• Home
  • News
  • Thunderbolt Security Flaws Discovered – Affect Macs Shipped 2011-2020 (UPDATED)

Thunderbolt Security Flaws Discovered – Affect Macs Shipped 2011-2020 (UPDATED)

Thunderbolt Security Flaws Discovered – Affect Macs Shipped 2011-2020 (UPDATED)

Updated: Comment from Intel Added at the End.

Seven serious Thunderbolt security flaws have been discovered that affect Macs with both standalone Thunderbolt ports and those that use Thunderbolt-compatible USB-C ports used on modern Macs.

The vulnerabilities, which are present in all machines with Thunderbolt/Thunderbolt-compatible USB-C ports shipped between 2011 and 2020, allow an attacker to access data even when the machine is locked and even when the machine’s hard drive is encrypted.

Security researcher Björn Ruytenberg discovered seven vulnerabilities in Intel’s Thunderbolt chips, and nine ways to exploit them.

  1. Inadequate firmware verification schemes
  2. Weak device authentication scheme
  3. Use of unauthenticated device metadata
  4. Downgrade attack using backwards compatibility
  5. Use of unauthenticated controller configurations
  6. SPI flash interface deficiencies
  7. No Thunderbolt security on Boot Camp

Users cannot tell when a machine has been compromised.

Thunderspy is stealth, meaning that you cannot find any traces of the attack. It does not require your involvement, i.e., there is no phishing link or malicious piece of hardware that the attacker tricks you into using. Thunderspy works even if you follow best security practices by locking or suspending your computer when leaving briefly, and if your system administrator has set up the device with Secure Boot, strong BIOS and operating system account passwords, and enabled full disk encryption. All the attacker needs is 5 minutes alone with the computer, a screwdriver, and some easily portable hardware.

These vulnerabilities lead to nine practical exploitation scenarios. In an evil maid threat model and varying Security Levels, we demonstrate the ability to create arbitrary Thunderbolt device identities, clone user-authorized Thunderbolt devices, and finally obtain PCIe connectivity to perform DMA attacks. In addition, we show unauthenticated overriding of Security Level configurations, including the ability to disable Thunderbolt security entirely, and restoring Thunderbolt connectivity if the system is restricted to exclusively passing through USB and/or DisplayPort. We conclude with demonstrating the ability to permanently disable Thunderbolt security and block all future firmware updates.

Macs running Bootcamp are fully vulnerable to all of the Thunderbolt security flaws, and they are “partly affected” when running macOS.

MacOS employs (i) an Apple-curated whitelist in place of Security Levels, and (ii) IOMMU virtualization when hardware and driver support is available. Vulnerabilities 2–3 enable bypassing the first protection measure, and fully compromising authenticity of Thunderbolt device metadata in MacOS “System Information”. However, the second protection measure remains functioning and hence prevents any further impact on victim system security via DMA. The system becomes vulnerable to attacks similar to BadUSB. Therefore, MacOS is partially affected.

While Ruytenberg has informed both Intel and Apple of his discoveries, the security flaws are present in the controller chips, meaning there is no way to fix the security holes via a software update.

Ruytenberg’s document discusses how the exploits can be pulled off. The document is available here.

Intel commented:

“This attack could not be successfully demonstrated on systems with Kernel DMA protection enabled. As always, we encourage everyone to follow good security practices, including preventing unauthorized physical access to computers.”

For more information on Intel’s comments, visit the Intel blog.

(Via 9to5Mac)

  1. 564263 101206Depending on yourself to make the decisions can genuinely be upsetting and frustrating. It takes years to build confidence. Frankly it takes more than just happening to happen. 296238

  2. 941468 405488Utterly composed topic material , thanks for selective information . 925711

  3. 53738 970764Youd outstanding guidelines there. I did a search about the field and identified that really likely the majority will agree together with your internet page. 339209

  4. 16944 678735A persons Are usually Weight loss is definitely a practical and flexible an eating strategy method manufactured for those that suffer that want to weight loss and therefore ultimately conserve a significantly a lot more culture. weight loss 720062

  5. 608905 270595very nice put up, i certainly enjoy this internet web site, carry on it 816279

  6. 709503 761845genuinely very good post, i certainly love this web site, keep on it 516039

  7. 545596 5952Just added this blog to my favorites. I enjoy reading your blogs and hope you keep them coming! 80869

  8. ip booter says:

    155810 240384Extremely interesting subject , appreciate it for posting . 374234

  9. betmate says:

    에볼루션접속 먹튀검증 안전노리터 go

Leave a Reply

Your email address will not be published.