Thunderbolt Security Issues

PabloGS · Feb 25, 2011

I don't know about you guys, but it's scary to see that you could potentially attach a HDD via Thunderbolt and hijack all data on the mac, even if it is locked etc.

For more details check this article:
http://www.h-online.com/security/ne...r-new-Thunderbolt-I-O-technology-1198476.html

Scary thought...

What do you folks think about all this? :S

MacDawg · Feb 25, 2011

Methinks a security company has a vested interest in raising security concerns as much as a Norton or MacAfee have in raising virus concerns. As the article states, these issues exist already in other technologies, and nobody has seen TB devices implemented yet.

It won't be a concern for me, because my Mac won't be hooking up and having unprotected data transfers with others anyway.

TEG · Feb 25, 2011

Write access to the hard drive will still be controlled by the OS, just like on Firewire. DMA simply allows data to be transferred without using CPU cycles. So it may be true you could have access, you likely wouldn't be able to do anything with your access. Also, a hard drive, in your scenario, would require a computer, in which case Thunderbolt defaults to ethernet, as a security precaution.

TEG

GoCubsGo · Feb 25, 2011

MacDawg said:
Methinks a security company has a vested interest in raising security concerns as much as a Norton or MacAfee have in raising virus concerns. As the article states, these issues exist already in other technologies, and nobody has seen TB devices implemented yet.

It won't be a concern for me, because my Mac won't be hooking up and having unprotected data transfers with others anyway.

^This.
I am always well aware of what people are putting in my ports.

acedickson · Feb 25, 2011

MacDawg said:
Methinks a security company has a vested interest in raising security concerns as much as a Norton or MacAfee have in raising virus concerns. As the article states, these issues exist already in other technologies, and nobody has seen TB devices implemented yet.

It won't be a concern for me, because my Mac won't be hooking up and having unprotected data transfers with others anyway.

Tend to agree with you dawg.

idea_hamster · Feb 25, 2011

There is no system that is robust against an attack when the person has physical access to the machine.

If you let someone sit down at your desk and plug crap into your ports, they will get all your data. Google Stuxnet and see what's really alive out there.

The real threats are the network threats, and OSX has enough of those to go around. They're not well circulated, but they do exist.

Evidently, Apple has circulated a developer copy of Lion 10.7 to a host of security experts who had reported flaws in the past for review and comment -- something that is, IIRC, totally new. So that's good.

rmitchell248 · Feb 25, 2011

PabloGS said:
I don't know about you guys, but it's scary to see that you could potentially attach a HDD via Thunderbolt and hijack all data on the mac, even if it is locked etc.

For more details check this article:
http://www.h-online.com/security/ne...r-new-Thunderbolt-I-O-technology-1198476.html

Scary thought...

What do you folks think about all this? :S

1 Keep in mind that your expressing these security concerns from the Internet biggest chance of info leak in the world lol

2 if your laptop is out unprotected and un guarded long enough for someone to hook up a tb cable and steal your data then why did you leave it out and why wouldn't hey just snatch the whole computer? Sounds like somebody would need to take better care of their machine?

whyzdom · Feb 25, 2011

MacDawg said:
...unprotected data transfers...

If this isn't the best Euphemism ever, I don't know what would be.... funny stuff.

dime21 · Feb 25, 2011

PabloGS said:
I don't know about you guys, but it's scary to see that you could potentially attach a HDD via Thunderbolt and hijack all data on the mac, even if it is locked etc.

For more details check this article:
http://www.h-online.com/security/ne...r-new-Thunderbolt-I-O-technology-1198476.html

Scary thought...

What do you folks think about all this? :S

I think you don't understand high performance I/O. Light Peak works in DMA mode. Just like all other high performance interfaces. Any security concerns you might have with Light Peak apply just the same to Firewire, SATA, eSATA, PATA, PCI, PCI Express, and ExpressCard slots.

USB does not work in DMA mode. It works in PIO mode. Which is one of the reasons why it's so stupid slow, and every single device you plug in requires special drivers to make it work. PIO mode sucks.

I think you read an article written by Chicken Little.

rmitchell248 · Feb 25, 2011

dime21 said:
I think you don't understand high performance I/O. Light Peak works in DMA mode. Just like all other high performance interfaces. Any security concerns you might have with Light Peak apply just the same to Firewire, SATA, eSATA, PATA, PCI, PCI Express, and ExpressCard slots.

USB does not work in DMA mode. It works in PIO mode. Which is one of the reasons why it's so stupid slow, and every single device you plug in requires special drivers to make it work. PIO mode sucks.

I think you read an article written by Chicken Little.

Yeah but now that can steal your stuff way faster than USB ...up to 10gbits/sec.... Well if there were any peripherals out or anything like that

ChronoIMG · Feb 25, 2011

jessica. said:
I am always well aware of what people are putting in my ports.

Never leave your ports uncovered...

MartyF81 · Feb 25, 2011

Physical Access to the device is the ultimate "Hack". If I have enough time to hook up a TB Drive to your device and "Take" every thing (even at TB Speed)... WITHOUT you even noticing.... then I likely also have enough time to just take your Laptop and walk out with it... or when they put it in Desktops... Open the side and pull the drive out.

miles01110 · Feb 25, 2011

idea_hamster said:
There is no system that is robust against an attack when the person has physical access to the machine.

Sure there is. Offsite backup and AES-256 works pretty well... assuming that the encrypted information isn't so sensitive that it will matter in the next thousand years or so while the key is brute-forced.

Krevnik · Feb 25, 2011

miles01110 said:
Sure there is. Offsite backup and AES-256 works pretty well... assuming that the encrypted information isn't so sensitive that it will matter in the next thousand years or so while the key is brute-forced.

Even with whole disk encryption, if you either: A) have to use a password to generate the key, or B) store the key somewhere that can be read before decrypting the disk... you are still vulnerable. With A, you've changed the attack into a password attack. With B, you've changed the attack into a "Where's Waldo" attack. Without a TPM, B is actually a pretty likely scenario.

EDIT: Even worse is that tech like BitLocker that does use a TPM still can be attacked from the side due to the ability to recover the machine if something happens.

Search

Search

Thunderbolt Security Issues

PabloGS

macrumors member

MacDawg

Moderator emeritus

TEG

macrumors 604

GoCubsGo

macrumors Nehalem

acedickson

macrumors 6502a

idea_hamster

macrumors 65816

rmitchell248

macrumors 6502

whyzdom

macrumors regular

dime21

macrumors 6502

rmitchell248

macrumors 6502

ChronoIMG

macrumors regular

MartyF81

macrumors 6502

miles01110

macrumors Core

Krevnik

macrumors 601

Our Staff