[ FEB 27, 2019 ]
Attackers can compromise an unattended machine in a matter of seconds through devices such as chargers and docking stations.
Vulnerabilities were found in computers with Thunderbolt ports running Windows, macOS, Linux and FreeBSD. Many modern laptops and an increasing number of desktops are susceptible.
The researchers, from the University of Cambridge and Rice University, exposed the vulnerabilities through Thunderclap, an open-source platform they have created to study the security of computer peripherals and their interactions with operating systems. It can be plugged into computers using a USB-C port that supports the Thunderbolt interface and allows the researchers to investigate techniques available to attackers. They found that potential attacks could take complete control of the target computer.
Computer peripherals such as network cards and graphics processing units have direct memory access (DMA), which allows them to bypass operating system security policies. DMA attacks abusing this access have been widely employed to take control of and extract sensitive data from target machines.
Cyber Security Tips :
- It is essential that users install security updates provided by Apple, Microsoft and others to be protected against the specific vulnerabilities.
- Users should not connect devices they do not know the origin of or do not trust.