University of Cambridge and Rice University researchers have created a platform that allows cyberattacks to be conducted through a variety of computer peripherals through their USB-C port.
The platform, called Thunderclap, an open-source platform created to study the security of computer peripherals and their interactions with operating systems in computers with Thunderbolt ports, reported Scientific Daily. Computers running Windows, macOS, Linux and FreeBSD were all found vulnerable through their USB-C port.
The specific vulnerability derives from the fact that peripherals have direct memory access to the unit they are connected to which allows them to bypass the operating system’s security policies. While such attacks are not new and the systems feature input-output memory management units to protect against such attacks these are often turned off and can be bypassed Scientific Daily reported.
In addition, Thunderbolt 3 which combine power input, video output and peripheral device DMA over in the same port have greatly increased the threat from malicious devices. The researchers believe vendors need to do more to fix these issues and consumers also have to do their part by ensuring their devices are fully patched.