Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
Cougar Terminator gaming chair review
G.Skill TridentZ5 RGB DDR5 7200 CL34 2x16 GB review
ASUS TUF Gaming B760-PLUS WIFI D4 review
Netac NV7000 2 TB NVMe SSD Review
ASUS GeForce RTX 4080 Noctua OC Edition review
MSI Clutch GM51 Wireless mouse review
ASUS ROG STRIX B760-F Gaming WIFI review
Asus ROG Harpe Ace Aim Lab Edition mouse review
SteelSeries Arctis Nova Pro Headset review
Ryzen 7800X3D preview - 7950X3D One CCD Disabled

New Downloads
HWiNFO Download v7.42
Intel ARC graphics Driver Download Version: 31.0.101.4257
CrystalDiskInfo 9.0.0 Beta4 Download
AIDA64 Download Version 6.88
GeForce 531.41 WHQL driver download
AMD Radeon Software Adrenalin 23.3.2 WHQL download
GeForce 531.29 WHQL driver download
AMD Ryzen Master Utility Download 2.10.2.2367
AMD Radeon Software Adrenalin 23.3.1 WHQL download
Display Driver Uninstaller Download version 18.0.6.1


New Forum Topics
Review: Cougar Terminator gaming chair NVIDIA Profile Inspector 2.4.0.4 Windows 11 Insider Builds NVIDIA GeForce 531.41 WHQL driver Download & Discussion AMD Software: Adrenalin Edition 23.3.2 WHQL - Driver Download and Discussion Amernime Zone AMD Software: Adrenalin / Pro Driver - Release Discovery 22.12.2 WHQL Mainstream GeForce RTX 4050 Graphics Card Launching in June 2023 FSR Thread Reporting a bug "nvlddmkm" errors event id 0 \Device\Video3 The Last of Us Part I PC Port Receives 77% negative ratings on Steam, due to poor optimization




Guru3D.com » News » Vulnerability in Thunderbolt allows unlimited memory access

Vulnerability in Thunderbolt allows unlimited memory access

by Hilbert Hagedoorn on: 03/04/2019 09:53 AM | source: lightbluetouchpaper | 17 comment(s)
Vulnerability in Thunderbolt allows unlimited memory access

A big Vulnerability in Thunderbolt has surfaced, the researches call it Thunderclap (Vulnerability these days need to have a fancy name for some sort of reason). The vulnerability allows direct memory access attacks, or simply DMA attacks, to be carried out, which ensure that an attacker has unrestricted access to the memory.

Thunderbolt peripherals and accessories are effectively considered to be trusted components of a computer, complete with direct memory access that can bypass operating system security policies, according to security researcher Theo Markettos. Thunderbolt offers devices "more privilege than regular USB devices," giving them more freedom and access to potentially sensitive information.

The researchers say that most modern laptops, as well as a number of desktop computers, are susceptible to being vulnerable to Thunderclap-based attacks which can be carried out either with specially built malicious peripheral devices or common devices such as projectors or chargers that have been altered to automatically attack the host they are connected to.  Even though most vendors have implemented Input-Output Memory Management Units (IOMMUs) designed to provide memory protection for DMA and block all memory access from unrecognized devices altogether.

In collaboration with the research team, OS vendors have also added Thunderclap mitigation measures to their platforms starting with 2016 but the measures are not 100% effective and security flaws still impact systems protected using IOMMU.

Thunderclap affects basically all operating systems—the researchers call out macOS, Windows, Linux, and FreeBSD—and all Macs released since 2011 other than the 12-inch MacBook, which has only USB-C. 

The researchers have published their finding here in this PDF.



Vulnerability in Thunderbolt allows unlimited memory access




« Microsoft to stop to support its Fitness Band and Health Dashboard apps in May · Vulnerability in Thunderbolt allows unlimited memory access · Video card sales again dropped compared to last year »

Related Stories

Hackers Exploit Chromecast UPnP Router Vulnerability on Smart TVs - 01/03/2019 10:19 AM
Funny story really, Swedish video-game vlogger PewDiePie got some unexpected help boosting subscription numbers when hackers took over Chromecast devices to promote his channel....

Asus Aura Sync and Gigabyte Xtreme Software contain vulnerabilities - 12/20/2018 06:43 PM
A security company called SecureAuth shares word that that two drivers from Asus and also two from Gigabyte contain vulnerabilities. The drivers come bundled with tools that companies provide for moth...

Vulnerability: Logitech Options users should uninstall immediately (updated) - 12/14/2018 09:41 AM
A researcher from Google’s Project Zero discovered a critical vulnerability in the software for Logitech keyboards and mouses. As a workaround, Logitech Options users should uninstall the s...

Microsoft patches actively exploited leak and 61 other vulnerabilities - 11/15/2018 09:50 AM
Last Tuesday Microsoft rolled out a new series of patches, one of them was an actively exploited leak in Windows, an attacker with access to the system could elevate his privileges. In total, Microsof...

Microsoft patches 50 vulnerabilities incl a Zero Day Issue - 10/11/2018 09:00 AM
It was patch Tuesday yesterday and if you have not done so, you should grab that update alright as Microsoft addressed 50 vulnerabilities including a zero-day vulnerability....


4 pages 1 2 3 4


longest
Member



Posts: 31
Joined: 2018-05-29

#5645985 Posted on: 03/04/2019 12:38 PM
hot take: nobody uses thunderbolt devices. less than 0.01% of pc users and less than 0.5% of mac users. thunderbolt is pcie, what did they expect? this has also been discovered years ago, why is it a thing again?

DeskStar
Senior Member



Posts: 1307
Joined: 2011-01-11

#5646032 Posted on: 03/04/2019 03:17 PM
hot take: nobody uses thunderbolt devices. less than 0.01% of pc users and less than 0.5% of mac users. thunderbolt is pcie, what did they expect? this has also been discovered years ago, why is it a thing again?


I personally never heard of it, so I'm glad it was spoken up about again.

Hardware vulnerabilities are a big thing these days and I truly never thought it would be this bad. Software is what i always thought was the mess up, but i guess even after the bios' being corrupted/attacked years ago it was only a matter of time.

longest
Member



Posts: 31
Joined: 2018-05-29

#5646041 Posted on: 03/04/2019 03:59 PM
I personally never heard of it

https://en.wikipedia.org/wiki/DMA-attack

reix2x
Senior Member



Posts: 654
Joined: 2010-01-20

#5646049 Posted on: 03/04/2019 04:29 PM
if i have to chose a diabolic device, that red diabolic card looks the best!

schmidtbag
Senior Member



Posts: 7255
Joined: 2012-11-10

#5646057 Posted on: 03/04/2019 04:44 PM
With USB C becoming more common, TB is kinda obsolete these days anyway. I'm sure TB has better latency but not enough to be worth the vulnerabilities.

4 pages 1 2 3 4


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2023