Skip to content
Thoughtful, detailed coverage of everything Apple for 34 years
and the TidBITS Content Network for Apple professionals
A MacBook connected to Thunderbolt.

Photo by Thunderclap Team


Thunderclap Researchers Reveal Vulnerabilities Exploitable through Thunderbolt

A team of researchers has unearthed a group of security vulnerabilities that they’ve dubbed Thunderclap because the most common way of exploiting them is through Thunderbolt (PCs are also vulnerable through PCI Express devices). Thunderclap vulnerabilities take advantage of direct memory access—essential for maximum performance—between usually internal peripherals like graphics processors and network cards. However, technologies like Thunderbolt allow peripherals that are granted direct memory access to be hot-plugged at any time, enabling attacks on temporarily unattended computers. Plus, Thunderbolt’s use in charging means that attackers could create malicious public charging stations.

Unfortunately, Thunderclap affects basically all operating systems—the researchers call out macOS, Windows, Linux, and FreeBSD—and all Macs released since 2011 other than the 12-inch MacBook, which has only USB-C. The researchers disclosed Thunderclap to vendors in 2016 and have worked with them since. Apple, Intel, and Microsoft have all responded to some extent—Apple addressed a specific network card vulnerability in macOS 10.12.4 Sierra and later, but the Thunderclap researchers say other vulnerabilities remain unaddressed.

The likelihood of everyday users being targeted by an attacker using Thunderclap seems very low at the moment. The best defense, for now, is to be careful about what you plug into your computer, and if you’re a high-value target for some reason, to avoid leaving your computer unattended.

Read original article

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 33 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

This site is protected by reCAPTCHA. The Google Privacy Policy and Terms of Service apply.

Comments About Thunderclap Researchers Reveal Vulnerabilities Exploitable through Thunderbolt

Notable Replies

  1. DMA attacks go back a long way and affect a lot of connection types. From wikipedia: FireWire, CardBus, ExpressCard, Thunderbolt, PCI, and PCI Express.

    The good part is that it requires physical access of some sort. The bad part is that it’s now comparatively easy to hide everything, including wi-fi data egress, in a normal looking cable.

    A good rule of thumb is to not buy or use odd brand cables or cards, or to buy from places like amazon that are careless about mixing counterfeits in with genuine stuff.

Join the discussion in the TidBITS Discourse forum


Avatar for jcenters Avatar for alvarnell Avatar for gastropod