Many laptops and desktop computers may be more vulnerable to hackers than previously thought, according to University of Cambridge and Rice University researchers. Attackers can infiltrate unattended machines through network and graphics cards, chargers, docking stations, projectors, and other common plug-in devices, in a matter of seconds.
Specifically, “computers with Thunderbolt ports running Windows, macOS, Linux, and FreeBSD” were found to be susceptible targets, according to the University of Cambridge.
The vulnerability reared its head through the team’s open-source platform Thunderclap, which can be plugged into a computer’s USB-C port that also supports the Thunderbolt interface. Once attached, the researchers were able to study computer peripheral security and its interactions with the operating system (OS).
According to the University of Cambridge, computer peripherals are granted direct memory access (DMA), meaning they can bypass OS security. To safeguard against DMA attacks, computer systems employ input-output memory management units (IOMMUs), which restrict “memory access to peripherals that perform legitimate functions” and allow access “to non-sensitive regions of memory.”
But the researchers revealed a grim truth. Oftentimes, a computer’s IOMMU protection is turned off. Even worse, the team found that if a system is actually running that protection, the computer can still be a target.
“We have demonstrated that current IOMMU usage does not offer full protection and that there is still the potential for sophisticated attackers to do serious harm,” says Brett Gutstein, a Gates Cambridge Scholar, and member of the research team.
The threat was discovered in 2016, and since then, the team has worked with companies, such as Apple, Intel, and Microsoft, to mitigate the security concerns. Although companies have implemented fixes and released security updates, a main fix to the issue is still MIA.
In addition, the research brought to light that “recent developments, such as the rise of hardware interconnects like Thunderbolt 3 that combine power input, video output, and peripheral device DMA over the same port, have greatly increased the threat from malicious devices, charging stations, and projectors that take control of connected machines,” according to the University of Cambridge.
“It is essential that users install security updates provided by Apple, Microsoft, and others to be protected against the specific vulnerabilities we have reported,” says research leader Dr. Theodore Markettos of Cambridge’s department of computer science and technology. “However, platforms remain insufficiently defended from malicious peripheral devices over Thunderbolt and users should not connect devices they do not know the origin of or do not trust.”
The findings were presented February 26 at San Diego’s Network and Distributed Systems Security Symposium.
