Major Thunderbolt Security Flaws Discovered, Leave Many Macs Vulnerable

0 0 May 11, 2020 2020-05-11T10:08:00-05:00 Edit this post

Security researcher Björn Ruytenberg discovered 7 severe vulnerabilities in the Intel Thunderbolt chip, as well as 9 attack techniques. Thes...

Security researcher Björn Ruytenberg discovered 7 severe vulnerabilities in the Intel Thunderbolt chip, as well as 9 attack techniques. These security holes affect all machines with Thunderbolt ports, including all Mac computers equipped with Thunderbolt connectors between 2011 and 2020. Both the standalone Thunderbolt port and the USB-C compatible Thunderbolt port have been affected.


Those security vulnerabilities include:

  • Inadequate firmware verification schemes
  • Weak device authentication scheme
  • Use of unauthenticated device metadata
  • Downgrade attack using backwards compatibility
  • Use of unauthenticated controller configurations
  • SPI flash interface deficiencies
  • No Thunderbolt security on Boot Camp

The unfortunate thing is that there is no way to detect whether the machine is compromised. When the Mac runs the Windows operating system via Boot Camp, all security vulnerabilities will subsist. When running the macOS system, however, only some vulnerabilities will exist.
MacOS employs (i) an Apple-curated whitelist in place of Security Levels, and (ii) IOMMU virtualization when hardware and driver support is available. Vulnerabilities 2–3 enable bypassing the first protection measure, and fully compromising authenticity of Thunderbolt device metadata in MacOS “System Information”. However, the second protection measure remains functioning and hence prevents any further impact on victim system security via DMA. The system becomes vulnerable to attacks similar to BadUSB. Therefore, MacOS is partially affected.
Ruytenberg has notified Intel and Apple, but those vulnerabilities exist in the control chip and cannot be fixed through a software update.

A PDF document regarding the security vulnerabilities has been created, you can view it by clicking the link here.

Labels:

SHARE:

Twitter Facebook Google Pinterest

COMMENTS

DISQUS
Name

(Product)RED,2,#Accessory,2,#App Store,1,#Apple,2,#Apple Music,3,#Apple Park,4,#Apple Pay,4,#Apple Security,3,#Apple Watch,10,#Battery,5,#Bug,1,#CarPlay,2,#Cydia,1,#Face ID,1,#Facebook,1,#FM,1,#Games,2,#HomeKit,2,#HomePod,14,#HowTo,5,#iMac,2,#iMac Pro,3,#Intel,2,#iOS,2,#iOS 11,5,#iOS 11.3,6,#iOS 11.4,1,#iOS 12,2,#iPad,2,#iPhone,21,#iPhone 8,1,#iPhone SE,3,#iPhone SE 2,9,#iPhone X,11,#iPhone X Plus,3,#Jailbreak,13,#Lawsuit,1,#Mac,3,#Mac Pro,2,#MacBook,5,#macOS,10,#MFi,1,#Microsoft,1,#OnePlus,1,#Original Content,2,#Patent,3,#Samsung,1,#Self-Driving,2,#Siri,4,#Tim Cook,1,#Touch ID,2,#TSMC,1,#TV,2,#Wallpaper,1,#watchOS,2,#WWDC,3,3D Touch,2,4G,1,5G,21,A,1,A11,2,A12,9,A13,3,A14,5,A14. iPhone 2020,1,A16,1,AAPL,18,ABC News,1,Accessibility,1,Accessories,87,Accessory,3,Activity,1,Ad,6,Adobe,4,Ads,3,AI,1,Airbnb,1,AirDrop,1,AirPlay,3,AirPlay 2,2,AirPod,2,AirPod Pro,1,AirPods,51,AirPods 2,5,AirPods 3,6,AirPods Pro,14,AirPods Studio,4,AirPort,4,AirPower,26,AirTag,4,AirTags,9,Amazon,11,AMD,2,Android,19,Antitrust,1,App,46,App Store,36,Apple,1950,Apple Arcade,11,Apple Books,1,Apple Camp,1,Apple Car,3,Apple Card,25,Apple Design Awards,2,Apple Event,34,Apple Events,3,Apple Glasses,3,Apple ID,4,Apple Intelligence,1,Apple Map,2,Apple Maps,11,Apple Music,43,Apple News,3,Apple News+,6,Apple One,3,Apple Park,9,Apple Pay,30,Apple Pay Cash,3,Apple Pencil,7,Apple Retail,12,Apple Security,20,Apple Store,56,Apple TV,36,Apple TV+,33,Apple Wacth,1,Apple Watch,157,Apple Watch 6,7,Apple Watch SE,1,Apple Watch Series 7,1,Apple. Chip,1,AppleCare+,1,Applle,1,Apps,2,AR,16,AR Glasses,13,ARM,18,Bands,4,Battery,33,Beats,11,Beddit,1,Best Buy,1,Beta,31,Bill Gates,1,Black Friday,2,Bloomberg,2,Boot Camp,1,Bose,1,Bug,18,Cable,4,Camera,12,Campis,1,Campus,1,Car,3,CarKey,1,CarPlay,7,Carpool Karaoke,3,Cases,1,CCC,1,CES,4,Charger,5,China,18,Chip,3,Chrome,2,Coding,1,Concept,8,Consumer Reports,1,Coronavirus,45,CPU,1,Credit Card,1,Cydia,1,Dark Sky,2,Deals,8,Developer,7,Dialog,1,Display,2,Dongles,2,Earnings,20,EarPods,1,Economy,2,Edge,1,Education,5,Emoji,11,Environment,8,eSIM,1,EU,3,EU. News,1,Event,7,Events,4,Exploit,1,Face ID,20,Facebook,1,FaceTime,4,FBI,2,FCC,4,featured,12,Final Cut Pro,3,Firefox,1,Fitbit,1,FM,2,Foldable,1,Foldable iPhone,6,Fortnite,4,Forum,1,Foxconn,5,France,2,Galaxy S9,1,Game,3,Games,6,gaming,7,Geekbench,2,Germany,1,Gift,1,Gift Card,1,Google,31,Hack,7,Haptic Touch,2,Headphones,9,Health,32,HomeKit,10,HomePod,45,HowTo,78,Huawei,5,iCloud,13,iFixit,11,iMac,12,iMac Pro,3,iMessage,2,India,13,Intel,15,iOS,141,iOS 10,1,iOS 11,13,iOS 11.3,2,iOS 11.4,2,iOS 12,93,iOS 12.1,3,iOS 12.4,1,iOS 13,72,iOS 13.1,8,iOS 13.1.1,1,iOS 13.1.2,1,iOS 13.1.3,1,iOS 13.2,6,iOS 13.2.2,3,iOS 13.2.3,1,iOS 13.3,12,iOS 13.3.1,6,iOS 13.4,9,iOS 13.4.5,3,iOS 13.5,8,iOS 13.5.5,1,iOS 13.6,4,iOS 13.6.1,1,iOS 13.7,2,iOS 14,48,iOS 14.0.1,1,iOS 14.1,1,iOS 14.2,4,iOS 14.2.1,1,iOS 14.3,2,iOS 14.4,3,iOS 14.4.1,1,iOS 14.5,3,iOS 15,2,iOS 16,1,iOS 16.4,1,iOS 18,1,iOS 9,1,iOS beta,3,iOS11,32,iOS12,2,iPad,97,iPad 