A team of researchers has revealed a new security vulnerability in the Thunderbolt data transfer specification called “Thunderclap” that could leave computers open to serious attacks from otherwise innocuous USB-C or DisplayPort hardware.
As researcher Theo Markettos explains, Thunderclap takes advantage of the privileged, direct-memory access (DMA) that Thunderbolt accessories are granted to gain access to the target device. Unless proper protections are put in place, hackers can use that access to steal data, track files, and run malicious code.
It’s the sort of OS-level access that accessories like GPUs or network cards are typically granted. Because Thunderbolt is designed to replicate those functions externally, it requires the...
from The Verge - All Posts https://ift.tt/2BUuJbG
No comments: