Thunderclap

Modern computers are vulnerable to malicious peripheral devices

About

About the Thunderclap vulnerabiltiies

The Thunderclap vulnerabilities are security flaws that affect the way modern computers interact with peripheral devices such as network cards, storage, and graphics cards. These vulnerabilities allow an attacker with physical access to a Thunderbolt port to compromise a target machine in a matter of seconds, running arbitrary code at the highest privilege level and potentially gaining access to passwords, banking logins, encryption keys, private files, browsing and other data. Attacks exploiting these vulnerabilities can also be carried out by seemingly innocuous peripherals like chargers and projectors that correctly charge or project video but simultaneously compromise the host machine.

The Thunderclap platform is a hardware/software stack for research into the security of computer peripherals and their interaction with operating systems. It was used to discover the Thunderclap vulnerabilities and develop proof-of-concept exploits.

The Thunderclap platform as well as a number of Thunderclap vulnerabilities and proof-of-concept attacks are described in:

Thunderclap: Exploring Vulnerabilities in Operating System IOMMU Protection via DMA from Untrustworthy Peripherals A. Theodore Markettos, Colin Rothwell, Brett F. Gutstein, Allison Pearce, Peter G. Neumann, Simon W. Moore, Robert N. M. Watson. Proceedings of the Network and Distributed Systems Security Symposium (NDSS), 24-27 February 2019, San Diego, USA. BibTeX

More information about some of the experiments can be found in the following PhD thesis:

Exploitation from malicious PCI Express peripherals Colin Rothwell. University of Cambridge Computer Laboratory technical report UCAM-CL-TR-934.

The Thunderclap platform is open-source and available for researchers to build or extend:

https://github.com/thunderclap-io

FAQ

Have a question?

Who is affected by the Thunderclap vulnerabilities?

How can I protect myself?

How do the Thunderclap vulnerabilities work?

The Thunderclap vulnerabilities stem from the fact that computer peripherals such as network cards and GPUs have traditionally been trusted parts of a computer system: they have direct memory access (DMA), which allows them to read and write all of system memory without operating system oversight. DMA allows peripherals to bypass operating system security policies, and DMA attacks abusing this access have been widely employed by hackers and the intelligence community to take control of and exfiltrate sensitive data from target machines. This means passwords, banking logins, private files and browser activity are all exposed, and an attacker can inject any code they wish onto your machine.

Current systems feature input-output memory management units (IOMMUs), protection mechanisms that allow the operating system to restrict peripheral-device memory access. With IOMMU usage enabled, operating systems can protect against DMA attacks by restricting memory access to peripherals that perform legitimate functions and only allowing access to non-sensitive regions of memory. Unfortunately, IOMMU protection is turned off by default in many systems.

Our work leverages vulnerabilities in operating system IOMMU usage to compromise a target system via DMA, even in the presence of an IOMMU that is enabled and configured to defend against DMA attacks. The novel Thunderclap security evaluation platform, built on field-programmable gate array (FPGA) hardware, mimics the functionality of a legitimate peripheral device to convince a target operating system to grant it access to regions of memory. It then examines those regions of memory to find a rich and nuanced attack surface of vulnerable structures that can be exploited to take control of the system.

The rise of hardware interconnects like Thunderbolt 3 over USB-C that combine power input, video output, and peripheral device DMA over the same port greatly increases the real-world applicability of Thunderclap vulnerabilities. Thunderbolt can allow potentially malicious devices to hotplug into a running machine and obtain direct memory access, which makes DMA attacks against temporarily unattended targets feasible. Furthermore, the confusion of power, video, and DMA facilitates the creation of malicious charging stations or projectors that take control of connected machines.

Additionally, our work shows that the Thunderclap vulnerabilities can also be exploited by compromised firmware on existing PCI Express devices, for example network cards or baseboard management controllers (BMCs) integrated into servers. A firmware compromise might be introduced via a firmware vulnerability or a compromise in the device supply chain or factory.

What is DMA?

What is an IOMMU?

Why don’t IOMMUs provide protection in current systems?

What is Thunderbolt access control and why doesn’t it address these problems?

Thunderbolt access control is a mechanism by which Windows and some Linux systems can prompt the user when a device is connected and allow the user to decide whether to block the device, to allow it once, or to allow and remember for next time.

We don’t break Thunderbolt access control; the Thunderclap vulnerabilities are orthogonal to it and are more fundamental. However we also believe Thunderbolt access control is insufficient in a number of respects.

First, macOS does not implement access control prompts; it contains a whitelist of approved Thunderbolt devices that are automatically permitted. This means it’s simply necessary for an attacker to purchase an approved Thunderbolt dock and access is granted.

Second, when given an all-or-nothing prompt (approve or deny), users are habituated to clicking ‘accept’. In particular, since the prompt does not give sufficient indication of what access the device is requesting, users cannot make an informed judgement about whether to allow it. For example, above an attacker can simply label their device as a ‘CalDigit TS3’ to lull users into a false sense of security.

Additionally, Thunderbolt access control only covers the Thunderbolt layer. Our work relates to devices that sit on top of Thunderbolt, which talk via PCI Express (by analogy, Thunderbolt is the telephone wiring and PCI Express is the language spoken by someone on the telephone). Previous work has shown it’s possible to swap out a PCI Express device for another without causing Thunderbolt authentication to notice that the device internals have been replaced. This means an attacker can buy a genuine device and make substantial modifications to it without Thunderbolt being aware that anything is different about it.

That said, if you receive a Thunderbolt prompt when connecting a device which you believe is only a charger or display, you should not approve it.

PCI Express itself has no access control of this kind, so this mechanism does not protect desktops and servers from their PCIe cards.

How does this work differ from earlier DMA attacks such as Inception?

How does this work differ from attack techniques such as Facedancer and BadUSB?

How did vendors respond to these vulnerabilities?

Why have you open-sourced the Thunderclap platform? Won’t that just help attackers?

Technical details of the Thunderclap platform

The Thunderclap platform consists of an FPGA that runs the Thunderclap application. The FPGA then plugs into a computer via PCI Express or Thunderbolt. The Thunderclap application makes the FPGA behave to the computer like a genuine Ethernet card (the Intel 82574L network interface card or NIC). The operating system will identify the ethernet peripheral, load drivers, allow the device to access memory (via DMA and an IOMMU if enabled), and ask it to send and receive packets.

With this deep interaction with the operating system, Thunderclap’s device model provides hooks that allow payload functions to be added to device behavior. For example, when the operating system asks the NIC to send a packet, it provides the NIC with the address of the data to send. A payload function might search nearby memory looking for plaintext data that was intended for a different network device.

Thunderbolt dock with FPGA implant, an implementation of our I/O-security research platform

The Thunderclap application runs on Intel/Altera FPGA boards:

Intel Arria 10 SoC Development Kit ($4500) with Samtec HDR-181157-01-PCIEC cable (available from Samtec direct) – currently recommended
Enclustra Mercury+ AA1 module (ME-AA1-270-3E4-D11E) on PE1 carrier board (~EUR 800) – work in progress
Terasic DE5-Net board (Stratix V) with BERI soft-CPU – no longer supported
As far as we can ascertain, Xilinx, Lattice and Intel Cyclone FPGAs don’t allow us to replace the vendor-supplied implementation of configuration registers with our own (Intel calls it ‘config bypass’ mode) which we require.

It is composed of several pieces:

The underlying FPGA bitfile, containing the hardware that receives PCIe packets (TLPs) and delivers them to software. The FPGA contains an Arm Cortex A9 CPU (hard processor system or HPS) to run our software stack. GitHub repo
The Ubuntu 16.04 operating system running on the on the Arm, including kernel, device tree and u-boot bootloader (which also loads the FPGA bitfile at boot time). Automated build scripts (work in progress): GitHub repo
The Thunderclap application, which is a substantially cut down version of QEMU, based on its e1000e device. This runs in Ubuntu on the ARM core and connects directly to the PCIe queues provided by the hardware. GitHub repo