderbolt authentication to notice that the device internals have been replaced,” the team said. “This means an attacker can buy a genuine device and make substantial modifications to it without Thunderbolt being aware that anything is different about it.”
Thunderclap vulnerabilities can also be exploited via device or factory supply chains, implanting compromised firmware on devices like network cards or baseboard management controllers (BMCs) integrated into servers.
In terms of how an attacker could exfiltrate the data read by a malicious peripheral, Theo Markettos, one of the researchers from Cambridge, told Threatpost that there are two models.
For one, if the device is hotplugged into a target system, the exfiltration would be require local communication (Ethernet, WiFi, LTE and so on).
“For example, an Ethernet dongle would use its own ethernet for exfiltration,” he said.
In the case of the compromise of firmware of an existing device, such as a PCI Express chip in a server, the attacker could be remote.
“This could be a remote exploit against the firmware, a bad firmware update, or malicious firmware installed in the factory or in the supply chain,” Markettos noted.
The latter scenario offers an attractive attack surface for adversaries.
“For any attack there would need to be some incentive for the attacker to undertake it in a particular location,” Markettos said. “A remote exploit would also increase the risk of the attack as it could then be multiplied over many machines – for example servers in a data center.”
Different from Prior Peripheral Attacks
It should be noted that Thunderclap differs from attack techniques such as Facedancer and BadUSB.
“USB is a message-based protocol; devices pass messages which are interpreted by software at each end,” explained the researchers. “Facedancer and BadUSB-style attacks provide malformed or illegitimate messages, with the aim of confusing or compromising driver software running on the host computer.”
Thunderclap on the other hand abuses DMA, which allows much more privileged access to the internal state of the computer than USB.
“In systems that don’t use an IOMMU, it exposes 100 percent of the data in the computer’s memory,” according to the report.
Mitigations
The team first discovered the issues back in 2015, after building a research platform (also dubbed Thunderclap) to hunt for flaws relating to the Thunderbolt technology. The researchers have been working in secrecy to address the issues with various hardware and operating system vendors.
Vendors have shipped substantial mitigations, the researchers said, but they said that “more generally, however, we have discovered a larger vulnerability space that is not fully addressed by mitigations for specific attacks.”
In macOS 10.12.4 and later, Apple addressed the specific network card vulnerability the researchers used to achieve a root shell. “However, the general scope of our work still applies; in particular that Thunderbolt devices have access to all network traffic and sometimes keystrokes and framebuffer data,” they said.
Microsoft meanwhile has enabled support for the IOMMU for Thunderbolt devices in Windows 10 version 1803, which shipped in 2018. Earlier hardware upgraded to 1803 requires a firmware update from the vendor. “This brings them into line with the baseline for our work, however the more complex vulnerabilities we describe remain relevant,” noted the team.
The researchers also said that Intel recently contributed patches to version 5.0 of the Linux kernel (shortly to be released) that enable the IOMMU for Thunderbolt; and that the FreeBSD Project indicated that malicious peripheral devices are not currently within its threat model for security response. However, FreeBSD does not currently support Thunderbolt hot-plugging.
“In general terms, platforms remain insufficiently defended from peripheral devices over Thunderbolt such that users should not connect devices they do not know the provenance of or do not trust,” the researchers said. They added, “One major vendor of notebook computers stated they would want to understand how to address these vulnerabilities before adding Thunderbolt to new product lines.”
If not using peripherals at all is unfeasible, then users should avoid attaching unknown devices or using public charging ports in order to prevent an attack.
Markettos said that the team hasn’t seen evidence of such attacks in the wild, but that the risks from an exploit should be considered high.
“While there are some practical hoops the attacker has to jump through (so, the attacks may not be successful 100 percent of the time), if successful they have very privileged access to the system,” he told Threatpost. “I would say the risk is high in circumstances where a public USB-C is provided, especially with a captive cable, and where there are no physical constraints on the form factor – for example a public USB-C charging station or meeting room projector. With further engineering by attackers the form factor could be reduced to fit in a smaller charger or dongle, which would increase the scope of the attacks.”
This post was updated at 12:32 p.m. ET to reflect an email interview with the researcher.
Interested in learning about mobile enterprise security threats and best practices? Don’t miss our free Threatpost webinar Wednesday, Feb. 27 at 2 p.m. ET.
Patrick Hevesi of Gartner; Mike Burr of Google Android; and David Richardson from Lookout will join Threatpost senior editor Tara Seals.
They’ll discuss the top evolving threats and risks that are unique to this work-from-anywhere environment; best practices for addressing them; and new challenges on the horizon, such as 5G services.