Thunderbolt is the most recent way to hack into your computer

posted Friday Mar 1, 2019 by Scott Ertz

Over the last couple of weeks, there have been a number of reminders that any device that plugs into a computer port can be a hazard. This is even truer when the device plugs into an actively powered port, like USB. A few weeks ago, a flaw was demonstrated that showed that a USB cable could easily be made to create an opening for remote hacking into a system. The flaw is called BadUSB and was actually discovered years ago. Only recently, however, was the flaw applied to anything other than storage devices.

This week, a similar flaw was discovered that affects Thunderbolt devices, rather than traditional USB. This discovery comes care of research conducted between the Department of Computer Science and Technology at the University of Cambridge, Rice University and SRI International. The more creatively named Thunderclap bypasses Input-Output Memory Management Units over Thunderbolt over USB-C, otherwise known as Thunderbolt 3. According to the report,

An essential insight is that, while IOMMUs allow peripheral devices to be constrained, the DMA interface between device drivers and peripherals is a porous and complex attack surface that malicious actors can manipulate to influence software behavior and trigger vulnerabilities.

All of this underscores a recurring problem: insecure innocuous items. Over the years, we've seen a number of seemingly safe devices and software turn out to be just the opposite. The most obvious situation is mobile apps that pretend to be games and productivity software, but actually, steal your data and upload them to remote servers. Less obvious, but potentially more dangerous, are phone charging stations, like what you see at the airport. It is possible to place a Raspberry Pi inside of the charging station designed specifically to read data over the USB port on your phone.

The important thing to remember is, don't plug your device, either computer, phone, or tablet, into anything you do not trust entirely. Purchase USB cables and flash drives from known brands. Don't charge your phone on someone else's plug - always use your own environment or a Qi charger. Your privacy and security are not worth the slight savings you might receive.

F5 Live: Refreshing Technology

March 3, 2019 - Episode 522

Sunday Mar 3, 2019 (01:25:25)

Description

This week, Thunderbolt endangers computers, Sony eliminates free games on the PS3, and the internet enhances a hoax.

Participants

Scott Ertz

Host

Scott is a developer who has worked on projects of varying sizes, including all of the PLUGHITZ Corporation properties. He is also known in the gaming world for his time supporting the rhythm game community, through DDRLover and hosting tournaments throughout the Tampa Bay Area. Currently, when he is not working on software projects or hosting F5 Live: Refreshing Technology, Scott can often be found returning to his high school days working with the Foundation for Inspiration and Recognition of Science and Technology (FIRST), mentoring teams and helping with ROBOTICON Tampa Bay. He has also helped found a student software learning group, the ASCII Warriors, currently housed at AMRoC Fab Lab.

Avram Piltch

Host

Avram's been in love with PCs since he played original Castle Wolfenstein on an Apple II+. Before joining Tom's Hardware, for 10 years, he served as Online Editorial Director for sister sites Tom's Guide and Laptop Mag, where he programmed the CMS and many of the benchmarks. When he's not editing, writing or stumbling around trade show halls, you'll find him building Arduino robots with his son and watching every single superhero show on the CW.

Opening

Powered by TeknoAXE

Nifty Gifties

Powered by Microsoft Store

Thunderbolt is the most recent way to hack into your computer

Piltch Point with Avram Piltch

Powered by Newegg.com

Extra Life

Powered by Razer

PlayStation eliminates free games for PS3; Xbox, Nintendo expand

If you are a PlayStation Plus subscriber, you may have noticed a change to your free game selection this month. That's because, starting March 2019, Sony will no longer include PlayStation 3 or PlayStation Vita games in the selection. This is not a surprise, from the perspective that Sony announced a year ago that it was coming. It is a surprise, however, from the perspective that the company's competitors are moving the other way.

News From the Tubes

Powered by RiffTrax

FTC fines TikTok for violating child privacy laws, others might follow

Over the past year, the issue of child privacy and protection online has become a big topic, and for good reason. Many large companies have either passively ignored their responsibilities, or have actively gone out of their ways to target children. Last April, YouTube was accused of purposely collecting information from minors, with a significant amount of evidence. Only a week later, another report exposed a large number of violations in Google Play. In July, Facebook and Instagram began purging profiles of those who do not have parental permission for an account.

* DRM Not Included

Powered by Amazon Prime

The "Momo Challenge" doesn't exist; Internet confuses the uninitiated

An internet meme referred to as the "Momo Challenge" resurfaced this week after an uncredited blog posted a vague piece about an unattached YouTube video. The site, called pedimom (which now appears to be offline) contains an anonymous post by an author who claims to be a "physician mom," but cites no references to verify. In the post, the author claimed to have spotted a video appearing in YouTube Kids that cut from a cartoon to a guy walking in, offering instructions on how to kill themselves.

Thunderbolt is the most recent way to hack into your computer - The UpStream

F5 Live: Refreshing Technology

March 3, 2019 - Episode 522

Sunday Mar 3, 2019 (01:25:25)

Email

Password