Many modern laptops and an increasing number of desktop computers are much more vulnerable to hacking through common plug-in devices than previously thought, according to new research.
The research, presented on 26 February at the Network and Distributed Systems Security Symposium in San Diego, shows that attackers can compromise an unattended machine in a matter of seconds through devices such as chargers and docking stations.
Vulnerabilities were found in computers with Thunderbolt ports running Windows, macOS, Linux and FreeBSD. Many modern laptops and an increasing number of desktops are susceptible.
The researchers, from the University of Cambridge and Rice University, exposed the vulnerabilities through Thunderclap, an open-source platform they have created to study the security of computer peripherals and their interactions with operating systems. It can be plugged into computers using a USB-C port that supports the Thunderbolt interface and allows the researchers to investigate techniques available to attackers. They found that potential attacks could take complete control of the target computer.
The researchers, led by Dr Theodore Markettos from Cambridge’s Department of Computer Science and Technology, say that in addition to plug-in devices like network and graphics cards, attacks can also be carried out by seemingly innocuous peripherals like chargers and projectors that correctly charge or project video but simultaneously compromise the host machine.
Computer peripherals such as network cards and graphics processing units have direct memory access (DMA), which allows them to bypass operating system security policies. DMA attacks abusing this access have been widely employed to take control of and extract sensitive data from target machines.
Current systems feature input-output memory management units (IOMMUs) which can protect against DMA attacks by restricting memory access to peripherals that perform legitimate functions and only allowing access to non-sensitive regions of memory. However, IOMMU protection is frequently turned off in many systems and the new research shows that, even when the protection is enabled, it can be compromised.
“We have demonstrated that current IOMMU usage does not offer full protection and that there is still the potential for sophisticated attackers to do serious harm,” said Brett Gutstein, a Gates Cambridge Scholar, who is one of the research team.
The vulnerabilities were discovered in 2016 and the researchers have been working with technology companies such as Apple, Intel and Microsoft to address the security risks. Companies have begun to implement fixes that address some of the vulnerabilities that the researchers uncovered; several vendors have released security updates in the last two years.
However, the Cambridge research shows that solving the general problem remains elusive and that recent developments, such as the rise of hardware interconnects like Thunderbolt 3 that combine power input, video output and peripheral device DMA over the same port, have greatly increased the threat from malicious devices, charging stations and projectors that take control of connected machines. The researchers want to see technology companies taking further action, but also stress the need for individuals to be aware of the risks.
“It is essential that users install security updates provided by Apple, Microsoft and others to be protected against the specific vulnerabilities we have reported,” said Markettos. “However, platforms remain insufficiently defended from malicious peripheral devices over Thunderbolt and users should not connect devices they do not know the origin of or do not trust.”
Story Source: https://www.sciencedaily.com/releases/2019/02/190225192119.htm
Materials provided by University of Cambridge. The original story is licensed under a Creative Commons License. Note: Content may be edited for style and length.
Image via Shutterstock
Microtechs 24x7x365 white label end user technical support services
As we now enter Spring 2019, it may be a time for you to take stock of the challenges your business faces in the financial year ahead, especially at a time when you may be reviewing your budgets.
You may ask yourself:
1. How can I offer support 24/7 without the stress & cost of recruiting and training?
2. How can I improve my bottom line?
3. How can I free up my team’s time, to enable us to grow the business?
If you have customers that require support, this can be a costly albeit essential part of your organisation, particularly when you receive more and more demand for staff to work remotely, international offices and extended coverage requests.
Microtechs can help.
We can provide a completely UK based support function for your customers or products whilst simultaneously saving you money and improving your service levels.
· Office hours or 24/7
· UK based from Guildford, Surrey
· 1st & 2nd line / NOC and incident management capabilities
· Ability to learn bespoke applications
· All white labelled to your brand
· 25-50% reduction in overheads
· Pricing from £500 per month
· Sole traders through to enterprise companies supported
Be that business that can confidently say yes to that next big opportunity safe in the knowledge that your help desk can upscale to accommodate on request 24 hours per day, 7 days per week, 365 days per year.
We believe that we are different to other outsourced providers in what we can offer. We take time to learn and dovetail with your existing team and systems, completely replicating your model, ethos and approach to customer service and technical support.
Hurry…we are offering 10% discount on our monthly fees for new customers joining before the end of March 2019. (excludes entry tiers)
Please contact us for further information on 01483 407417