Theres a new attack that uses off-the-shelf equipment to take full control of a PC—even when locked—if a hacker gets just a few minutes alone with it. The vector is a familiar one, the Thunderbolt ultrafast interface that connects graphics cards, storage systems, and other peripherals to millions of computers.
The hack, which took years to develop, is elegant. Its adept mix of cryptanalysis, reverse engineering, and exploit development punches a major hole in defenses that Thunderbolt creator Intel spent considerable time and resources to erect. Ultimately, though, the technique is an incremental advance in an attack that has existed for more than a decade. While the weakness it exploits is real and should be closed, the vast majority of people—think 99 percent—shouldnt worry about it. More about that later. For now, here are the bare-bones details.
Accessing Memory Lane
Thunderspy, as its creator Björn Ruytenberg has named the attack, in most cases requires the attacker to remove the screws from the computer casing. From there, the attacker locates the Thunderbolt chip and connects a clip, which in turn is connected to a series of commodity components—priced about $600—which is connected to an attacker laptop. These devices analyze the current Thunderbolt firmware and then reflash it with a version thats largely the same except that it disables any of the Intel-developed security features that are turned on.
With the defenses dropped, the hacker has full control over the direct memory access, a feature in many modern computers that gives peripheral devices access to the computers main memory. A Thunderspy attacker is then free to connect a peripheral that bypasses the Windows lock screen.
The following video shows the attack in more detail as it's used to gain access to a Lenovo P1 laptop that was bought last year:
While the bypass in the video takes a little more than five minutes, an attacker would need more time to install persistent and undetectable malware, copy the contents of the hard drive, or do other nefarious things. The attack hasnt worked against Apple Macs for more than three years (as long as they run macOS) and also doesnt work on Windows or Linux machines that have much more recent updates that implement a protection, known as Kernel Direct Memory Access Protection.
Kernel DMA is the OS method for implementing the Input-Output Memory Management Unit, which is an Intel-developed mechanism that connects to a DMA-capable bus and controls or blocks accesses to memory, including preventing malicious transfers of memory by connected peripherals. The protection is generally abbreviated as IOMMU.
A variation of the attack involves getting access to a Thunderbolt peripheral that has already received permission to access the vulnerable computer. An attacker can clone the peripheral and use it to gain access to the DMA on the targeted machine. Here it is in action:
Security practitioners have long made clear that an experienced adversary getting physical access to a device—even for a short amount of time—represents a game-over event. The only reasonable assumption is that the computer, phone, or other electronic device is compromised. The only meaningful response in this scenario is to discard the device, since its conceivable that the compromise involves the undetectable rewriting of firmware in one of the devices many components (a hacking group dubbed Equation Group and linked to the US National Security Agency was doing this as early as the early 2000s).
Despite the admonition about physical access, some practitioners remain wary of so-called “evil maid” attacks, in which a housekeeper, co-worker, or government official gets fleeting access alone to a device. The evil maid threat is precisely the reason hardware and software developers—Intel included—have poured incalculable amounts of money into devising hard-drive encryption, chain-of-trust boot-ups, and similar protections. People who take Thunderspy seriously do so because it reopens this type of attack using hardware that came preinstalled on millions of devices.
Sabotage aint hacking
Even among those who buy into the evil maid threat, many are dismissing Thunderspy as a hack that stands out from other viable attacks in this category. Plenty of other firmware-driven computer components have similar access to highly sensitive computer resources. The chip that runs the BIOS—or the firmware that initializes hardware during the booting process—is a prime target for hackers who have physical access and the ability to remove case screws.
Another potentially simpler alternative is to remove the hard drive and backdoor the OS. If a computer has Trusted Platform Module or a similar protection that cryptographically ensures the integrity of computer hardware before loading the OS, the attacker can sniff the crypto key off the low-pin count bus, assuming a user hasnt enabled a preboot password. Some Embedded Controllers that handle keyboard and power management are another target, as are other controllers (Thunderbolt or otherwise) if they have DMA access (e.g. Ethernet and USB3 controllers).
“There are seriously tons and tons of things you can do to a PC once you open the case,” says Hector Martin, an independent security researcher with extensive experience in hacking or reverse-engineering the Nintendo Wii, several generations of the Sony PlayStation, and other devices with strong defenses against physical attacks. “The evil maid threat model is interesting when you restrict it to plugging things into ports, because that can be done very quickly when e.g. the target is just looking away.”
Alfredo Ortega, a security consultant who specializes in vulnerability research and cryptography, told me largely the same thing.
He said:
I do not think this is a significant attack, because it requires physical access to the notebook, and if you have physical access to the computer, there are much simpler attacks that would have the same effect (for example, inserting a key-logger in the keyboard, hiding a mic inside the notebook, installing a malicious motherboard, etc.)
Specifically, I do not agree with the first claim in their paper "Inadequate firmware verification schemes" because the firmware is indeed verified adequately at flash time. If you can physically flash the chip, arguably you could flash any other chip in the notebook and remove all protections or even completely replace the notebook with a malicious one.
There are many pseudo-attacks like this one that also are not really very dangerous because they require physical access, for example, many so-called car-hacking attacks actually need to install dongles in connectors inside the cars. If you get inside the car, you could also cut the brake lines: a much simpler attack, with the same effect. This is the same concept.
This is really a form of sabotage, not hacking.
If they can find a way to remotely flash a malicious firmware, then yes, this would make this attack dangerous. But they couldn't do that at the moment, and they require disassembling the notebook.
While evil maid attacks that don't require disassembly are hard, they're not impossible. In 2015, security researcher Trammell Hudson created a device that, when plugged in to the Thunderbolt port of a fully updated Mac, covertly replaced its firmware. The feat, which required only fleeting access to the targeted machine, didn't require any disassembly or any access to an already trusted Thunderbolt device. Apple promptly fixed the flaw.
Ortega said Thunderspy does identify several weaknesses that represent real flaws in the Thunderbolt system, but he doesnt consider the weaknesses significant. He noted that under the Common Vulnerability Scoring System, the weaknesses are rated a relatively low 7, an indication, he said, that others dont believe the flaws are severe, either.
Critics also note that over the past decade there have been multiple attacks that target weaknesses in Thunderbolt to achieve largely the same result. Examples include this one and this one. One of the more recent ones is known as Thunderclap.
The reception to Thunderspy on social media has been even more scathing. A small sampling includes pretty much every tweet made over the past 48 hours from Pedro Vilaça, among the best-known macOS reverse engineers and hackers.
While the chorus of criticism has been nothing short of extreme, plenty of security professionals say Thunderspy is an important attack that should be taken seriously.
Intel assurances torn asunder
“People arguing that physical access to a computer means you've lost: why do you think laptops should not be at least as resistant to physical attack as an iPhone?” Matthew Garrett wrote on Twitter. In the saRead More – Source
[contf] [contfnew] 
arstechnica
[contfnewc] [contfnewc]
