In a new study, researchers found many laptops and desktop computers are vulnerable to hacking through common plug-in devices.
Attackers could compromise an unattended computer through devices such as chargers and docking stations in just a few seconds.
The research was conducted by researchers from the University of Cambridge and Rice University.
In the current study, the team used Thunderclap, an open-source platform they have created, to study the security of computer plug-ins and their interactions with operating systems.
The platform could be plugged into computers using a USB-C port. It allows the researchers to test techniques available to attackers.
They found vulnerabilities in computers with Thunderbolt ports running Windows, macOS, Linux, and FreeBSD. In fact, they found potential attacks could control the target computer completely.
The researchers suggest that in addition to plug-in devices like network and graphics cards, attacks can also be done from chargers and projectors.
According to the researchers, graphics processing units and network cards have direct memory access (DMA).
DMA attacks could take control of and extract sensitive data from target computers.
The input-output memory management units (IOMMUs) could help prevent DMA attacks.
However, the current study shows that even the protection is turned on, it can be compromised.
The vulnerabilities were discovered in 2016. Since then, the team has been working with technology companies such as Apple, Intel and Microsoft to solve the problem.
But the team shows that recent hardware developments have strongly increased the threat from malicious devices.
The researchers suggest it is very important that people install security updates provided by Apple, Microsoft and other companies.
This can help protect against the specific vulnerabilities they have reported in the study.
The leader of the study is Dr. Theodore Markettos from Cambridge’s Department of Computer Science and Technology. Brett Gutstein, a Gates Cambridge Scholar, is a team member.
The study was presented at the Network and Distributed Systems Security Symposium in San Diego.
Copyright © 2019 Knowridge Science Report. All rights reserved.
