A new vulnerability was revealed to the world at the 2019 NDSS security conference. It’s a grim one with the potential to impact FreeBSD, Linux, Windows, and Mac systems worldwide.
Dubbed ‘Thunderclap,’ the flaw can be exploited to impact the way that Thunderbolt-based peripherals connect and interact with a target system.
If you’re not familiar with Thunderbolt, it’s a hardware interface jointly designed by Intel and Apple that allows users to connect peripherals like chargers, keyboards, and video projectors (and the like) to computers. The interface was originally available only in the Apple ecosystem, but subsequent generations of Thunderbolt expanded its reach. These days, Thunderbolt has hooks in every major OS in use today.
At a high level, Thunderclap is nothing more than a union of various security flaws found in the interface. The main flaw stems from the fact that OS’s tend to implicitly trust any newly connected device, granting it access to all system memory. A hacker attacking a system using this exploit can even bypass a system’s IOMMU (Input-Output Memory Management Unit), which is specifically designed to counter such threats.
Research conducted jointly at the University of Cambridge, SRI International, and Rice University discovered Thunderclap in late 2016. They have been quietly sounding the alarm since. Unfortunately, the companies that design and sell operating systems have been slow to act, in a classic case of passing the buck. The most common reason for failing to act is that the OS vendors say the responsibility lies on the peripheral side and vice versa.
The issue is finally getting the attention it deserves, but to date, none of the OS development companies have published a timeframe for when they’ll be issuing a patch to cover the security flaw. Until that happens, the best thing you can do is disable Thunderbolt ports via your system’s BIOS.