The researchers at the University of Cambridge Computer Laboratory have discovered what they call a ‘Thunderclap’ vulnerability that could render computers using the Thunderbolt interface susceptible to attacks.
The Thunderbolt 3 interface had generated a lot of excitement when it was launched. It brought the possibility of data transfers of up to 40 Gbps which is four times as fast as the USB-C interface which is currently the most widely used interface.
It’s not just the Thunderbolt 3 that brings upon this vulnerability though; even the older Thunderbolt devices based on the DisplayPort are at risk. The vulnerability is even able to bypass the OS security which is known as Input Output Memory Management Units (IOMMUs) that was created in the 2000s to tackle malicious peripherals that could get access to the OS memory. The Thunderbolt accessories give the target devices access to the direct memory access (DMA) but according to the researchers, this privilege can be exploited by hackers to steal data, track files, and run malicious code.
The team believes that all Apple laptops and PCs produced post-2011 are vulnerable. They further added that the 12-inch MacBook is one exception that is not vulnerable. The vulnerability was announced as early as 2016 but the OS makers have been slow to react.