Security Week 20: hacking a computer through Thunderbolt
For a long time in our digest there were no provocative studies about hardware vulnerabilities. Dutch explorer Bjorn Rutenberg found seven holes in Thunderbolt controllers (site project scientific Job, survey article in Wired). One way or another, all vulnerabilities allow you to bypass key computer and laptop protection systems if you manage to get physical access to it. In general, you will need to disassemble the device in order to access the flash memory chip with the Thunderbolt controller firmware. Changing the firmware removes all security levels and makes it possible to directly access RAM from an arbitrary external device.
Vulnerabilities are affected by all computers with a Thunderbolt controller released before 2019. Last year, Intel, the main interface developer, implemented the Kernel DMA Protection method, which makes an attack impossible. The introduction of this layer of protection requires hardware changes and is therefore only available in devices released recently, and not all.
The researcher did not find fresh Dell laptops with Kernel DMA Protection, although Lenovo and HP laptops that were also released last year use this system. The potential damage from any vulnerabilities that require physical access to the hardware is small, but the story has developed (not very) beautiful. After all, it cannot be said that until 2019 Thunderbolt protection systems were not in the devices. Ryutenberg’s work showed that they do not always work.
The author of the study shows the attack algorithm in the video above: in just five minutes, Ryutenberg managed to bypass the Windows lock screen. In reality, you can do it even faster: an attacker does not need to take pictures of himself and give explanations.
On a Lenovo ThinkPad P1 laptop, the researcher reflash the Thunderbolt controller, lowering the level of security. There are only four of them: in SL3 mode, in principle, direct access of external devices to RAM is impossible. SL1 mode is used by default on most laptops and turns on DMA after authorization. Re-flashing the controller resets the settings to SL0 – in this mode, all devices have access to memory without authorization.
Does the controller verify the authenticity of its own firmware? Yes, it checks – but only when updating the software using regular methods, for example, by sending updates to the manufacturer. Direct firmware chip SPI flash programmer is not detected. The most interesting thing is that with such firmware it is possible to block further updates, making the computer permanently vulnerable.
The attack is possible due to a forced reset of the security level, as well as a number of other omissions in the protection of Thunderbolt – for example, in the form of mandatory compatibility of Thunderbolt 3 controllers with the previous version of the interface, where there are no more serious protection methods. And on Apple laptops, SL0 mode is forced, if you use the Bootcamp function to boot Windows or Linux – you don’t even need to flash anything. On the project’s website, the author posted the code of the attack tools, as well as a utility for checking the computer with Thunderbolt.
new infosec whitepaper going around that’s like “if an attacker can solder wires to the SPI flash inside your laptop they can do scary things to your data”
Is this a dangerous vulnerability? In general, not very: in Windows and consumer software, they regularly find local problems with privilege escalation, sometimes providing a similar result without using a soldering iron. But the attack turned out beautiful, in the style of James Bond films. In the proof-of-concept, the researcher uses a rather cumbersome design to connect to a computer, but if you have the means and desire, you can also make a miniature device, a kind of programmer with notes of espionage.
The work was subjected to the expected criticism: if you reflash the iron, you can do anything with it at all. Yes, but such studies are often limited to a theoretical description of vulnerabilities, and a practical attack is shown here. Countermeasures against such hacking will also be found, up to the flooding of ports and microcircuits with epoxy resin. But in an ideal world there should be no loopholes for such a simple flashing of the device. One can argue about the justification of additional security methods, but they exist and are applied. Just not in this case.
What else happened
Microsoft account on github probably hacked. 500 gigabytes of data were stolen, but it is not yet clear what the consequences will be. The gigabyte sample posted by crackers does not shine with quality and does not even really confirm that it was Microsoft that was hacked. Another major leak has occurred at the GoDaddy registrar – stole data on 28 thousand customers.
Black Hat and DEF CON conferences traditionally held in the US this August are canceledbut will be held online.
Zoom service has gained Keybase cryptography startup. The first takeover in the company’s history was made to implement end-to-end encryption of web conferencing.
The next set of patches for the Android platform closes Several serious vulnerabilities in the Media Framework. One of them can be used to remotely execute arbitrary code.
At Pen Test Partners investigated TCAS system algorithm for preventing dangerous aircraft rapprochement. And they showed an example of an attack involving the introduction of radio communications, as well as the creation of a non-existent object. In theory, it is possible to force pilots to make maneuvers that pose a real security risk in an attempt to avoid a collision with a “virtual” aircraft.
