Laptop cables grant hackers access
We connect our electronic devices every day - phone to laptop, or computer to projector - but just how secure are these innocent looking cables?
It turns out these types of connections are actually a gateway for hackers to access personal information on our devices. Passwords, banking details, private files and even full control of the device is possible through a flaw recently described in the proceedings of the Network and Distributed Systems Security Symposium 2019. As manufacturers strive for better device performance, they are combining both power and data cables. “Plugging your device in to charge up, implies the ability to communicate across the same cable. One thing we know in computer science is that as interfaces become complicated, it gets harder and harder to make them correct, and when they aren’t correct they’re often insecure,” explains Robert Watson, a computer scientist from the Cambridge Computer Laboratory, who was involved in the study.
Watson and his colleagues have found a new class of vulnerabilities in devices that operate with a type of port called a ‘thunderbolt’, that includes laptops running on Windows, macOS, Linux and FreeBSD. This puts many modern laptops at risk of a malicious connection. The team designed a system called ‘Thunderclap’ to probe the security of computers. This prototype hardware tries to understand what actually makes these devices vulnerable and how an attacker is able to manipulate a system.
“You plug in a projector, a power cable, or ethernet device and within a second we have ownership of the machine,” explains Watson. This is possible because of the interaction through the cable, where the device declares itself as something innocent like a projector, and then the computer, blissfully unaware, accepts the connection. “It allows the attacker to find the worst written device driver on the computer”, continues Watson, and this would allow them the greatest access to the computer memory. The attackers can silently compromise your machine, which may appear to function as normal, and only later, or sometimes never, do you find out what’s happened! Any software they install can work long after you’ve unplugged the device and even send sensitive information back at a later date.
But how do they actually gain access? Well traditionally these connections have been trusted by our computer systems and so they’re granted direct memory access, without the operating system governing the access. This feature is enabled to allow for high device performance and to save both time and power. Our computers do however have a system called input-output memory management units (IOMMUs), which act as a protection mechanism to peripheral-device memory access. Sadly, IOMMUs are switched off by default in many systems.
These findings have been shared with tech giants like Apple, Microsoft and Google to help them understand the device vulnerabilities and work towards fixing the issues. So what can these manufacturers do to help? “We can imagine changes, for example common device drivers that serve many different kind of devices, written with higher engineer standards and better testing,” explains Watson.
But what about the end users, how can we be safe? Simply put - “install the security updates the vendors have provided” and “not opening attachments they receive from people they don’t know...it’s probably time to start feeling that way about devices from people they don’t know as well.”