[MacTUG] USB-C Thunderbolt Vulnerability Revealed - The Mac Observer
Marlon A. Griffith
m3griffi at uwaterloo.ca
Thu Feb 28 10:16:11 EST 2019
"""
USB-C Ports, through which the Thunderbolt interface connects with a
computer, “offer very privileged, low-level, direct memory access
(DMA),” the researchers explained. This means that peripherals connected
by Thunderbolt have much more privilege than a standard USB device. The
researchers found the operating systems, had “very weak” defences
against “malicious DNA-enabled peripheral devices.” The Thunderbolt
device could access all network traffic, as well on occasion being able
to access keystrokes and framebuffer data.
MacOS has Input-Output Memory Management Unit Out the Box
The best defence against attacks via this method is an Input-Output
Memory Management Unit (IOMMU). In theory, this component will only give
devices access to the the memory they need to complete their task. The
problem was the operating systems investigated did not “use the IOMMU
effectively”.
...
The researchers called the vulnerability Thunderclap. ...
https://www.macobserver.com/news/usb-c-thunderbolt-vulnerability-revealed/
"""
More information about the MacTUG
mailing list