A team of researchers has uncovered a new vulnerability in the Thunderbolt data transfer specification called "Thunderclap," which could expose computers to severe attacks from otherwise harmless USB-C or DisplayPort hardware.
As Researcher Theo Markettos explains, Thunderclap uses the privileged Direct Memory Access (DMA) that Thunderbolt accessories get to gain access to the target device. With no adequate safeguards, hackers can use this access to steal data, track files, and execute malicious code.
This type of operating-system-level access is usually granted by accessories such as GPUs or network adapters. Because Thunderbolt was designed to externally replicate these features, the same level of access is required. External configuration, however, makes the system more vulnerable to attacks. Basically, connecting a malicious device to a port is easier than opening a computer and connecting a hacked video card.
not unique to Thunderbolt 3; Theoretically, even older Thunderbolt devices based on DisplayPort instead of USB-C are at risk.
Markettos and his team have discovered the vulnerability in 201
This is not the kind of attack that most users are normally exposed to. (Hackers that use specially poisoned USB-C devices to address computers by posing as a fake GPU are usually not displayed to most people.) However, it is a good reminder that you need to stock up on your computer with accessories or Chargers that you wear I can not trust.
And even if Thunderclap does not even hit your device, it shows that even our best standards are not perfect, even for the high-end side of the peripherals industry that Thunderbolt represents.