Skip to main content
  1. Home
  2. Computing
  3. Apple
  4. News

Check your ports! Researchers find scary vulnerability in Thunderbolt accessories

Add as a preferred source on Google
Apple MacBook Pro OLED with Touch Bar
Malarie Gokey/Digital Trends

A newly discovered vulnerability behind the Thunderbolt port on recent Macs or PCs could leave your computer exposed to an attack. Essentially, when a malicious accessory is plugged into a Thunderbolt port, hackers may be able to gain access to your files and steal data.

Researchers revealed the Thunderclap vulnerability at the Network and Distributed System Security Symposium, showing how direct memory access, or DMA, used by Thunderbolt ports to speed up access to memory puts your computers at risk. In addition to Thunderbolt ports, the researchers say that the vulnerability also affects a slew of other ports that take advantage of the low-level memory access privilege, including Firewire, Thunderbolt 2 and 3, and USB-C.

Recommended Videos

While DMA risks have been previously known, designers built in Input-Output Memory Management Units, (IOMMUs) as safeguards. The way this works, according to Sophos’ Naked Security blog, is that “access is granted through a virtual address space managed by the operating system in conjunction with hardware Input-Output Memory Management Units.”

However, IOMMUs aren’t quite as effective as previously thought. When a hacker plugs in a compromised peripheral that contains malicious code, there are ways to bypass the IOMMU layer. “These vulnerabilities allow an attacker with physical access to a Thunderbolt port to compromise a target machine in a matter of seconds, running arbitrary code at the highest privilege level and potentially gaining access to passwords, banking logins, encryption keys, private files, browsing, and other data,” the blog reported.

Researchers discovered the vulnerability by building their own device called the Thunderclap, hence the name behind the vulnerability. Any computer with a Thunderbolt port, including systems running Windows, Linux, FreeBSD, and Apple’s MacOS, is at risk, though researchers cautioned that any computer with a compromised PCIe card could also be affected.

Makers of operating systems were warned about the findings in 2016 and the latest software updates to MacOS, Windows 10, and Linux have removed some of the risks associated with this type of attack, but PCIe cards still aren’t safe.

However, to reduce your risk even further, you should refrain from using public or uncertified USB-C chargers and avoid plugging in any peripheral or accessory that you’re not familiar with.

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
A Windows 11 bug may be quietly eating hundreds of gigabytes of your storage
Windows 11’s storage-eating bug now has a fix from Microsoft
Windows 11 suffering from RAM crisis

If your Windows 11 PC suddenly looks low on storage, your downloads folder or game library may not be the problem. According to Windows Latest, a bug tied to a Windows system file can silently consume tens or even hundreds of gigabytes on the system drive.

The file in question is called CapabilityAccessManager.db-wal, and it sits inside Windows’ Capability Access Manager folder. Windows Latest says the issue may appear as unusually high “System files” usage in Windows 11’s storage breakdown, even though the Settings app does not clearly identify the exact file responsible. In some reported cases, users saw it grow to 200GB, and even more.

Read more
Your next Teams meeting could have an AI teammate that answers questions for you
Teams is getting smarter, cleaner, and quieter about it. The AI features are opt-in, the chat cleanup is automatic.
Computer, Electronics, Laptop

Microsoft Teams is getting a meaningful update that overhauls almost every part of how you use the app, from AI-assisted meetings to a cleaner chat layout. Most of the changes are already in testing, and several are scheduled to roll out before the end of the summer.

Starting with the most interesting addition: an upgraded AI Facilitator that can listen to your meeting, spot when someone seems confused, and generate a response (via Windows Report). 

Read more
A hacker’s arrest just revealed how Microsoft can track your Windows device
Microsoft knew what websites his Windows PC visited.
Windows 11 on a laptop

A teenager allegedly used a VPN to cover his tracks while hacking a US jewelry retailer, but Microsoft knew anyway.

Court documents unsealed in the US case against Peter Stokes, a 19-year-old dual US-Estonian citizen accused of being a member of the notorious Scattered Spider hacking group, reveal that Microsoft provided the FBI with records tied to a tracking mechanism called the Global Device Identifier, or GDID. 

Read more