Thunderclap leak makes Thunderbolt computers vulnerable to attacks

A team of researchers has discovered a new vulnerability in Thunderbolt’s data transfer specification. The vulnerability is called Thunderclap and can open up computers to serious attacks from otherwise harmless USB-C or DisplayPort hardware.

Thunderclap uses the privileged, direct memory access (DMA) that Thunderbolt accessories get to access the device, explains researcher Theo Markettos to The Verge. Unless proper security is in place, hackers can use that access to steal data, track files, and execute rogue code.

It is the type of operating system level access that hardware such as GPUs and network cards normally get. Thunderbolt is designed to replicate those features externally, requiring the same level of access. However, its external nature makes it more vulnerable to attack. It’s easier to put a rogue device in a port than to break open someone’s computer and add a hacked GPU.

The Thunderclap vulnerability is not unique to Thunderbolt 3. Older Thunderbolt devices based on DisplayPort instead of USB-C are also at risk in theory.

2016

The vulnerability was discovered in 2016 by Markettos and his team. They have already passed the vulnerability on to manufacturers who have developed solutions. That same year, Apple rolled out a solution for a specific part of the error in macOS 10.12.4, and Macs that received the most recent update are protected against the attack. Windows 10 version 1803 also protects on a firmware level against vulnerability to newer devices.

However, most users will not encounter such an attack. But it does show that it is good to be careful with the things that are plugged into a computer. It also shows that even the best standards are not perfect, not even on the high-end side of the industry where Thunderbolt is located.