[G3D] Vulnerability in Thunderbolt allows unlimited memory access - Overclock.net - An Overclocking Community

Forum Jump: 

[G3D] Vulnerability in Thunderbolt allows unlimited memory access

Reply
 
Thread Tools
post #1 of 14 (permalink) Old 03-04-2019, 01:42 AM - Thread Starter
Performance is the bible
 
Join Date: Apr 2009
Posts: 6,544
Rep: 432 (Unique: 298)
[G3D] Vulnerability in Thunderbolt allows unlimited memory access

Source
Quote:
A big Vulnerability in Thunderbolt has surfaced, the researches call it Thunderclap
...
Thunderbolt peripherals and accessories are effectively considered to be trusted components of a computer, complete with direct memory access that can bypass operating system security policies, according to security researcher Theo Markettos. Thunderbolt offers devices "more privilege than regular USB devices," giving them more freedom and access to potentially sensitive information.
...
are susceptible to being vulnerable to Thunderclap-based attacks which can be carried out either with specially built malicious peripheral devices or common devices such as projectors or chargers that have been altered to automatically attack the host they are connected to.
...
Thunderclap affects basically all operating systems—the researchers call out macOS, Windows, Linux, and FreeBSD—and all Macs released since 2011 other than the 12-inch MacBook, which has only USB-C.
Link to pdf that describe the research.

They were able to attack both windows and macOS systems and watch VPN traffic under unix.

Basically means, do not buy anything TB from someplace you don't know.


Defoler is offline  
Sponsored Links
Advertisement
 
post #2 of 14 (permalink) Old 03-05-2019, 08:28 AM
Crypto-Mining the DB
 
SystemTech's Avatar
 
Join Date: Jun 2009
Location: Ottawa Canada
Posts: 2,193
Rep: 114 (Unique: 98)
Quote: Originally Posted by Defoler View Post
Source

Basically, means, do not buy anything TB from a manufacturer you don't know.
Fixed for you
Pretty interesting and big vulnerability.

The virtualizer
(11 items)
CPU
i7-6700HQ
GPU
GTX 1070 8GB
GPU
RX Vega 64 Via Alienware AMP
RAM
16GB 2667mhz Alienware
Hard Drive
Crucial BX100 1TB
Hard Drive
Samsung 960 Pro 512GB
Monitor
Acer XR341CK 34" 3440x1440 @ 85hz awesomness
Monitor
Stock 1920x1080
Keyboard
Logitech G410 Atlas Spectrum
Mouse
Logitech G700S
Mouse
Roccat Taito
Audio
Logitech G930
CPU
E5-2670
CPU
E5-2670
Motherboard
Dell PowerEdge R720
RAM
Dell Default
Hard Drive
Crucial MX500 256GB
Hard Drive
Crucial MX500 1TB
Hard Drive
Seagate 5TB Barracuda(ST5000LM000)
Power Supply
Dell PowerEdge 750W
Power Supply
Dell PowerEdge 750W
Case
Dell PowerEdge R720
Operating System
Windows Server 2016
▲ hide details ▲


SystemTech is offline  
post #3 of 14 (permalink) Old 03-05-2019, 08:43 AM
New to Overclock.net
 
Avonosac's Avatar
 
Join Date: Dec 2012
Location: PA
Posts: 2,929
Rep: 154 (Unique: 110)
Quote: Originally Posted by SystemTech View Post
Fixed for you
Pretty interesting and big vulnerability.
Supply chain attacks, are like.. a thing you know. https://healthitsecurity.com/news/mi...-attacks-surge

However, they state every Mac in the quote but at least the supplied quote doesn't point out every Macbook Pro since late 2016 also is USB-C only.


Avonosac is offline  
Sponsored Links
Advertisement
 
post #4 of 14 (permalink) Old 03-05-2019, 09:04 AM - Thread Starter
Performance is the bible
 
Join Date: Apr 2009
Posts: 6,544
Rep: 432 (Unique: 298)
Quote: Originally Posted by SystemTech View Post
Fixed for you
Pretty interesting and big vulnerability.
And considering USB4 is going to be based on thunderbolt 3, I wonder how much of it is going to be inherent.


Defoler is offline  
post #5 of 14 (permalink) Old 03-05-2019, 09:08 AM
New to Overclock.net
 
DNMock's Avatar
 
Join Date: Jul 2014
Location: Dallas
Posts: 3,159
Rep: 158 (Unique: 117)
Would USB 3.1 have the exact same issues since both connect via PCIE?


