Zotac Gaming GTX 1650 Super review
Radeon Adrenalin 2020 Edition Driver Overview
Guru3D Winter 2019 PC Buyer Guide
Corsair QL120 and QL140 RGB fan review
Promo: Windows 10 Pro for $13 With Office 2016 For $33
Corsair Void RGB Elite Wireless Headset review
Team Group PD400 Portable SSD review
AMD Athlon 3000G review
Team Group T-Force Delta Max 1 TB SSD review
Guru3D Rig of the Month - November 2019
Vulnerability in Thunderbolt allows unlimited memory access
A big Vulnerability in Thunderbolt has surfaced, the researches call it Thunderclap (Vulnerability these days need to have a fancy name for some sort of reason). The vulnerability allows direct memory access attacks, or simply DMA attacks, to be carried out, which ensure that an attacker has unrestricted access to the memory.
Thunderbolt peripherals and accessories are effectively considered to be trusted components of a computer, complete with direct memory access that can bypass operating system security policies, according to security researcher Theo Markettos. Thunderbolt offers devices "more privilege than regular USB devices," giving them more freedom and access to potentially sensitive information.
The researchers say that most modern laptops, as well as a number of desktop computers, are susceptible to being vulnerable to Thunderclap-based attacks which can be carried out either with specially built malicious peripheral devices or common devices such as projectors or chargers that have been altered to automatically attack the host they are connected to. Even though most vendors have implemented Input-Output Memory Management Units (IOMMUs) designed to provide memory protection for DMA and block all memory access from unrecognized devices altogether.
In collaboration with the research team, OS vendors have also added Thunderclap mitigation measures to their platforms starting with 2016 but the measures are not 100% effective and security flaws still impact systems protected using IOMMU.
Thunderclap affects basically all operating systems—the researchers call out macOS, Windows, Linux, and FreeBSD—and all Macs released since 2011 other than the 12-inch MacBook, which has only USB-C.
The researchers have published their finding here in this PDF.
Hackers Exploit Chromecast UPnP Router Vulnerability on Smart TVs - 01/03/2019 09:19 AM
Funny story really, Swedish video-game vlogger PewDiePie got some unexpected help boosting subscription numbers when hackers took over Chromecast devices to promote his channel....
Asus Aura Sync and Gigabyte Xtreme Software contain vulnerabilities - 12/20/2018 05:43 PM
A security company called SecureAuth shares word that that two drivers from Asus and also two from Gigabyte contain vulnerabilities. The drivers come bundled with tools that companies provide for moth...
Vulnerability: Logitech Options users should uninstall immediately (updated) - 12/14/2018 08:41 AM
A researcher from Google’s Project Zero discovered a critical vulnerability in the software for Logitech keyboards and mouses. As a workaround, Logitech Options users should uninstall the s...
Microsoft patches actively exploited leak and 61 other vulnerabilities - 11/15/2018 08:50 AM
Last Tuesday Microsoft rolled out a new series of patches, one of them was an actively exploited leak in Windows, an attacker with access to the system could elevate his privileges. In total, Microsof...
Microsoft patches 50 vulnerabilities incl a Zero Day Issue - 10/11/2018 08:00 AM
It was patch Tuesday yesterday and if you have not done so, you should grab that update alright as Microsoft addressed 50 vulnerabilities including a zero-day vulnerability....
DeskStar
Senior Member
Posts: 634
Joined: 2011-01-11
Senior Member
Posts: 634
Joined: 2011-01-11
#5646032 Posted on: 03/04/2019 02:17 PM
I personally never heard of it, so I'm glad it was spoken up about again.
Hardware vulnerabilities are a big thing these days and I truly never thought it would be this bad. Software is what i always thought was the mess up, but i guess even after the bios' being corrupted/attacked years ago it was only a matter of time.
hot take: nobody uses thunderbolt devices. less than 0.01% of pc users and less than 0.5% of mac users. thunderbolt is pcie, what did they expect? this has also been discovered years ago, why is it a thing again?
I personally never heard of it, so I'm glad it was spoken up about again.
