Security Week 20: hacking a computer through Thunderbolt

For a long time in our digest there were no provocative studies about hardware vulnerabilities. Dutch researcher Bjorn Rutenberg found seven holes in Thunderbolt controllers ( project site , scientific work, review article in Wired). One way or another, all vulnerabilities allow you to bypass key computer and laptop protection systems if you manage to get physical access to it. In general, you will need to disassemble the device in order to access the flash memory chip with the Thunderbolt controller firmware. Changing the firmware removes all security levels and makes it possible to directly access RAM from an arbitrary external device.

Vulnerabilities are affected by all computers with a Thunderbolt controller released before 2019. Last year, Intel, the main interface developer, implemented the Kernel DMA Protection method, which makes an attack impossible. The introduction of this layer of protection requires hardware changes and is therefore only available in devices released recently, and not all.

The researcher did not find fresh Dell laptops with Kernel DMA Protection, although Lenovo and HP laptops that were also released last year use this system. The potential damage from any vulnerabilities that require physical access to the hardware is small, but the story has developed (not very) beautiful. After all, it cannot be said that until 2019 Thunderbolt protection systems were not in the devices. Ryutenberg's work showed that they do not always work.


The author of the study shows the attack algorithm in the video above: in just five minutes, Ryutenberg managed to bypass the Windows lock screen. In reality, you can do it even faster: an attacker does not need to take pictures of himself and give explanations.

On a Lenovo ThinkPad P1 laptop, the researcher reflash the Thunderbolt controller, lowering the level of security. There are only four of them: in SL3 mode, in principle, direct access of external devices to RAM is impossible. SL1 mode is used by default on most laptops and turns on DMA after authorization. Re-flashing the controller resets the settings to SL0 - in this mode, all devices have access to memory without authorization.

Does the controller verify the authenticity of its own firmware? Yes, it checks - but only when updating the software using regular methods, for example, by sending updates to the manufacturer. Direct firmware chip SPI flash programmer is not detected. The most interesting thing is that with such firmware it is possible to block further updates, making the computer permanently vulnerable.

The attack is possible due to a forced reset of the security level, as well as a number of other omissions in the protection of Thunderbolt - for example, in the form of mandatory compatibility of Thunderbolt 3 controllers with the previous version of the interface, where there are no more serious protection methods. And on Apple laptops, SL0 mode is forced, if you use the Bootcamp function to boot Windows or Linux - you don’t even need to flash anything. On the project’s website, the author posted the code of the attack tools, as well as a utility for checking the computer with Thunderbolt.

Is this a dangerous vulnerability? In general, not very: in Windows and consumer software regularly find local problems with privilege escalation, sometimes providing a similar result without using a soldering iron . But the attack turned out beautiful, in the style of James Bond films. In the proof-of-concept, the researcher uses a rather cumbersome design to connect to a computer, but if you have the means and desire, you can also make a miniature device, a kind of programmer with notes of espionage.

The work was subjected to the expected criticism: if you reflash the iron, you can do anything with it at all. Yes, but such studies are often limited to a theoretical description of vulnerabilities, and a practical attack is shown here. Countermeasures against such hacking will also be found, up to the flooding of ports and microcircuits with epoxy resin. But in an ideal world there should be no loopholes for such a simple flashing of the device. One can argue about the justification of additional security methods, but they exist and are applied. Just not in this case.

What else happened

Microsoft's GitHub account was probably hacked . 500 gigabytes of data were stolen, but it is not yet clear what the consequences will be. The gigabyte sample posted by crackers does not shine with quality and does not even really confirm that it was Microsoft that was hacked. Another major leak occurred at the GoDaddy registrar - the data on 28 thousand customers was stolen.

The Black Hat and DEF CON conferences, traditionally held in the USA in August, will be canceled this year but will be held online.

Zoom has acquired Keybase, a cryptographic startup. The first takeover in the company's history was made to implement end-to-end encryption of web conferencing.

The next set of patches for the Android platform closesSeveral serious vulnerabilities in the Media Framework. One of them can be used to remotely execute arbitrary code.

The company Pen Test Partners investigated the algorithm of the TCAS system, which prevents the dangerous approach of aircraft. And they showed an example of an attack involving the introduction of radio, as well as the creation of a non-existent object. In theory, it is possible to force pilots to make maneuvers that pose a real security risk in an attempt to avoid a collision with a “virtual” aircraft.