Major Thunderbolt Security Flaws Discovered, Leave Many Macs Vulnerable

Security researcher Björn Ruytenberg discovered 7 severe vulnerabilities in the Intel Thunderbolt chip, as well as 9 attack techniques. These security holes affect all machines with Thunderbolt ports, including all Mac computers equipped with Thunderbolt connectors between 2011 and 2020. Both the standalone Thunderbolt port and the USB-C compatible Thunderbolt port have been affected.

Those security vulnerabilities include:

  • Inadequate firmware verification schemes
  • Weak device authentication scheme
  • Use of unauthenticated device metadata
  • Downgrade attack using backwards compatibility
  • Use of unauthenticated controller configurations
  • SPI flash interface deficiencies
  • No Thunderbolt security on Boot Camp

The unfortunate thing is that there is no way to detect whether the machine is compromised. When the Mac runs the Windows operating system via Boot Camp, all security vulnerabilities will subsist. When running the macOS system, however, only some vulnerabilities will exist.
MacOS employs (i) an Apple-curated whitelist in place of Security Levels, and (ii) IOMMU virtualization when hardware and driver support is available. Vulnerabilities 2–3 enable bypassing the first protection measure, and fully compromising authenticity of Thunderbolt device metadata in MacOS “System Information”. However, the second protection measure remains functioning and hence prevents any further impact on victim system security via DMA. The system becomes vulnerable to attacks similar to BadUSB. Therefore, MacOS is partially affected.
Ruytenberg has notified Intel and Apple, but those vulnerabilities exist in the control chip and cannot be fixed through a software update.

A PDF document regarding the security vulnerabilities has been created, you can view it by clicking the link here.

Post a Comment

Previous Post Next Post