Check your ports! Researchers find scary vulnerability in Thunderbolt accessories

Apple MacBook Pro OLED with Touch Bar
Malarie Gokey/Digital Trends

A newly discovered vulnerability behind the Thunderbolt port on recent Macs or PCs could leave your computer exposed to an attack. Essentially, when a malicious accessory is plugged into a Thunderbolt port, hackers may be able to gain access to your files and steal data.

Researchers revealed the Thunderclap vulnerability at the Network and Distributed System Security Symposium, showing how direct memory access, or DMA, used by Thunderbolt ports to speed up access to memory puts your computers at risk. In addition to Thunderbolt ports, the researchers say that the vulnerability also affects a slew of other ports that take advantage of the low-level memory access privilege, including Firewire, Thunderbolt 2 and 3, and USB-C.

While DMA risks have been previously known, designers built in Input-Output Memory Management Units, (IOMMUs) as safeguards. The way this works, according to Sophos’ Naked Security blog, is that “access is granted through a virtual address space managed by the operating system in conjunction with hardware Input-Output Memory Management Units.”

However, IOMMUs aren’t quite as effective as previously thought. When a hacker plugs in a compromised peripheral that contains malicious code, there are ways to bypass the IOMMU layer. “These vulnerabilities allow an attacker with physical access to a Thunderbolt port to compromise a target machine in a matter of seconds, running arbitrary code at the highest privilege level and potentially gaining access to passwords, banking logins, encryption keys, private files, browsing, and other data,” the blog reported.

Researchers discovered the vulnerability by building their own device called the Thunderclap, hence the name behind the vulnerability. Any computer with a Thunderbolt port, including systems running Windows, Linux, FreeBSD, and Apple’s MacOS, is at risk, though researchers cautioned that any computer with a compromised PCIe card could also be affected.

Makers of operating systems were warned about the findings in 2016 and the latest software updates to MacOS, Windows 10, and Linux have removed some of the risks associated with this type of attack, but PCIe cards still aren’t safe.

However, to reduce your risk even further, you should refrain from using public or uncertified USB-C chargers and avoid plugging in any peripheral or accessory that you’re not familiar with.

Home Theater

How to connect your Roku device to your hotel room’s TV

Staying at a hotel, but can't bear to be parted from your favorite streaming shows and movies? Take them with you with our complete guide to using your Roku on the road when staying at a hotel.
Smart Home

These best outdoor security cameras will keep porch pirates at bay

Worried about porch pirates stealing your packages, or intruders entering your home? Always be in the know about who or what is on your property by installing one of these outdoor security cameras.

Rooting your Android device is risky. Do it right with our handy guide

Wondering whether to root your Android smartphone or stick with stock Android? Perhaps you’ve decided to do it and you just need to know how? Here, you'll find an explanation and a quick guide on how to root Android devices.

Here's our guide to how to charge your laptop using a USB-C cable

Charging via USB-C is a great way to power up your laptop. It only takes one cable and you can use the same one for data as well as power -- perfect for new devices with limited port options.

Here are the best Chromebook deals available in March 2019

Whether you want a compact laptop to enjoy some entertainment on the go, or you need a no-nonsense machine for school or work, we've smoked out the best cheap Chromebook deals -- from full-sized laptops to 2-in-1 convertibles -- that won't…

From Chromebooks to MacBooks, here are the best laptop deals for March 2019

Whether you need a new laptop for school or work or you're just doing some post-holiday shopping, we've got you covered: These are the best laptop deals going right now, from discounted MacBooks to on-the-go gaming PCs.

Looking for a Chromebook? The Google PixelBook just got a $200 price cut

Once relatively obscure, Chromebooks have come into their own in a big way in recent years. One of our favorites is the super-sleek Google Pixelbook, and it's on sale right now from Amazon for $200 off, letting you score this premium laptop…

Still miss Windows 7? Here's how to make Windows 10 look more like it

There's no simple way of switching on a Windows 7 mode in Windows 10. Instead, you can install third-party software, manually tweak settings, and edit the registry. We provide instructions for using these tweaks and tools.

Go hands-free in Windows 10 with speech-to-text support

Looking for the dictation, speech-to-text, and voice control options in Windows 10? Here's how to set up Speech Recognition in Windows 10 and use it to go hands-free in a variety of different tasks and applications within Windows.

Get the most out of your high-resolution display by tweaking its DPI scaling

Windows 10 has gotten much better than earlier versions at supporting today's high-resolution displays. If you want to get the best out of your monitor, then check out our guide on how to adjust high-DPI scaling in Windows 10.

Got gadgets galore? Keep them charged up with the 10 best USB-C cables

We're glad to see that USB-C is quickly becoming the norm. That's why we've rounded up some of the better USB-C cables on the market, whether you're looking to charge or sync your smartphone. We've got USB-C to USB-C and USB-C to USB-A.

Nvidia’s GTX 1650 graphics card could be just a slight upgrade over the 1050 Ti

Rumors suggest Nvidia might soon launch the GTX 1650, and a leaked benchmark listing from Final Fantasy XV suggests that the new graphics card could be just a slight upgrade over last generation's GTX 1050 Ti. 

Get ready to say goodbye to some IFTTT support in Gmail by March 31

If This Then That, the popular automation service, will drop some of its support for Gmail by March 31. The decision comes as a response to security concerns and is aimed to protect user data.

Get the new Dell XPS 13 for $750 with this limited-time deal

Dell is currently running a limited time deal lasting through Thursday, March 28, where you can bring home a version of this year's new XPS 13 for around $750 with the use of a special coupon code.