Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'd be careful with these; it means you can't plug in an untrusted power supply anymore.

Just imagine one of these cables also acting as a USB keyboard, which brings up a new terminal, adds an SSH authorized key and closes the terminal window without you even seeing it.



Since a true machine charger would have its data ports wired to ground, couldn't you make simple adapter that ensured that was the case? Then security wouldn't be an issue?


And Thunderbolt is already dangerous, given that it's essentially just serialised PCI Express (so you've got a free view into RAM).


But you don't typically plug in random, untrusted TB cables -- you do typically plug in random, untrusted chargers.


Thunderbolt's the primary display connector on Macs as of 2011 (and some PCs); so not as common as chargers but not entirely outlandish.


There is security against that, you can limit access for thunderbolt devices to various parts of memory, same as you could with Firewire. Thunderbolt is not anymore insecure than Firewire for instance.


There is the ability to protect memory from malicious devices with IOMMU, but it is often disabled by default. My experience with DMA attacks via Firewire or Thunderbolt is that they work out of the box.

Inception is a nice tool to play with if you want to try out DMA attacks: http://www.breaknenter.org/projects/inception/

You may also want to check out the Volatility forensics framework: http://code.google.com/p/volatility/


Considering that firewire is a popular attack vector that isn't really comforting...


How often are you currently plugging in untrusted power supplies? ThunderBolt can chain a lot of different device types but I don't think it's a huge attack vector to plug in untrusted monitors.


> I don't think it's a huge attack vector to plug in untrusted monitors.

Yet. Give it a couple of years. The monitors are really smart now - many of them running code and have flash memory. The attack won't be directly by the monitor - the monitor will have been infected by malware earlier ... say, by an infected computer ...

Our devices are getting too smart, and our protocols getting too trusty, for our own sake. (Although I'm sure governments and other law abusers like the RIAA are raising a glass to each of these "advancements")


Personally, I'm borrowing someones magsafe at least once a week. A majority of students at my college use MBPs, so they are abundant.


There's already a hacking platform for that. https://hakshop.myshopify.com/products/usb-rubber-ducky Seems like it would be pretty easy to adapt to a USB power supply.


Hopefully they decide to deal with it in the standard and make data blocking (or power-only if you prefer) cables feasible.


Or worse, find a device driver (any device driver, thanks to plug-and-play) with an 0day and traipse around the kernel.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: