New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Thunderclap Flaws

Initially the Thunderbolt interface was available exclusively for Apple, but now Windows, Linux, and FreeBSD systems all have the ability to use the platform. The Thunderclap flaws put a damper on the efficiency of all of these systems by affecting the way peripherals are able to interact and can eventually lead to data being stolen from the memory of the OS. To give a better perspective, Thunderbolt was designed by the coalition of Apple and Intel as a hardware interface that allows connectivity to external peripherals such as keyboards, chargers, projectors, etc. The Thunderclap flaws lie within the way Thunderbolt has been introduced to the OS and hackers are taking advantage of Direct Memory Access (DMA), which is essentially the OS allowing any new peripheral access to the entirety of its memory. What makes these flaws dangerous is the fact that attackers can create malicious peripherals that will infect the system while it is still performing its normal task. All of the creators of the affected OS’s have been aware of the issues for quite some time now but have failed to find a permanent solution to the problem. Further details can be found at https://thunderclap[dot]io/ and[dot]pdf respectively.

Analyst Notes

At this time, users are suggested to disable the Thunderbolt ports by going to BIOS/UEFI firmware settings and they are also advised to avoid plugging in to peripherals from untrusted sources. Users should not leave laptops unattended, even if it is locked. This could leave an opportunity open for an attacker to utilize this vulnerability without the victim knowing.