Thunderclap vulnerability allows hackers to attack PCs using Thunderbolt/USB-C peripherals
A team of researchers announced a new vulnerability, Thunderclap, affecting all major platforms, including MacOS and Windows. This vulnerability affects all devices that use the Thunderbolt interface and allows hackers to hack into the PC by plugging random stuff into your computer. A team of researchers has revealed a new security vulnerability in the Thunderbolt data transfer specification called “Thunderclap” that could leave computers open to serious attacks from otherwise innocuous USB-C or DisplayPort hardware.
Related papers were presented at the Network and Distributed Systems Security Symposium in San Diego, California. It describes a set of vulnerabilities in macOS, freebsd, and Linux that “Thunderclap takes advantage of the privileged, direct-memory access (DMA) that Thunderbolt accessories are granted to gain access to the target device. Unless proper protections are put in place, hackers can use that access to steal data, track files, and run malicious code.”
According to the paper, most modern computers are affected by this problem, including the Thunderbolt 3 computer via USB-C port, the old Thunderbolt computer via the Mini DisplayPort, and all Apple laptops produced since 2011. Windows or Linux laptops and some desktops that support Thunderbolt since 2016 are also affected.
Currently, the best way to protect against this vulnerability is to ensure that all Thunderbolt ports are disabled and do not share hardware, such as chargers, as they may be changed to target devices.
Via: theverge