Locking down the Thunderbolt interface

The Thunderbolt interface supports extremely fast data transfer rates, but be careful about what you plug into your port, because Thunderbolt devices access memory directly. We’ll show you some Linux tools for locking down your Thunderbolt interface.

The Thunderbolt interface is an interface used for connecting peripheral devices to many modern computers. Thunderbolt connections (with the familiar lightning arrow symbol – see Figure 1) support fast transfer of audio, video, and other data over a single cable and can also charge devices connected through the same interface.

The Thunderbolt specification was developed by Intel in collaboration with Apple. Many users might think of Thunderbolt in the context of Apple hardware. Apple actually started shipping MacBook Pro models with the interface back in 2011 (see the box entitled “Thunderbolt Through the Years”). Thunderbolt has become a common feature on MacBook computers, as well as many other Intel-based systems.

Through the years, however, the power and speed of Thunderbolt has led to some security issues. Like other technologies that communicate with a system via PCI Express (PCIe), Firewire, or similar protocols, Thunderbolt supports direct access to system memory. Directly accessing memory enables fast data transfer rates, but it also poses a security risk, because many different components access memory at the same time, which creates the potential for a DMA attack. (A DMA attack involves unauthorized access to the system memory in order to read arbitrary data.)

[…]

Use Express-Checkout link below to read the full article (PDF).

Posted by Contributor