hot take: nobody uses thunderbolt devices. less than 0.01% of pc users and less than 0.5% of mac users. thunderbolt is pcie, what did they expect? this has also been discovered years ago, why is it a thing again?

longest:

hot take: nobody uses thunderbolt devices. less than 0.01% of pc users and less than 0.5% of mac users. thunderbolt is pcie, what did they expect? this has also been discovered years ago, why is it a thing again?

I personally never heard of it, so I'm glad it was spoken up about again. Hardware vulnerabilities are a big thing these days and I truly never thought it would be this bad. Software is what i always thought was the mess up, but i guess even after the bios' being corrupted/attacked years ago it was only a matter of time.

DeskStar:

I personally never heard of it

https://en.wikipedia.org/wiki/DMA_attack

if i have to chose a diabolic device, that red diabolic card looks the best!

With USB C becoming more common, TB is kinda obsolete these days anyway. I'm sure TB has better latency but not enough to be worth the vulnerabilities.

schmidtbag:

With USB C becoming more common, TB is kinda obsolete these days anyway. I'm sure TB has better latency but not enough to be worth the vulnerabilities.

might as well throw your video card away since it has direct memory access and a supposed MALICIOUS driver could steal all your info. you have to plug in an extremely shady device to have anything like that happen.

longest:

might as well throw your video card away since it has direct memory access and a supposed MALICIOUS driver could steal all your info. you have to plug in an extremely shady device to have anything like that happen.

Not really a good comparison. GPUs are output devices only. TB is an I/O interface.

Didnt FireWire had the same problem?

breaking news there are flaws in human brains "hw" that allows others to control our minds and what we remember and what we dont. Where is the outlash from this and fix for it??!! :D Old news recycled as new news

schmidtbag:

Not really a good comparison. GPUs are output devices only. TB is an I/O interface.

Wat (Thunderbolt is pcie, gpus do writes and reads memory from system memory via pcie. They are not output only, they are accelerator boards, they can process data given to them and give back results )

user1:

Wat (Thunderbolt is pcie, gpus do writes and reads memory from system memory via pcie. They are not output only, they are accelerator boards, they can process data given to them and give back results )

I understand all of that, but my point is GPUs don't acquire data from external sources; they depend on the CPU to feed them data. In other words, if someone is going to hack your system memory, they need CPU access first, in which case you don't need the GPU at all. In other words, that's kind of like trying to breach the security of a house when you're already inside it.

schmidtbag:

I understand all of that, but my point is GPUs don't acquire data from external sources; they depend on the CPU to feed them data. In other words, if someone is going to hack your system memory, they need CPU access first, in which case you don't need the GPU at all. In other words, that's kind of like trying to breach the security of a house when you're already inside it.

you do realize that if you were able to put a malicious payload into a gpu and execute it (you load data into the gpu everytime you do anything with hw aceleration, whether thats a game or a webrowser) , the gpu would be able to read all of the system memory , it breaks the sandbox, You dont need explicit cpu access for this type of thing to be exploited. Easy to break into the house if you let people inside first lol. edit: point is the gpu is a perfectly fine example to use, if not the most likely pcie device to be exploited

user1:

you do realize that if you were able to put a malicious payload into a gpu and execute it (you load data into the gpu everytime you do anything with hw aceleration, whether thats a game or a webrowser) , the gpu would be able to read all of the system memory , it breaks the sandbox, You dont need explicit cpu access for this type of thing to be exploited.

Supposing the GPU can actually access all system memory (or, to give you the benefit of the doubt, manage to modify the system RAM without the CPU knowing), how exactly is the hacker supposed to get that information without the CPU? As far as I'm concerned, the GPU has no ability to directly talk to any other peripheral, most importantly, a NIC. Therefore, the CPU still must be involved for the hacker to succeed, at which point, their efforts can still be detected. It doesn't matter how much the GPU can do on it's own, it can't be 100% independent. Sure, using a GPU in this very difficult manner would dramatically decrease your chances of detection vs accomplishing your goal strictly through CPU, but...:

Easy to break into the house if you let people inside first lol.

