Skip to content
Thoughtful, detailed coverage of everything Apple for 29 years
and the TidBITS Content Network for Apple professionals
A MacBook connected to Thunderbolt.

Photo by Thunderclap Team

2 comments

Thunderclap Researchers Reveal Vulnerabilities Exploitable through Thunderbolt

A team of researchers has unearthed a group of security vulnerabilities that they’ve dubbed Thunderclap because the most common way of exploiting them is through Thunderbolt (PCs are also vulnerable through PCI Express devices). Thunderclap vulnerabilities take advantage of direct memory access—essential for maximum performance—between usually internal peripherals like graphics processors and network cards. However, technologies like Thunderbolt allow peripherals that are granted direct memory access to be hot-plugged at any time, enabling attacks on temporarily unattended computers. Plus, Thunderbolt’s use in charging means that attackers could create malicious public charging stations.

Unfortunately, Thunderclap affects basically all operating systems—the researchers call out macOS, Windows, Linux, and FreeBSD—and all Macs released since 2011 other than the 12-inch MacBook, which has only USB-C. The researchers disclosed Thunderclap to vendors in 2016 and have worked with them since. Apple, Intel, and Microsoft have all responded to some extent—Apple addressed a specific network card vulnerability in macOS 10.12.4 Sierra and later, but the Thunderclap researchers say other vulnerabilities remain unaddressed.

The likelihood of everyday users being targeted by an attacker using Thunderclap seems very low at the moment. The best defense, for now, is to be careful about what you plug into your computer, and if you’re a high-value target for some reason, to avoid leaving your computer unattended.

Read original article

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For 28 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

Comments About Thunderclap Researchers Reveal Vulnerabilities Exploitable through Thunderbolt

Notable Replies

  1. DMA attacks go back a long way and affect a lot of connection types. From wikipedia: FireWire, CardBus, ExpressCard, Thunderbolt, PCI, and PCI Express.

    https://en.wikipedia.org/wiki/DMA_attack

    The good part is that it requires physical access of some sort. The bad part is that it’s now comparatively easy to hide everything, including wi-fi data egress, in a normal looking cable.

    A good rule of thumb is to not buy or use odd brand cables or cards, or to buy from places like amazon that are careless about mixing counterfeits in with genuine stuff.

Join the discussion in the TidBITS Discourse forum

Participants