Most laptops vulnerable to attack via peripheral devices, study

Many modern laptops and an increasing number of desktop computers are much more vulnerable to hacking through common plug-in devices than previously thought, according to new research.

Macbook pro with dongle Credit: Theo Markettos
Macbook pro with dongle Credit: Theo Markettos

Vulnerabilities were found in PCs with Thunderbolt ports running Windows, macOS, Linux, and FreeBSD. Numerous modern laptops and an expanding number of desktops areas are susceptible. A new study shows that attackers can compromise an unattended machine in a matter of seconds through devices such as chargers and docking stations.

Thunderclap is an open-source platform to study the security of computer peripherals and their interactions with operating systems. It can be connected to computers utilizing a USB-C port that underpins the Thunderbolt interface and enables the scientists to explore methods accessible to attackers. They found that potential assaults could assume total responsibility for the target computer.

Dr Theodore Markettos from Cambridge’s Department of Computer Science and Technology said, “In addition to plug-in devices like network and graphics cards, attacks can also be carried out by seemingly innocuous peripherals like chargers and projectors that correctly charge or project video but simultaneously compromise the host machine.”

Computer peripherals such as network cards and graphics processing units have direct memory access (DMA), which allows them to bypass operating system security policies. DMA attacks abusing this access have been widely employed to take control of and extract sensitive data from target machines.

Current systems include input-yield memory the executive’s units (IOMMUs) which can secure against DMA attacks by limiting memory access to peripherals that perform real capacities and just enabling access to non-sensitive regions of memory. Be that as it may, IOMMU security is as often as possible killed in numerous frameworks and the new research demonstrates that, notwithstanding when the protection is enabled, it tends to be undermined.

Brett Gutstein, a Gates Cambridge Scholar, who is one of the research team said, “We have demonstrated that current IOMMU usage does not offer full protection and that there is still the potential for sophisticated attackers to do serious harm.”

According to the study, solving general problem remains elusive and that recent development, such as the rise of hardware interconnects like Thunderbolt 3 that combine power input, video output and peripheral device DMA over the same port, have greatly increased the threat from malicious devices, charging stations and projectors that take control of connected machines. The researchers want to see technology companies taking further action, but also stress the need for individuals to be aware of the risks.

Markettos said, “It is essential that users install security updates provided by Apple, Microsoft, and others to be protected against the specific vulnerabilities we have reported. However, platforms remain insufficiently defended from malicious peripheral devices over Thunderbolt and users should not connect devices they do not know the origin of or do not trust.”

The research, to be presented today (26 February) at the Network and Distributed Systems Security Symposium in San Diego.