DNMock is offline  
post #6 of 14 (permalink) Old 03-05-2019, 03:13 PM
New to Overclock.net
 
Joephis19's Avatar
 
Join Date: Jun 2011
Location: STL, MO
Posts: 1,078
Rep: 72 (Unique: 66)
I hope my printer doesn't get the clap!
Joephis19 is offline  
post #7 of 14 (permalink) Old 03-05-2019, 08:11 PM
Overclocker
 
JackCY's Avatar
 
Join Date: Jun 2014
Posts: 8,724
Rep: 285 (Unique: 210)
JackCY is offline  
post #8 of 14 (permalink) Old 03-06-2019, 12:08 AM
New to Overclock.net
 
Hwgeek's Avatar
 
Join Date: Apr 2017
Posts: 277
Rep: 6 (Unique: 5)
Intel suffers from Vulnerability while AMD stays safe...
Intel: Lets give AMD TB3 support!

LOL.
Hwgeek is offline  
post #9 of 14 (permalink) Old 03-06-2019, 06:04 AM
Jedi Knight
 
Nick the Slick's Avatar
 
Join Date: Mar 2015
Location: Kentucky, USA
Posts: 535
Rep: 34 (Unique: 34)
Quote: Originally Posted by Hwgeek View Post
Intel suffers from Vulnerability while AMD stays safe...
Intel: Lets give AMD TB3 support!

LOL.
Was literally just coming to make a similar comment lol. Well played Intel.

Vibranium
(15 items)
CPU
Intel Core i7 7700k
Motherboard
ASUS Z170-PRO
GPU
MSI GeForce GTX 1070 Sea Hawk EK X
RAM
G. Skill Trident Z
Hard Drive
MyDigitalSSD BPX
Hard Drive
Crucial MX300
Optical Drive
LG Black Blu-Ray Burner
Power Supply
Seasonic SS-750KM3
Cooling
Custom Liquid Cooling
Case
Phanteks “Enthoo Pro Series"
Operating System
Windows 10
Monitor
55" LG OLED55B7A
Keyboard
Logitech K800
Mouse
Logitech G603
Audio
5.1 Polk Audio Setup
▲ hide details ▲


Nick the Slick is offline  
post #10 of 14 (permalink) Old 03-06-2019, 08:24 AM
News Fiend
 
ryan92084's Avatar
 
Join Date: Oct 2015
Location: 'merica
Posts: 1,689
Are we taking bets on how "fixed" this will be before it becomes the basis of USB4?

Meh '12
(13 items)
CPU
Ryzen 2600x
Motherboard
ASUS Crosshair VII Hero
GPU
XFX Fury X
RAM
G.SKILL TridentZ Series 16GB (2 x 8GB) 288-Pin DDR4 SDRAM DDR4 3200 F4-3200C14D-16GTZSW
Hard Drive
SAMSUNG 970 PRO M.2 2280 512GB PCIe Gen3. X4, NVMe
Hard Drive
Samsung 850 Pro-Series
Hard Drive
Seagate 4TB Enterprise NAS SATA (ST4000VN0001)
Hard Drive
WD Black 1TB Performance Desktop Hard Drive WD1003FZEX
Power Supply
SEASONIC PLATINUM-860 860W RT
Cooling
Black Ice Nemesis 360GTS Radiator x2
Cooling
Monsoon MMRS Reservoir + D5 pump + mountings
Cooling
XSPC Raystorm Neo Metal
Cooling
EKWB Fury X
Cooling
Monsoon Free Center 1/2ID 3/4OD fittings + Rotaries + plug + Temp probe
Cooling
BeQuiet SilentWings 3 High Speed PWM x 9
Case
Lian Li PC-O11 Dynamic
Operating System
Windows 10 Pro
Monitor
LG 27" IPS 27UK650
Keyboard
Massdrop CTRL
Mouse
Logitech g403
Mousepad
HAYATE KOU FX SOFT NINJA Black L
Audio
Blue Yeti Black
Audio
Massdrop x AKG K7XX
Other
LIAN LI O11D-1X ,Riser Cable and cover bracket for PC-O11D
CPU
i5 3570k
Motherboard
Z77x-UD5H
GPU
Zotac 670 GTX AMP!
RAM
G.Skill f3-2400c10D-16gtx
Hard Drive
Samsung 850 Pro 128GB
Optical Drive
Some old thing
Power Supply
Seasonic platinum 860w
Cooling
Custom water
Case
Customized Thermaltake Armor
Operating System
Win 10 pro
Monitor
Dell U2413
Keyboard
Ducky Shine
Mouse
Logi G502
▲ hide details ▲


ryan92084 is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off