Hardware vulnerabilities are a big thing these days and I truly never thought it would be this bad. Software is what i always thought was the mess up, but i guess even after the bios' being corrupted/attacked years ago it was only a matter of time.
longest
Junior Member
Posts: 16
Joined: 2018-05-29
Junior Member
Posts: 16
Joined: 2018-05-29
#5646041 Posted on: 03/04/2019 02:59 PM
https://en.wikipedia.org/wiki/DMA-attack
I personally never heard of it
https://en.wikipedia.org/wiki/DMA-attack
reix2x
Senior Member
Posts: 255
Joined: 2010-01-20
Senior Member
Posts: 255
Joined: 2010-01-20
#5646049 Posted on: 03/04/2019 03:29 PM
if i have to chose a diabolic device, that red diabolic card looks the best!
if i have to chose a diabolic device, that red diabolic card looks the best!
schmidtbag
Senior Member
Posts: 4580
Joined: 2012-11-10
Senior Member
Posts: 4580
Joined: 2012-11-10
#5646057 Posted on: 03/04/2019 03:44 PM
With USB C becoming more common, TB is kinda obsolete these days anyway. I'm sure TB has better latency but not enough to be worth the vulnerabilities.
With USB C becoming more common, TB is kinda obsolete these days anyway. I'm sure TB has better latency but not enough to be worth the vulnerabilities.
longest
Junior Member
Posts: 16
Joined: 2018-05-29
Junior Member
Posts: 16
Joined: 2018-05-29
#5646058 Posted on: 03/04/2019 03:46 PM
might as well throw your video card away since it has direct memory access and a supposed MALICIOUS driver could steal all your info. you have to plug in an extremely shady device to have anything like that happen.
With USB C becoming more common, TB is kinda obsolete these days anyway. I'm sure TB has better latency but not enough to be worth the vulnerabilities.
might as well throw your video card away since it has direct memory access and a supposed MALICIOUS driver could steal all your info. you have to plug in an extremely shady device to have anything like that happen.
schmidtbag
Senior Member
Posts: 4580
Joined: 2012-11-10
Senior Member
Posts: 4580
Joined: 2012-11-10
#5646064 Posted on: 03/04/2019 03:59 PM
Not really a good comparison. GPUs are output devices only. TB is an I/O interface.
might as well throw your video card away since it has direct memory access and a supposed MALICIOUS driver could steal all your info. you have to plug in an extremely shady device to have anything like that happen.
Not really a good comparison. GPUs are output devices only. TB is an I/O interface.
Picolete
Senior Member
Posts: 277
Joined: 2014-12-09
Senior Member
Posts: 277
Joined: 2014-12-09
#5646182 Posted on: 03/04/2019 07:30 PM
Didnt FireWire had the same problem?
Didnt FireWire had the same problem?
K.S.
Senior Member
Posts: 1927
Joined: 2009-06-07
Senior Member
Posts: 1927
Joined: 2009-06-07
#5646186 Posted on: 03/04/2019 07:46 PM
"thunderclap" ? hahahahaha
"thunderclap" ? hahahahaha
tsunami231
Senior Member
Posts: 9758
Joined: 2003-05-24
Senior Member
Posts: 9758
Joined: 2003-05-24
#5646201 Posted on: 03/04/2019 08:31 PM
breaking news there are flaws in human brains "hw" that allows others to control our minds and what we remember and what we dont.
Where is the outlash from this and fix for it??!!
Old news recycled as new news
breaking news there are flaws in human brains "hw" that allows others to control our minds and what we remember and what we dont.
Where is the outlash from this and fix for it??!!
Old news recycled as new news
user1
Senior Member
Posts: 1441
Joined: 2016-01-29
Senior Member
Posts: 1441
Joined: 2016-01-29
#5646325 Posted on: 03/05/2019 07:24 AM
Wat
(Thunderbolt is pcie, gpus do writes and reads memory from system memory via pcie. They are not output only, they are accelerator boards, they can process data given to them and give back results )
Not really a good comparison. GPUs are output devices only. TB is an I/O interface.
Wat
(Thunderbolt is pcie, gpus do writes and reads memory from system memory via pcie. They are not output only, they are accelerator boards, they can process data given to them and give back results )
schmidtbag
Senior Member
Posts: 4580
Joined: 2012-11-10
Senior Member
Posts: 4580
Joined: 2012-11-10
#5646481 Posted on: 03/05/2019 02:35 PM
Wat
(Thunderbolt is pcie, gpus do writes and reads memory from system memory via pcie. They are not output only, they are accelerator boards, they can process data given to them and give back results )
I understand all of that, but my point is GPUs don't acquire data from external sources; they depend on the CPU to feed them data. In other words, if someone is going to hack your system memory, they need CPU access first, in which case you don't need the GPU at all. In other words, that's kind of like trying to breach the security of a house when you're already inside it.
