Share

• Copy link
• Facebook
• X
• Reddit
• Email

Share this article

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the Tom's Guide Newsletter

Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Daily (Mon-Sun)

Tom's Guide Daily

Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.

Signup +

Weekly on Thursday

Tom's AI Guide

Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!

Signup +

Weekly on Friday

Tom's iGuide

Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.

Signup +

Weekly on Monday

Tom's Streaming Guide

Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.

Signup +

---

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

If you use the Thunderbolt ports on your Mac, Windows PC or Linux box, be very careful about what you plug into them.

At the Network and Distributed System Security Symposium in San Diego yesterday (Feb. 26), academic researchers revealed a wide-ranging, deep-rooted set of vulnerabilities that lets malicious devices get full control of machines via their Thunderbolt ports.

Dubbed "Thunderclap," the flaws let attackers steal sensitive data such as passwords, encryption keys or financial information, or run malicious code on the system. The best Mac antivirus software and other traditional protections won't help.

"All Apple laptops and desktops produced since 2011 are vulnerable, with the exception of the 12-inch MacBook," the researchers write in a FAQ  explaining the flaws. "Many laptops, and some desktops, designed to run Windows or Linux produced since 2016 are also affected."

For the moment, the most prudent thing to do is to disable Thunderbolt protocols in your computer's BIOS or UEFI settings, if you know how to do that. Otherwise, don't plug any device you don't control into your Thunderbolt ports, even USB-C chargers or projectors or someone else's phone that might need a charge.

MORE: Best Antivirus Software

The Thunderbolt protocol, developed by Apple and Intel, lets USB-C and Mini DisplayPorts transmit power and video as well as data. You can often spot designated Thunderbolt ports on a Mac or PC by the tiny lightning-bolt icon printed next to them.

Thunderbolt is what lets newer MacBooks charge their own batteries, connect to outboard displays and transmit data to peripherals from a single port. PCI Express cards can also use Thunderbolt, but a PC's firmware would need to be tampered with before a Thunderclap attack from a PCI-E card would work.

To do all those things, the Thunderbolt protocol has deep access to the computer's inner workings, much more than regular ports, such as USB, have. Specifically, Thunderbolt peripherals get direct memory access (DMA), the ability to write directly to a PC's running memory without going through the operating system. That creates an opportunity for malicious hackers.

"Thunderbolt can allow potentially malicious devices to hotplug into a running machine and obtain direct memory access," the Thunderclap FAQ states. "Furthermore, the confusion of power, video, and DMA facilitates the creation of malicious charging stations or projectors that take control of connected machines."

PC makers can beef up Thunderbolt security somewhat with features called input-output memory management units (IOMMUs), but IOMMUs slow down Thunderbolt speed and are hence disabled by default on Windows (from Windows 10 1803 onward) and Linux machines.

Macs have IOMMUs turned on, but the researchers found that Apple's implementation of IOMMUs only partly shielded against attacks. In any case, even PCs and Linux boxes with IOMMUs enabled are still vulnerable to Thunderclap.

The researchers, from the University of Cambridge, Rice University, and SRI International, told the PC makers about the Thunderclap problems nearly three years ago, and the PC makers have been trying secretly to mitigate it ever since. Clearly, they haven't been completely successful.

This isn't the first security problem involving Thunderbolt ports. In 2014, a researcher developed proof-of-concept malware called Thunderstrike that could leap from one Mac to another using Thunderbolt devices. That flaw was fixed with an update to Mac OS X 10.10 Yosemite. A second version called Thunderstrike 2 followed in 2015, but was also quickly shut down by Apple.

If you'd like more information about Thunderclap, a more detailed blog posting is here and academic papers are here and here. Software and schematics for creating your own Thunderclap hacking device are on Github.

• Best Android Antivirus Apps
• Protect Your Computer with This One Simple Trick (Really)
• 25 Things You Didn't Know Could Be Hacked