It is found that the new thunderbolt vulnerability can bypass the IOMMU protection system, and the attacker can control the connected machine through the combination of power supply, video and peripheral device DMA at the other end of the port, and then implant virus into the machine or carry out attacks in any situation.

Last week, a Xiaobian lost his data line. He thought it was too expensive to spend more than 100 yuan to buy a genuine one. So I went to the peddler and spent 9.9 to buy a Shanzhai data cable.



After that, I saw him often lying on his desk alone with a dull look. When I asked the reason, I only heard him say: “one cable paralyzed 20000 yuan of computers, which were all caused by the greed for cheap…”



You ask me how a data cable paralyzes a computer? You know, there’s nothing a trained hacker can’t do

A loophole, a thread, opens the door for the attacker to act recklessly

Not long ago, researchers from the Department of computer science and technology of Cambridge University, Rice University and Stanford International Research Institute found a new vulnerability called thunderclap, which can affect all devices using thunderbolt interface, and allow hackers to hack into PC through data line, affecting all mainstream operating systems including MacOS and windows.

Thunderbolt is a connector standard published by Intel. Its technology integrates PCI Express and DisplayPort communication protocols. PCI Express is used for data transmission and supports any type of device expansion; DisplayPort is used for display, which can synchronously transmit ultra high definition video and eight channel audio.

Since it was officially launched in 2012, security researchers have found that it has a series of vulnerabilities, which can be used by attackers to completely control the computer.

USB security cannot be guaranteed

Security researchers said: “the thunderbolt vulnerability exists in MacOS, FreeBSD and Linux, which nominally uses iommus to resist DMA attackers. This problem is related to the direct memory access enabled by thunderbolt, but the existing IOMMU protection system can not prevent this problem.”

It is found that the new thunderbolt vulnerability can bypass the IOMMU protection system, and the attacker can control the connected machine through the combination of power supply, video and peripheral device DMA at the other end of the port, and then implant virus into the machine or carry out attacks in any situation.

The 12 inch MacBook has been spared, although computers that offer old versions of thunderbolt through the mini DisplayPort port, as well as all Apple laptops and desktops produced since 2011, will be affected by the vulnerability.

Seventy two changes of USB attack

Behind the appearance of “refinement” of data cable is various forms of USB attack, and thunderbolt vulnerability attack is just one of its 72 changes.

Compared with thunderbolt, USB interface does not need high licensing fees, which is one of the reasons why USB interface is widely used in all kinds of hardware devices in today’s world.

Generally speaking, USB attacks can be roughly divided into four types: by reprogramming USB internal microcontroller to achieve unexpected remote control function of USB function, to implement attacks; Rewrite USB device firmware, download malicious software and data penetration to execute malicious attacks; The protocol / standard interaction between the operating system and USB is used to attack; Power attack based on USB.

For the attack methods corresponding to these four attack types, Lei Feng net makes a table for reference

USB security cannot be guaranteed

It can be seen from the above table that the most common attack method is reprogrammable microcontroller USB attack, which is less difficult to implement. The principle of the attack is to simulate the operation of typing through the nine ways mentioned in the table. In common, it is to simulate the operation of keyboard tapping remotely. In theory, the keyboard operation can completely replace the mouse, once the remote control of the keyboard is realized, it is equivalent to the complete control of the machine and equipment.

In addition to the form of data line, there are various ways to implement the above attack schemes. In addition to disguised as a USB cable, the most commonly used is the U disk. With the help of USB flash disk, attackers can achieve virus intrusion or phishing, which will lead to the theft of users’ private data, images and audio and video.

Seeing this, I’m afraid someone will ask, “how to ensure USB security?” Sorry, the answer is as long as the USB interface is not safe!

As we all know, USB device has many kinds of input characteristics, so its camouflage method is not limited to the table. Just imagine, at this stage of our use of products, mobile phones, audio, mouse, e-cigarettes, power bank… With the increase in demand, their input standards are tending to be unified. For these products with completely different appearance, the camouflage method can be described as “exponential” increase.

So, as NOHL said, the best way to prevent USB attacks is not to use USB devices.

Leave a Reply

Your email address will not be published. Required fields are marked *