8,1,iPad Air,8,iPad Mini,2,iPad Pro,65,iPadOS,17,iPhone,250,iPhone 11,31,iPhone 11 Pro,13,iPhone 11 Pro Max,9,iPhone 12,15,iPhone 12 mini,2,iPhone 12 Pro,6,iPhone 13,3,iPhone 13 Pro,1,iPhone 14 Pro,1,iPhone 16,1,iPhone 20020,1,iPhone 2018,34,iPhone 2019,51,iPhone 2020,97,iPhone 2021,10,iPhone 2022,3,iPhone 2023,1,iPhone 3GS,1,iPhone 8,4,iPhone 8 Plus,1,iPhone 9,11,iPhone OS,1,iPhone SE,3,iPhone SE 2,26,iPhone SE 3,1,iPhone X,89,iPhone X Plus,1,iPhone XE,1,iPhone XR,32,iPhone XS,37,iPhone XS Max,4,iPhone2018,5,iPhones,3,iPhoneSE2,1,iPhoneX,1,iPod,6,iPod touch,8,iTunes,12,iWork,1,Jailbreak,25,Jony Ive,6,KaiOS,1,Keyboard,8,KGI,11,Kuo,40,Laptop,3,Lawsuit,11,LCD,1,Leadership,1,Leak,15,LG,9,Live Radio,1,Logic Pro X,3,Logo,2,Luna Display,1,M1,3,Mac,92,Mac App Store,1,Mac Mini,5,Mac OS 8.1,1,Mac Pro,18,MacBook,53,MacBook Air,21,MacBook Pro,69,macOS,77,macOS 10.14,33,macOS 10.15,38,macOS 10.16,1,macOS 11,12,macOS Big Sur,8,macOS Catalina,14,Magic Keyboard,2,Maps,2,Market,1,Media,1,Micro-LED,1,Microsoft,13,Mini-LED,7,Mother’s Day,1,MR,1,Music,1,Netflix,2,News,754,Newsm,1,NFC,1,Nike,2,Nomad,1,Notch,1,Nvidia,1,Office,1,OLED,7,Original Content,18,OS X,1,P30,1,Pangu,1,Patent,36,Patents,4,PC,2,Pixel,4,Pixel Slate,2,Podcast,3,Powerbeats,10,Privacy,19,Pro Display XDR,4,Project Titan,2,ProRes Raw,1,Qualcomm,12,RAM,3,Refurbished,5,Render,1,Repair,3,Reports,3,Retail,2,Review,2,Roku,1,Rumors,19,Safari,6,Samsung,31,SECURITY,25,Self-Driving,3,Services,6,Shazam,4,Shopping,1,Shortcuts,3,Singapore,1,Siri,22,Smartphones,7,Software,4,Spotify,8,Sprint,2,Steve Jobs,6,Stock,26,Subscription,6,Supply Chain,1,Support,27,Swift,1,T-Mobile,3,Tablet,1,TANT,2,TeamViewer,1,Technology,1,Tesla,2,TestFlight,1,Texture,2,TikTok,2,Tim Cook,39,Touch Bar,2,Touch ID,7,Tracker,2,Trade-In,1,Trump,6,TSMC,13,TV,4,TV+,2,tvOS,43,tvOS 12,23,tvOS 13,36,tvOS 13.2,1,tvOS 14,19,tvOS12,2,Twitter,2,UK,1,US,1,USB-C,3,VBucks,1,Verizon,1,Verzion,1,Video,1,VirnetX,1,Vision Pro,1,VR,4,Wallpaper,17,watchOS,53,watchOS 5,25,watchOS 6,39,watchOS 7,27,watchOS 8,1,Webcam,1,WiFi,1,Windows,4,Wireless Charging,16,WWDC,35,Xcode,3,Xiaomi,1,YouTube,3,
ltr
item
Loveios: Major Thunderbolt Security Flaws Discovered, Leave Many Macs Vulnerable
Major Thunderbolt Security Flaws Discovered, Leave Many Macs Vulnerable
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkpXLWqE-q6TNuczDNzhhycNx3DEyVAAavF9Q9gSrje7rD29urCSYyYEKXXPDYNQAv3AIwBGhtQ9rewGsKuE52z5E49pi50WhY7BDvd4abhChogeLUBKolpVrjswjidARqzjouh6ZjEi4/s1600/Screenshot+2020-05-11+at+10.05.47+AM.png
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkpXLWqE-q6TNuczDNzhhycNx3DEyVAAavF9Q9gSrje7rD29urCSYyYEKXXPDYNQAv3AIwBGhtQ9rewGsKuE52z5E49pi50WhY7BDvd4abhChogeLUBKolpVrjswjidARqzjouh6ZjEi4/s72-c/Screenshot+2020-05-11+at+10.05.47+AM.png
Loveios
https://www.loveios.net/2020/05/major-thunderbolt-security-flaws.html
https://www.loveios.net/
https://www.loveios.net/
https://www.loveios.net/2020/05/major-thunderbolt-security-flaws.html
true
1784436446950495761
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content