Security concerns over new Thunderbolt I/O technology
Security experts are casting a critical eye over Intel's new Thunderbolt high-speed interface, which is first scheduled to become commercially available with Apple's new MacBook Pro. The experts say the interface offers insufficient protection against potentially malicious devices.
Unlike such technologies as USB, Thunderbolt doesn't use a master/slave concept in which the PC controls communication. Rather, the new technology's concept is similar to that of Firewire, where a connected device can access a PC's working memory, for instance via DMA. Researchers such as those working in forensics have for some time taken advantage of this to create memory maps of the PCs they investigate. Vendor HBGary, for example, who was recently compromised by Anonymous, provided the US authorities with a framework that allows spyware to be injected into an unprotected but locked notebook via the Firewire port.
It appears that similar possibilities exist with Thunderbolt; for instance, the technology doesn't seem to include any device authentication. "The current Thunderbolt simply sends PCIe signals across the wire. That means, in theory, anything a PCIe card can do, a Thunderbolt device can do", warns Robert Graham from Errata Security.
As a potential attack scenario, Graham describes a conference presenter who connects his notebook to a projector via DisplayPort, which is supported by Thunderbolt. Unbeknown to the presenter, the projector could then secretly copy the entire contents of the notebook's hard disk in the background, said Graham. While this could, in principle, be prevented by such virtualisation technologies as Intel's Virtualisation Technology for Directed I/O (VT-d), the related technologies must actively be supported by the hardware as well as by the operating system and its drivers – which Graham said wasn't the case in Mac OS X when he last checked.
As no actual devices are available yet, criticisms are currently still rather vague. Furthermore, one mustn't forget that similar problems already exist with such ports as ExpressCard and SD/IO. Should Thunderbolt become as popular as USB, the issue could no longer be ignored. There is still time though; most projectors at conferences don't even offer DVI or HDMI connectors yet and still rely on VGA ports.