Endpoint Security , Governance & Risk Management , Hardware / Chip-level Security

New Thunderbolt Flaws Disclosed to Intel

But Attacks Would Require Physical Access to a Computer
New Thunderbolt Flaws Disclosed to Intel
Researcher Bjorn Ruytenberg taps into the SPI flash for a Thunderbolt controller, showing one way to get direct access to a computer's memory. (Source: YouTube)

A Dutch researcher has shown how it would be possible to unlock a password-protected Windows computer in about five minutes by exploiting vulnerabilities in Intel's Thunderbolt hardware controller, which is used for connecting peripherals.

See Also: How To Cut Through The Web Of Insurance Fraud

The research, dubbed Thunderspy, outlines how in scenarios involving physical access to a computer or its trusted peripherals - an Evil Maid attack - someone could turn off security protections built into Thunderbolt. That could allow for direct memory access and complete access to data, even if it is encrypted.

Bjorn Ruytenberg, a computer science master's student at Eindhoven University of Technology in the Netherlands, writes in a paper that the attacks highlight shortcomings in how firmware for Thunderbolt is verified, weak device authentication schemes and backward compatibility issues with legacy protocols. Of the six vulnerabilities disclosed to Intel, three of them were new to the company, according to the Thunderspy research website.

Ruytenberg's research paper

Ruytenberg tells Wired that there's no easy software fix for the flaws. The alternatives are disabling Thunderbolt altogether or making sure the computer is never left unattended.

"If your computer has such a port, an attacker who gets brief physical access to it can read and copy all your data, even if your drive is encrypted and your computer is locked or set to sleep," the Thunderspy research website says. "Thunderspy is stealth, meaning that you cannot find any traces of the attack."

Thunderspy adds to a growing list of attacks that exploit the ease with which some kinds of external peripherals, such as graphics cards and PCI devices, can get direct access to memory. That includes an issue revealed last year called Thunderclap, which found malicious peripherals could get access to memory (see: Dongle Danger: Operating Systems Don't Defend Memory).

The problems have been long-known, and as of last year, operating systems have incorporated new defenses. But that means most computers sold up until then could be vulnerable.

Still, the attack developed by Ruytenberg was viewed somewhat leerily by some security experts because physical access is required. Generally, computers are considered most vulnerable when left unattended, as access to ports or even more invasive access as shown by Ruytenberg gives attackers options not possible in remote-attack scenarios.

Ruytenberg responded by tweeting the attacks can also be accomplished without unscrewing the back cover and attaching malicious devices.

Resetting Security Levels

In a video, Ruytenberg shows one version of the attack against a Lenovo P1 ThinkPad released last year. The laptop is in sleep mode when the attack begins, and a password is required to unlock it.

He flips the laptop over and unscrews the back plate. He then attaches a Bus Pirate to the SPI (serial peripheral interface) flash on the laptop. The SPI flash contains the firmware for the Thunderbolt controller. He captures the firmware from the SPI flash and rewrites it with a custom tool called the Thunderbolt Controller Firmware Patcher, which can do that without access to BIOS or the OS.

A demo video shows one method for exploiting Thunderbolt hardware controllers.

The Thunderbolt controller was set to security level 1, a default level, Ruytenberg says. He patches it to security level 0, then writes it back to the SPI flash. Once the custom firmware is on the laptop, he screws the back plate back on.

He then attaches a Thunderbolt-based device to the laptop that delivers PCILeech, which is an exploitation tool designed to access system memory over PCIe. He then loads a kernel module in the laptop's memory, which allows for bypassing the Windows lock screen. The laptop unlocks.

Intel: We Know Already

Intel acknowledged Ruytenberg's research, writing in a blog post that he "demonstrated new potential physical attack vectors using a customized peripheral device on systems that did not have these mitigations enabled." But it said that the underlying issues around Thunderbolt were already known.

Also, mitigations know as Kernel Direct Memory Access, or DMA, restrictions were put in place last year in Windows, macOS and Linux to prevent such encompassing access to direct memory, writes Jerry Bryant director of communications for Intel's product assurance and security. Those protections were put in place in Windows 10 1803 RS4, the Linux 5.x kernel and MacOS version 10.12.4, Bryant writes.

"The researchers did not demonstrate successful DMA [direct memory access] attacks against systems with these mitigations enabled," Bryant writes.

But that means many systems made before last year could be vulnerable to this type of attack.


About the Author

Jeremy Kirk

Jeremy Kirk

Managing Editor, Security and Technology, ISMG

Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.