Thunderbolt Security Flaw in Intel Chips Affects Compatible Macs and PCs [Update]
Security flaws in Intel's Thunderbolt 3 chips reportedly affect Macs that were released between 2011-2020 with compatible ports, as well as Windows and Linux PCs. The flaws can theoretically give an attacker complete access to a machine, even if it locked or encrypted, as it can bypass Secure Boot, BIOS, operating system, and disk encryption.
The flaws have been detailed in a report by security researcher Björn Ruytenberg. The report details 7 disclosed vulnerabilities that affect Thunderbolt 3 security:
- Inadequate firmware verification schemes
- Weak device authentication scheme
- Use of unauthenticated device metadata
- Backwards compatibility with legacy protocol versions
- Use of unauthenticated controller configurations
- SPI flash interface deficiencies
- No Thunderbolt security on Boot Camp
Later in the report, nine practical exploitation scenarios are also explained, which demonstrate how the vulnerabilities work with different levels of security. These attacks require physical access to the computer and a device that fools the machine into thinking that it is a legitimate Thunderbolt accessory.
Finally, we present nine practical exploitation scenarios. Given an “evil maid” threat model and varying Security Levels, we demonstrate the ability to create arbitrary Thunderbolt device identities, clone user-authorized Thunderbolt devices, and finally obtain PCIe connectivity to perform DMA attacks. In addition, we show unauthenticated overriding of Security Level configurations, including the ability to disable Thunderbolt security entirely, and restoring Thunderbolt connectivity if the system is restricted to exclusively passing through USB and/or DisplayPort. We conclude this report by demonstrating the ability to permanently disable Thunderbolt security and block all future firmware updates.
With physical access to a computer, it can be hacked in just 5 minutes, as demonstrated by Björn Ruytenberg in a video:
With Windows on Bootmcap, Macs are completely vulnerable, however, macOS has some security measures that leave them only party affected.
MacOS employs (i) an Apple-curated whitelist in place of Security Levels, and (ii) IOMMU virtualization when hardware and driver support is available. Vulnerabilities 2–3 enable bypassing the first protection measure, and fully compromising authenticity of Thunderbolt device metadata in MacOS “System Information”. However, the second protection measure remains functioning and hence prevents any further impact on victim system security via DMA. The system becomes vulnerable to attacks similar to BadUSB. Therefore, MacOS is partially affected.
There is no way to tell if a system has actually been attacked using these vulnerabilities as the attach methods leave no trace. Björn Ruytenberg has created a tool called Spycheck for Windows and Linux, which can check if your machine is vulnerable to the flaws. He advises that the best defense right now is to disable Thunderbolt from your computer's BIOS, enable encryption and turn it off when not in use.
The worst thing about these vulnerabilities is that these are hardware flaws related to Intel's Thunderbolt chips, which means that a software upgrade cannot entirely fix them. Intel is aware of these issues, and has written in a blog post that software updates introduced last year for Windows, Linux and macOS had protections against these attacks and researches had confirmed that Direct Memory Access attacks were not successful after these updates.
In the report, they discussed issues related to invasive physical attacks on Thunderbolt™ hosts and devices. While the underlying vulnerability is not new and was addressed in operating system releases last year, the researchers demonstrated new potential physical attack vectors using a customized peripheral device on systems that did not have these mitigations enabled.
In 2019, major operating systems implemented Kernel Direct Memory Access (DMA) protection to mitigate against attacks such as these. This includes Windows (Windows 10 1803 RS4 and later), Linux (kernel 5.x and later), and MacOS (MacOS 10.12.4 and later). The researchers did not demonstrate successful DMA attacks against systems with these mitigations enabled.
You can read the full report here.
via The Verge
Update: Apple directed us to a talk given at Black Hat 2019 which shows that macOS is not affected by these Thunderbolt related Direct Memory Access vulnerabilities, which rely on physical accessories to directly read and write to the memory. Check out the timestamped video below where the Ivan Krstić, Head of Security Engineering and Architecture at Apple, goes into a deep dive into how macOS protects against such attacks.