Wat
(Thunderbolt is pcie, gpus do writes and reads memory from system memory via pcie. They are not output only, they are accelerator boards, they can process data given to them and give back results )
I understand all of that, but my point is GPUs don't acquire data from external sources; they depend on the CPU to feed them data. In other words, if someone is going to hack your system memory, they need CPU access first, in which case you don't need the GPU at all. In other words, that's kind of like trying to breach the security of a house when you're already inside it.
user1
Senior Member
Posts: 1441
Joined: 2016-01-29
Senior Member
Posts: 1441
Joined: 2016-01-29
#5646739 Posted on: 03/06/2019 02:02 AM
you do realize that if you were able to put a malicious payload into a gpu and execute it (you load data into the gpu everytime you do anything with hw aceleration, whether thats a game or a webrowser) , the gpu would be able to read all of the system memory , it breaks the sandbox, You dont need explicit cpu access for this type of thing to be exploited.
Easy to break into the house if you let people inside first lol.
edit: point is the gpu is a perfectly fine example to use, if not the most likely pcie device to be exploited
I understand all of that, but my point is GPUs don't acquire data from external sources; they depend on the CPU to feed them data. In other words, if someone is going to hack your system memory, they need CPU access first, in which case you don't need the GPU at all. In other words, that's kind of like trying to breach the security of a house when you're already inside it.
you do realize that if you were able to put a malicious payload into a gpu and execute it (you load data into the gpu everytime you do anything with hw aceleration, whether thats a game or a webrowser) , the gpu would be able to read all of the system memory , it breaks the sandbox, You dont need explicit cpu access for this type of thing to be exploited.
Easy to break into the house if you let people inside first lol.
edit: point is the gpu is a perfectly fine example to use, if not the most likely pcie device to be exploited
schmidtbag
Senior Member
Posts: 4580
Joined: 2012-11-10
Senior Member
Posts: 4580
Joined: 2012-11-10
#5646754 Posted on: 03/06/2019 03:15 AM
Supposing the GPU can actually access all system memory (or, to give you the benefit of the doubt, manage to modify the system RAM without the CPU knowing), how exactly is the hacker supposed to get that information without the CPU? As far as I'm concerned, the GPU has no ability to directly talk to any other peripheral, most importantly, a NIC. Therefore, the CPU still must be involved for the hacker to succeed, at which point, their efforts can still be detected. It doesn't matter how much the GPU can do on it's own, it can't be 100% independent.
Sure, using a GPU in this very difficult manner would dramatically decrease your chances of detection vs accomplishing your goal strictly through CPU, but...:
Doesn't really change my point: if you already have enough system access to break into the GPU in the first place, you might as well use your time wisely and skip it altogether. Compiling your program and sending data over the PCIe bus wastes too much time.
A GPU is a stretch of a worst-case scenario.
you do realize that if you were able to put a malicious payload into a gpu and execute it (you load data into the gpu everytime you do anything with hw aceleration, whether thats a game or a webrowser) , the gpu would be able to read all of the system memory , it breaks the sandbox, You dont need explicit cpu access for this type of thing to be exploited.
Supposing the GPU can actually access all system memory (or, to give you the benefit of the doubt, manage to modify the system RAM without the CPU knowing), how exactly is the hacker supposed to get that information without the CPU? As far as I'm concerned, the GPU has no ability to directly talk to any other peripheral, most importantly, a NIC. Therefore, the CPU still must be involved for the hacker to succeed, at which point, their efforts can still be detected. It doesn't matter how much the GPU can do on it's own, it can't be 100% independent.
Sure, using a GPU in this very difficult manner would dramatically decrease your chances of detection vs accomplishing your goal strictly through CPU, but...:
Easy to break into the house if you let people inside first lol.
