• Serious Thunderbolt 3 Security Flaw Found
    12 replies, posted
https://www.tomshardware.com/news/thunderbolt-thunderclap-security-flaw-vulnerability,38709.html Reviewers were complaining that the Surfaces didn't have Thunderbolt, but who's laughing now?
Why would they even care about thunderbolt? Isn't thunderbolt not a standard protocol? I know modern thunderbolt uses the same connector as USB, so I don't really see the point of it.
hasnt this flaw been known for years? i'm sure i've seen a thunderbolt flaw named thunderclap before
It has a 4x PCIe link which enables things like external GPUs for laptops, which isn't possible over standard USB.
Anything that allows DMA is vulnerable to an attack like this. Same shit happened with Firewire, and can happen with any expansion port that allows DMA in some way. (pci, expresscard...) This has been known for years. Dont be a retard and plug anything into your pc willy-nilly. But slap a fancy sensationalist name on it and its headline news.
Thunderpoint allows you to plug an external graphics card to these underpowered tablets.
Thunderbolt is far more potent. You try daisy chaining two 4K displays or running a GTX 2080 over USB 3.1.
It's not USB or PCIe. There are no exposed PCIe lanes. It can encapsulate PCIe traffic in a scheme that looks like MPLS. Thunderbolt itself (MAC + PHY) is basically undocumented, and what documentation exists is NDA'd to oblivion. Thunderbolt is an insane pile of bullshit that not even Intel are willing to implement fully, from a software standpoint. The enumeration works by using the partially-configured TB lanes to bit-bang an SPI EEPROM in each node that contains config/topology data. The Linux driver for Thunderbolt (written by Intel) doesn't bother with any of this and basically supports 3 hardcoded topologies. No idea about what the stack looks like on Windows/MacOS but I don't imagine it's a whole lot better.
Unless I'm misrememering, I saw a presentation on such a device at defcon two years ago.
Thunderbolt exploits are OLD news.....as is this... just a rehash of research leaking out... Firewire was the same........ I had a bunch of researched exploits against firewire.. but unfortunately it never took off... so they just sit in my library along with the Xyratex stuff I had... until those bastards at SEAGATE closed down the company....... That's the thing with all these "discoveries", much of it goes back 10- 20 years but it was private research that never saw the light of day..... Then along comes some "glory boy" thinks they have discovered something new and gets all wet and publicity seeking about it. Even DEFCON is behind the curve on many of the things they think they discovered...... but thy get to "own it" because they wrote a paper on it....
you can make the argument that the problem lies with laptops that only have one thunderbolt port for the entire IO of the device. you could just not use it for potentially compromisable things
thats not where the risk is, its not sensationalist at all -- this can be used to gain control of a machine as a government actor or via social engineering a company that uses primarily Mac devices to gain control over the internal networks etc
So it still is sensationalist since the actor requires physical access to the machine (meaning fucked in more ways than just a thunderbolt connector) or require the target to plug something into their machine that is compromised (something that can be done with nearly any type of connector that allows DMA) Don't get me wrong, the research is still impressive but it is just not as dangerous as it's being made out to be. Good common sense and security procedures dont change at all because of this exploit.
Sorry, you need to Log In to post a reply to this thread.