Many modern laptops and a large number of desktops are vulnerable to hacking, through common plug-in devices like a USB-drive or a graphics card, than previously thought, according to a new University of Cambridge research.
According to the research, that is to be presented today (26 February) at the Network and Distributed Systems Security Symposium in San Diego, attackers can compromise an un-attended machine in a matter of seconds through devices like chargers and docking stations.
Vulnerabilities were found in computers featuring Thunderbolt ports, running Windows, macOS, Linux, and FreeBSD.
The researchers at Cambridge University and Rice University exposed the vulnerabilities through Thunderclap–an open source programme created by them that helps in studying the security of computer peripherals and their interactions with operating systems. It can be plugged into a computer through USB-C port that supports the Thunderbolt interface and allows the researchers to investigate the techniques that are available to hackers. They found out that potential attacks can take control of the whole computer at the target.
The research, which is led by Dr. Theodore Markettos from Cambridge’s Department of Computer Science and Technology, states that in addition to plug-in devices like network and graphics cards, attacks can also be carried out using seemingly ordinary devices like a charger or a projector that correctly charge or project video but simultaneously compromise the computer.
Computer accessories like network and graphics cards have direct memory access(DMA), which makes them able to bypass the operating system security policies. DMA attacks using such technologies have been widely used by miscreants to take control of and extract sensitive data from target machines.
Current computer system feature input-output memory management units (IOMMUs) which disallow memory access to plug-in devices and only allow access to non-sensitive part of memory. Nevertheless, IOMMUs protection is frequently turned off in many systems and research shows that even if the protection is on, it is vulnerable to attacks.
“We have demonstrated that current IOMMU usage does not offer full protection and that there is still the potential for sophisticated attackers to do serious harm,” said Brett Gutstein, a Gates Cambridge Scholar, who is one of the research team.
The vulnerabilities were discovered in 2016 and the researchers have been working with companies like Apple, Intel, and Microsoft to address the security risks. Companies have started to implement fixes that counter some of the security risks uncovered by scientists: several vendors have released security updates in the last two years.
However, the research stats that solving general problems remains disadvantageous and the recent developments in technology such as the rise of hardware interconnects like Thunderbolt 3 that combine power input, video output and peripheral device DMA over the same port, have increased the threat further. The researchers are asking the technology companies to take further action regarding the subject, but also stress the need for individuals to be aware of the risk.
“It is essential that users install security updates provided by Apple, Microsoft, and others to be protected against the specific vulnerabilities we have reported,” said Markettos. “However, platforms remain insufficiently defended from malicious peripheral devices over Thunderbolt and users should not connect devices they do not know the origin of or do not trust.”