Doesn't really change my point: if you already have enough system access to break into the GPU in the first place, you might as well use your time wisely and skip it altogether. Compiling your program and sending data over the PCIe bus wastes too much time.
edit: point is the gpu is a perfectly fine example to use, if not the most likely pcie device to be exploited
A GPU is a stretch of a worst-case scenario.
user1
Senior Member
Posts: 1441
Joined: 2016-01-29
Senior Member
Posts: 1441
Joined: 2016-01-29
#5646763 Posted on: 03/06/2019 03:51 AM
You really couldn't be bothered to think one step ahead? Supposing the GPU can actually access all system memory (or, to give you the benefit of the doubt, manage to modify the system RAM without the CPU knowing), how exactly is the hacker supposed to get that information without the CPU? As far as I'm concerned, the GPU has no ability to directly talk to any other peripheral, most importantly, a NIC. Therefore, the CPU still must be involved for the hacker to succeed, at which point, their efforts can still be detected. It doesn't matter how much the GPU can do on it's own, it can't be 100% independent.
Sure, using a GPU in this very difficult manner would dramatically decrease your chances of detection vs accomplishing your goal strictly through CPU, but...:
Doesn't really change my point: if you already have enough system access to break into the GPU in the first place, you might as well use your time wisely and skip it altogether. Compiling your program and sending data over the PCIe bus wastes too much time.
A GPU is a stretch of a worst-case scenario.
There are reasons why chrome black lists certain gpu drivers from hw acceleration,
It is not a stretch.
The senario is, you load a webpage, it uses hwaceleration for something(say webgl for instance) it loads a malicious program into your gpu, now this alone doesn't mean your data is at risk, since the gpu is supposed to be a box on its own, but with the dma exploit , it can now read and write system memory, which has the potential to allow you to escalate your attack. that is far more likely to take place than malicious thunderbolt dongles IMO, that type of thing is for targeted attacks(like stealing company data). the risk to the average user is minimal, compared to a gpu based attack.
If your computer loads a webpage, it is executing code from outside of your computer, that is why it is pointless to say that "you need to have system access" you expose your computer to javascript and other modes of execution from external sources every day. what makes your computer "safe" is execution privileges, userland code is not supposed to be able to access all of your memory, and this dma expoit breaks part of the trust, which is why it creates risk.
You really couldn't be bothered to think one step ahead? Supposing the GPU can actually access all system memory (or, to give you the benefit of the doubt, manage to modify the system RAM without the CPU knowing), how exactly is the hacker supposed to get that information without the CPU? As far as I'm concerned, the GPU has no ability to directly talk to any other peripheral, most importantly, a NIC. Therefore, the CPU still must be involved for the hacker to succeed, at which point, their efforts can still be detected. It doesn't matter how much the GPU can do on it's own, it can't be 100% independent.
Sure, using a GPU in this very difficult manner would dramatically decrease your chances of detection vs accomplishing your goal strictly through CPU, but...:
Doesn't really change my point: if you already have enough system access to break into the GPU in the first place, you might as well use your time wisely and skip it altogether. Compiling your program and sending data over the PCIe bus wastes too much time.
A GPU is a stretch of a worst-case scenario.
There are reasons why chrome black lists certain gpu drivers from hw acceleration,
privilege
escalation is one of them ( there are many documented CVEs on this matter). this DMA exploit is an attack vector for gaining access to system memory.It is not a stretch.
The senario is, you load a webpage, it uses hwaceleration for something(say webgl for instance) it loads a malicious program into your gpu, now this alone doesn't mean your data is at risk, since the gpu is supposed to be a box on its own, but with the dma exploit , it can now read and write system memory, which has the potential to allow you to escalate your attack. that is far more likely to take place than malicious thunderbolt dongles IMO, that type of thing is for targeted attacks(like stealing company data). the risk to the average user is minimal, compared to a gpu based attack.
If your computer loads a webpage, it is executing code from outside of your computer, that is why it is pointless to say that "you need to have system access" you expose your computer to javascript and other modes of execution from external sources every day. what makes your computer "safe" is execution privileges, userland code is not supposed to be able to access all of your memory, and this dma expoit breaks part of the trust, which is why it creates risk.
Click here to post a comment for this news story on the message forum.
Junior Member
Posts: 16
Joined: 2018-05-29
hot take: nobody uses thunderbolt devices. less than 0.01% of pc users and less than 0.5% of mac users. thunderbolt is pcie, what did they expect? this has also been discovered years ago, why is it a thing again?