Photo by Thunderclap Team
A team of researchers has unearthed a group of security vulnerabilities that they’ve dubbed Thunderclap because the most common way of exploiting them is through Thunderbolt (PCs are also vulnerable through PCI Express devices). Thunderclap vulnerabilities take advantage of direct memory access—essential for maximum performance—between usually internal peripherals like graphics processors and network cards. However, technologies like Thunderbolt allow peripherals that are granted direct memory access to be hot-plugged at any time, enabling attacks on temporarily unattended computers. Plus, Thunderbolt’s use in charging means that attackers could create malicious public charging stations.
Unfortunately, Thunderclap affects basically all operating systems—the researchers call out macOS, Windows, Linux, and FreeBSD—and all Macs released since 2011 other than the 12-inch MacBook, which has only USB-C. The researchers disclosed Thunderclap to vendors in 2016 and have worked with them since. Apple, Intel, and Microsoft have all responded to some extent—Apple addressed a specific network card vulnerability in macOS 10.12.4 Sierra and later, but the Thunderclap researchers say other vulnerabilities remain unaddressed.
The likelihood of everyday users being targeted by an attacker using Thunderclap seems very low at the moment. The best defense, for now, is to be careful about what you plug into your computer, and if you’re a high-value target for some reason, to avoid leaving your computer unattended.