Nav: Home

Most laptops vulnerable to attack via peripheral devices, say researchers

February 25, 2019

Many modern laptops and an increasing number of desktop computers are much more vulnerable to hacking through common plug-in devices than previously thought, according to new research.

The research, to be presented today (26 February) at the Network and Distributed Systems Security Symposium in San Diego, shows that attackers can compromise an unattended machine in a matter of seconds through devices such as chargers and docking stations.

Vulnerabilities were found in computers with Thunderbolt ports running Windows, macOS, Linux and FreeBSD. Many modern laptops and an increasing number of desktops are susceptible.

The researchers, from the University of Cambridge and Rice University, exposed the vulnerabilities through Thunderclap, an open-source platform they have created to study the security of computer peripherals and their interactions with operating systems. It can be plugged into computers using a USB-C port that supports the Thunderbolt interface and allows the researchers to investigate techniques available to attackers. They found that potential attacks could take complete control of the target computer.

The researchers, led by Dr Theodore Markettos from Cambridge's Department of Computer Science and Technology, say that in addition to plug-in devices like network and graphics cards, attacks can also be carried out by seemingly innocuous peripherals like chargers and projectors that correctly charge or project video but simultaneously compromise the host machine.

Computer peripherals such as network cards and graphics processing units have direct memory access (DMA), which allows them to bypass operating system security policies. DMA attacks abusing this access have been widely employed to take control of and extract sensitive data from target machines.

Current systems feature input-output memory management units (IOMMUs) which can protect against DMA attacks by restricting memory access to peripherals that perform legitimate functions and only allowing access to non-sensitive regions of memory. However, IOMMU protection is frequently turned off in many systems and the new research shows that, even when the protection is enabled, it can be compromised.

"We have demonstrated that current IOMMU usage does not offer full protection and that there is still the potential for sophisticated attackers to do serious harm," said Brett Gutstein, a Gates Cambridge Scholar, who is one of the research team.

The vulnerabilities were discovered in 2016 and the researchers have been working with technology companies such as Apple, Intel and Microsoft to address the security risks. Companies have begun to implement fixes that address some of the vulnerabilities that the researchers uncovered; several vendors have released security updates in the last two years.

However, the Cambridge research shows that solving the general problem remains elusive and that recent developments, such as the rise of hardware interconnects like Thunderbolt 3 that combine power input, video output and peripheral device DMA over the same port, have greatly increased the threat from malicious devices, charging stations and projectors that take control of connected machines. The researchers want to see technology companies taking further action, but also stress the need for individuals to be aware of the risks.

"It is essential that users install security updates provided by Apple, Microsoft and others to be protected against the specific vulnerabilities we have reported," said Markettos. "However, platforms remain insufficiently defended from malicious peripheral devices over Thunderbolt and users should not connect devices they do not know the origin of or do not trust."
-end-
More information is available at thunderclap.io.

University of Cambridge

Related Memory Articles:

Taking photos of experiences boosts visual memory, impairs auditory memory
A quick glance at any social media platform will tell you that people love taking photos of their experiences -- whether they're lying on the beach, touring a museum, or just waiting in line at the grocery store.
Think you know how to improve your memory? Think again
Research from Katherine Duncan at the University of Toronto suggests we may have to rethink how we improve memory.
Improving memory with magnets
The ability to remember sounds, and manipulate them in our minds, is incredibly important to our daily lives -- without it we would not be able to understand a sentence, or do simple arithmetic.
Who has the better memory -- men or women?
In the battle of the sexes, women have long claimed that they can remember things better and longer than men can.
New study of the memory through optogenetics
A collaboration between Universitat Autònoma de Barcelona and Harvard University pioneers the increase of memory using optogenetics in mice in Spain.
Peppermint tea can help improve your memory
Peppermint tea can improve long-term and working memory and in healthy adults.
A new glimpse into working memory
MIT study finds bursts of neural activity as the brain holds information in mind, overturns a long-held model.
Memory ensembles
For over forty years, neuro-scientists have been interested in the biological mechanisms underlying the storage of the information that our brain records every day.
What is your memory style?
Why is it that some people have richly detailed recollection of past experiences (episodic memory), while others tend to remember just the facts without details (semantic memory)?
Watching a memory form
Neuroscientists at Rosalind Franklin University of Medicine and Science have discovered a novel mechanism for memory formation.

Related Memory Reading:

Best Science Podcasts 2019

We have hand picked the best science podcasts for 2019. Sit back and enjoy new science podcasts updated daily from your favorite science news services and scientists.
Now Playing: TED Radio Hour

Jumpstarting Creativity
Our greatest breakthroughs and triumphs have one thing in common: creativity. But how do you ignite it? And how do you rekindle it? This hour, TED speakers explore ideas on jumpstarting creativity. Guests include economist Tim Harford, producer Helen Marriage, artificial intelligence researcher Steve Engels, and behavioral scientist Marily Oppezzo.
Now Playing: Science for the People

#524 The Human Network
What does a network of humans look like and how does it work? How does information spread? How do decisions and opinions spread? What gets distorted as it moves through the network and why? This week we dig into the ins and outs of human networks with Matthew Jackson, Professor of Economics at Stanford University and author of the book "The Human Network: How Your Social Position Determines Your Power, Beliefs, and Behaviours".