“Thunderclap” Flaws Expose Computers to Attacks via Peripheral Devices (Feb 27, 2019)
A new attack vector dubbed, “Thunderclap,” has been discovered to affect the “Thunderbolt” hardware interface that was created by Apple and Intel “for connecting peripheral devices to a computer.” Thunderclap requires physical access to a machine. The attack vector exploit multiple vulnerabilities that affect Apple and Intel products as well as devices and machines compatible with Thunderbolt 3 because it often supports USB Type-C ports which could expose Windows and Linux machines to Thunderclap. An actor could attach a variety of devices to the target machine via the Thunderbolt port and gain Direct Memory Access (DMA via that connection. From there the attached device would be able to have read and write access “to all system memory without oversight from the operating system.” Windows and macOS have released updates in their recent operating systems releases (macOS 10.12.4, Windows 10) that are believed to address the more serious vulnerabilities associated with Thunderclap
Recommendation: This story depicts the importance of safeguarding personal and professional machines that have access to Personally Identifiable Information (PII) and financial information. It is important to not leave your work machine in an active state if you are not close by, and maintain software updates that fix vulnerabilities that are reported on in public sources to avoid potential malicious activity.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.