Attacker Value
Very Low
(3 users assessed)
Exploitability
Very Low
(3 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
3

ThunderSpy
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A combination of vulnerabilities for the Thunderbolt protocol have been announced that allow a malicious actor to access most machines with a Thunderbolt port and bypass security restrictions on the device.

Add Assessment

13
Ratings
  • Attacker Value
    Very Low
  • Exploitability
    Very Low
Difficult to patchGives privileged accessVulnerable in default configurationDifficult to weaponizeRequires physical access
Technical Analysis

The risks of DMA attacks over PCI-Express are known for quite some time. Every PCIe device can potentially access physical memory inside a machine and exfiltrate private data like encryption keys or passwords. Modifications are also possible. As Thunderbolt has the capability to tunnel PCIe traffic, this is also possible by external Thunderbolt devices. One of the countermeasures implemented in the Thunderbolt controllers against unknown devices behaving evil is to block them entirely by employing a user configurable whitelist.

The presented vulnerabilities affect these security measures and allow to authenticate malicious devices which then can be used to perform subsequent DMA attacks. The Thunderbolt controller responsible for authenticating the devices has its own microcontroller and runs firmware from a small SPI flash chip usually sitting next to it on the circuit board. The whitelist is stored on this SPI flash chip as well.

If the attacker has physical access to a machine, he can disassemble it, locate the flash chip and read or write it using an external device to tamper with the firmware or the whitelist stored on this device.

After managing to authenticate a malicious thunderbolt device, it is possible to access the main physical memory of the machine using DMA transfers over PCIe. This issue is known for some time and there are other countermeasures in place to prevent malicious DMA accesses. To restrict devices on a PCIe bus from accessing whatever memory they want, the system firmware or operating system can configure the IOMMU to restrict what memory regions can be accessed or not. This is the responsibility of the software running on the system which currently only mac OS seems to perform by default. Also as an IOMMU is a piece of hardware, it needs to be supported by the platform.

Possible mitigations against the attacks:

  • Don’t let anybody disassemble your machine
  • Disable the Thunderbolt controller completely in the BIOS – this means disabling the PCIe device, not only setting the security level to passthrough as this setting can be bypassed using the attack
  • Only attach trusted devices to your machine
  • Consult the documentation of your hardware and operating system how to configure the IOMMU correctly to prevent malicious DMA memory accesses
Log in to Add Reply
1
Ratings
  • Attacker Value
    Very Low
  • Exploitability
    Very Low
Common in enterpriseGives privileged accessVulnerable in default configurationAuthenticatedDifficult to weaponizeRequires physical access
Technical Analysis

The key feature of this bug in @agalauner-r7’s assessment here is, “Don’t let anybody disassemble your machine.” I’m calling this issue “authenticated” because if you’re in a position to turn some screws on the case, you’re practically authenticated. :)

Log in to Add Reply

General Information

Offensive Application
exploit
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Unknown
Prerequisites
Unknown
Discovered By
Bjorn Ruytenberg
PoC Author
https://www.youtube.com/watch?v=oEfzp4lHpB0
https://www.youtube.com/watch?v=7uvSZA1F9os
Metasploit Module
Unknown
Reporter
Unknown

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis