Watch out! 'Thunderclap' vulnerabilities allow hackers to steal Mac files
Your MacOS or Windows PC could be at the risk of major third-party attacks. A group of researchers has found a set of vulnerabilities, called 'Thunderclap,' in machines using the modern Thunderbolt data transfer protocol. They allow hackers to use USB-C or DisplayPorts to carry out attacks, including those aimed at stealing files. Here's more about Thunderclap and its risk.
Thunderclap leverages privileged memory access
For all eligible peripherals, the Thunderbolt interface enables direct memory access (DMA), which is privileged OS-level access given to internal hardware like graphics cards. It gives unsupervised memory access to external hardware to deliver seamless function, considering it a trusted device. However, this also enables hackers to use this access to plug-in an infected device and access potentially sensitive information stored on the memory.
Thus, malicious accessories can be used to steal data
According to security researcher Theo Markettos, who discovered the vulnerabilities, this level of access can allow attackers to steal and track data and run a malicious program on a targeted Thunderbolt interface-equipped machine.
Are all computers affected?
Regular USB devices don't get direct memory access, which means computers with standard USB interface are safe. However, those with Thunderbolt specification are at risk as all hardware connected using this interface, including USB-C ports, is affected by the vulnerabilities. A website dedicated to the issue notes "all Apple laptops and desktops produced since 2011 are vulnerable," with 12-inch MacBook being the only exception.
However, fixes have been rolled out
Having said that, it's important to note that the researchers informed manufacturers about this issue in 2016, leading to the development of fixes. Apple fixed a part of the bug that allowed administrator access with macOS 10.12.4, although researchers say the general scope of such attacks remains relevant. Meanwhile, Microsoft has also started offering protection on a firmware level with Windows 10 version 1803.
Be careful while plugging external third-party devices
Now, this issue may not affect users with the latest version of MacOS or Windows 10, but it is a pretty good reminder of the basic security practices everyone should follow. First, have a good antivirus program installed on your computer, and secondly, never plug a device that's not trusted. You never know what it may hold to harm your computer.