Feb282011

Thunderbolt Security Issues

Published by hirantha at 9:09 AM under Apple | Apple | Intel | Intel

Intel-ThunderboltApple released a new set of Macbook Pros few days ago, sporting the first implementation of  "Thunderbolt", a new interconnect technology based on what Intel so far called "Light Peak". It promises 10 GBit/sec duplex connectivity to everything from storage to video devices. The technology is similar to Firewire (i.Link, IEEE 1394) in some ways. Like for Firewire, multiple devices may be daisy chained. However, if a display port display is used as part of the chain, the display has to be the last device in the chain.

One speculation put forward in an article in the register is that devices connected via Thunderbolt are not authenticated and like for Firewire, have full bus access. This speculation is supported by the so far available material form Intel and Apple. Like with Firewire, this bus would provide direct access to RAM and possibly disks. As a result, a malicious device may be able to read RAM and disks without authentication.

These attacks have been shown to work for Firewire, and have been used for example in memory forensics to extract memory content from live systems. However, with the larger variety of devices expected for thunderbolt, it may be more of a threat. In particular, the scenario put forward in the article: Connecting a laptop to a projector at a conference via display port. There is no telling if inside the projector a second device sits in line waiting to extract memory from the attached laptop.

Resources



  [Twitter] [Digg] [Facebook] [Google] [StumbleUpon]

Tags: , , , , , , ,

 

E-mail | Permalink | Trackback | Post RSSRSS comment feed 0 Responses