Doesn't really change my point: if you already have enough system access to break into the GPU in the first place, you might as well use your time wisely and skip it altogether. Compiling your program and sending data over the PCIe bus wastes too much time.

edit: point is the gpu is a perfectly fine example to use, if not the most likely pcie device to be exploited

A GPU is a stretch of a worst-case scenario.

schmidtbag:

You really couldn't be bothered to think one step ahead? Supposing the GPU can actually access all system memory (or, to give you the benefit of the doubt, manage to modify the system RAM without the CPU knowing), how exactly is the hacker supposed to get that information without the CPU? As far as I'm concerned, the GPU has no ability to directly talk to any other peripheral, most importantly, a NIC. Therefore, the CPU still must be involved for the hacker to succeed, at which point, their efforts can still be detected. It doesn't matter how much the GPU can do on it's own, it can't be 100% independent. Sure, using a GPU in this very difficult manner would dramatically decrease your chances of detection vs accomplishing your goal strictly through CPU, but...: Doesn't really change my point: if you already have enough system access to break into the GPU in the first place, you might as well use your time wisely and skip it altogether. Compiling your program and sending data over the PCIe bus wastes too much time. A GPU is a stretch of a worst-case scenario.

There are reasons why chrome black lists certain gpu drivers from hw acceleration, privilege escalation is one of them ( there are many documented CVEs on this matter). this DMA exploit is an attack vector for gaining access to system memory. It is not a stretch. The senario is, you load a webpage, it uses hwaceleration for something(say webgl for instance) it loads a malicious program into your gpu, now this alone doesn't mean your data is at risk, since the gpu is supposed to be a box on its own, but with the dma exploit , it can now read and write system memory, which has the potential to allow you to escalate your attack. that is far more likely to take place than malicious thunderbolt dongles IMO, that type of thing is for targeted attacks(like stealing company data). the risk to the average user is minimal, compared to a gpu based attack. If your computer loads a webpage, it is executing code from outside of your computer, that is why it is pointless to say that "you need to have system access" you expose your computer to javascript and other modes of execution from external sources every day. what makes your computer "safe" is execution privileges, userland code is not supposed to be able to access all of your memory, and this dma expoit breaks part of the trust, which is why it creates risk.

user1:

There are reasons why chrome black lists certain gpu drivers from hw acceleration, privilege escalation is one of them ( there are many documented CVEs on this matter). this DMA exploit is an attack vector for gaining access to system memory. It is not a stretch. The senario is, you load a webpage, it uses hwaceleration for something(say webgl for instance) it loads a malicious program into your gpu, now this alone doesn't mean your data is at risk, since the gpu is supposed to be a box on its own, but with the dma exploit , it can now read and write system memory, which has the potential to allow you to escalate your attack. that is far more likely to take place than malicious thunderbolt dongles IMO, that type of thing is for targeted attacks(like stealing company data). the risk to the average user is minimal, compared to a gpu based attack. If your computer loads a webpage, it is executing code from outside of your computer, that is why it is pointless to say that "you need to have system access" you expose your computer to javascript and other modes of execution from external sources every day. what makes your computer "safe" is execution privileges, userland code is not supposed to be able to access all of your memory, and this dma expoit breaks part of the trust, which is why it creates risk.

I must be too used to being a Linux user because I otherwise don't know where the DMA exploit would come from. That being said, I'm guessing this is mostly a Windows issue? I have a hard time believing Chrome devs could let something like that slip by so easily and for so long where their solution is to just blacklist something, because as you said, userland code shouldn't have full DMA. That being said, if a DMA exploit is involved, really anything can go. Like why stop with the GPU? Might as well go full spectre and meltdown. As a side note, to my understanding, Linux GPU drivers are blacklisted in Chrome due to apparent functionality issues, rather than security, but I digress.

schmidtbag:

I must be too used to being a Linux user because I otherwise don't know where the DMA exploit would come from. That being said, I'm guessing this is mostly a Windows issue? I have a hard time believing Chrome devs could let something like that slip by so easily and for so long where their solution is to just blacklist something, because as you said, userland code shouldn't have full DMA. That being said, if a DMA exploit is involved, really anything can go. Like why stop with the GPU? Might as well go full spectre and meltdown. As a side note, to my understanding, Linux GPU drivers are blacklisted in Chrome due to apparent functionality issues, rather than security, but I digress.

chrome blacklists drivers until the drivers are fixed usually, on nvidia's side there have been many CVEs to do with hardwareacceleration, I would assume since nvidia uses a proprietary binary on linux, that it would also apply there. here you can take a look at CVEs for web gl, https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=webgl&search_type=all, and CVE's for nvidia's driver https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=nvidia&search_type=all , GPUs have a large attack surface. also i will include this https://www.cs.utexas.edu/users/witchel/pubs/zhu17gpgpu-security.pdf This is also a good source for a more technical understanding as to what is going on internally in the context of security in regards to gpus