New Thunderbolt Flaws Disclosed to IntelBut Attacks Would Require Physical Access to a Computer
A Dutch researcher has shown how it would be possible to unlock a password-protected Windows computer in about five minutes by exploiting vulnerabilities in Intel’s Thunderbolt hardware controller, which is used for connecting peripherals.
The research, dubbed Thunderspy, outlines how in scenarios involving physical access to a computer or its trusted peripherals – an Evil Maid attack – someone could turn off security protections built into Thunderbolt. That could allow for direct memory access and complete access to data, even if it is encrypted.
Bjorn Ruytenberg, a computer science master’s student at Eindhoven University of Technology in the Netherlands, writes in a paper that the attacks highlight shortcomings in how firmware for Thunderbolt is verified, weak device authentication schemes and backward compatibility issues with legacy protocols. Of the six vulnerabilities disclosed to Intel, three of them were new to the company, according to the Thunderspy research website.
Ruytenberg tells Wired that there’s no easy software fix for the flaws. The alternatives are disabling Thunderbolt altogether or making sure the computer is never left unattended.
“If your computer has such a port, an attacker who gets brief physical access to it can read and copy all your data, even if your drive is encrypted and your computer is locked or set to sleep,” the Thunderspy research website says. “Thunderspy is stealth, meaning that you cannot find any traces of the attack.”
Thunderspy adds to a growing list of attacks that exploit the ease with which some kinds of external peripherals, such as graphics cards and PCI devices, can get direct access to memory. That includes an issue revealed last year called Thunderclap, which found malicious peripherals could get access to memory (see: Dongle Danger: Operating Systems Don't Defend Memory).
The problems have been long-known, and as of last year, operating systems have incorporated new defenses. But that means most computers sold up until then could be vulnerable.
Still, the attack developed by Ruytenberg was viewed somewhat leerily by some security experts because physical access is required. Generally, computers are considered most vulnerable when left unattended, as access to ports or even more invasive access as shown by Ruytenberg gives attackers options not possible in remote-attack scenarios.
If you open your computer's case, it is already vulnerable to hacking, because no consumer x86 computer is secure under that threat model.— Hector Martin (@marcan42) May 11, 2020
Yes, this is another bullshit hyped attack with minimal practical consequence because under their threat model you are already pwned. https://t.co/TeII4unaoN
Ruytenberg responded by tweeting the attacks can also be accomplished without unscrewing the back cover and attaching malicious devices.
Resetting Security Levels
In a video, Ruytenberg shows one version of the attack against a Lenovo P1 ThinkPad released last year. The laptop is in sleep mode when the attack begins, and a password is required to unlock it.
He flips the laptop over and unscrews the back plate. He then attaches a Bus Pirate to the SPI (serial peripheral interface) flash on the laptop. The SPI flash contains the firmware for the Thunderbolt controller. He captures the firmware from the SPI flash and rewrites it with a custom tool called the Thunderbolt Controller Firmware Patcher, which can do that without access to BIOS or the OS.
The Thunderbolt controller was set to security level 1, a default level, Ruytenberg says. He patches it to security level 0, then writes it back to the SPI flash. Once the custom firmware is on the laptop, he screws the back plate back on.
He then attaches a Thunderbolt-based device to the laptop that delivers PCILeech, which is an exploitation tool designed to access system memory over PCIe. He then loads a kernel module in the laptop’s memory, which allows for bypassing the Windows lock screen. The laptop unlocks.
Intel: We Know Already
Intel acknowledged Ruytenberg’s research, writing in a blog post that he “demonstrated new potential physical attack vectors using a customized peripheral device on systems that did not have these mitigations enabled.” But it said that the underlying issues around Thunderbolt were already known.
Also, mitigations know as Kernel Direct Memory Access, or DMA, restrictions were put in place last year in Windows, macOS and Linux to prevent such encompassing access to direct memory, writes Jerry Bryant director of communications for Intel’s product assurance and security. Those protections were put in place in Windows 10 1803 RS4, the Linux 5.x kernel and MacOS version 10.12.4, Bryant writes.
“The researchers did not demonstrate successful DMA [direct memory access] attacks against systems with these mitigations enabled,” Bryant writes.
But that means many systems made before last year could be vulnerable to this type of attack.