Hello, welcome to the Wednesday, February 27th, 2019 edition of the Sands and it's Tom Sonders Stormcast. My name is Johannes Ulrich.

And I'm recording from Augusta, Georgia.

Researchers from the University of Cambridge, Rice University, and SRIZ University and SRI International took another look at Thunderbolt. Now,

Thunderbolt has had some well-known issues and really the type of issue went back all the way,

I think at least to Firewire. The problem here is that pretty much these interfaces are

providing some form of direct memory access,

so someone connected to these interfaces in theory would be able to read arbitrary memory.

Now in Thunderbolt, actually, vendors did address this issue with input-out output memory management units. These IOM

MUs as they're called can be used to limit what memory a particular peripheral device has access

to. But turns out that even though many modern operating systems support IOMUs, most of them

actually all but MacOS, do not have

them enabled. And in some cases, the implementations are also far from perfect. One vulnerability

in macOS, for example, allowed attackers to execute arbitrary code. However, this vulnerability

was fixed by Apple back in 2016.

To experiment with Thunderbolt, these researchers actually implemented a network card in software

that they then connected via Thunderbolt to the test system.

And by implementing a network card in software after it was recognized as a network

card by the operating system they were then able to essentially interact via the Thunderbolt

port at will the quick lesson here is be careful with what you're connecting to Thunderbolt

like I said the same applies to other ports as well.

Also, be somewhat careful with cables, in particular with Thunderbolt.

Most of the cables that you're using aren't actually just passive pieces of copper,

...