Most laptops, desktops vulnerable to cyber attacks through plug-in devices
The potential attacks could take complete control of the target computer.
By PTI |
ThinkStock Photos
LONDON: Many modern laptops and an increasing number of desktop computers are much more vulnerable to hacking through common plug-in devices than previously thought, a study has found.
The researchers from from the University of Cambridge in the UK and Rice University in the US shows that attackers can compromise an unattended machine in a matter of seconds through devices such as chargers and docking stations.
Vulnerabilities were found in computers with Thunderbolt ports running Windows, macOS, Linux and FreeBSD. Many modern laptops and an increasing number of desktops are susceptible.
The researchers exposed the vulnerabilities through Thunderclap, an open-source platform they have created to study the security of computer peripherals and their interactions with operating systems.
It can be plugged into computers using a USB-C port that supports the Thunderbolt interface and allows the researchers to investigate techniques available to attackers.
ADVERTISEMENT
They found that potential attacks could take complete control of the target computer.
In addition to plug-in devices like network and graphics cards, attacks can also be carried out by seemingly innocuous peripherals like chargers and projectors that correctly charge or project video but simultaneously compromise the host machine.
Computer peripherals such as network cards and graphics processing units have direct memory access (DMA), which allows them to bypass operating system security policies.
DMA attacks abusing this access have been widely employed to take control of and extract sensitive data from target machines.
ADVERTISEMENT
Current systems feature input-output memory management units (IOMMUs) which can protect against DMA attacks by restricting memory access to peripherals that perform legitimate functions and only allowing access to non-sensitive regions of memory.
However, IOMMU protection is frequently turned off in many systems and the new research shows that, even when the protection is enabled, it can be compromised.
ADVERTISEMENT
"We have demonstrated that current IOMMU usage does not offer full protection and that there is still the potential for sophisticated attackers to do serious harm," said Brett Gutstein, who is one of the research team.
The vulnerabilities were discovered in 2016 and the researchers have been working with technology companies such as Apple, Intel and Microsoft to address the security risks.
Companies have begun to implement fixes that address some of the vulnerabilities that the researchers uncovered; several vendors have released security updates in the last two years.
However, the research shows that solving the general problem remains elusive and that recent developments, such as the rise of hardware interconnects like Thunderbolt 3 that combine power input, video output and peripheral device DMA over the same port, have greatly increased the threat from malicious devices, charging stations and projectors that take control of connected machines.
The researchers want to see technology companies taking further action, but also stress the need for individuals to be aware of the risks.
"It is essential that users install security updates provided by Apple, Microsoft and others to be protected against the specific vulnerabilities we have reported," said Theodore Markettos, who led the study.
"However, platforms remain insufficiently defended from malicious peripheral devices over Thunderbolt and users should not connect devices they do not know the origin of or do not trust," he said.
Not all innovative tech is launched by big brands. Crowdfunding is a great way that small companies with big ideas can get the cash they need to get started.
ET rounds up some of his current favourites.
Not all innovative tech is launched by big brands. Crowdfunding is a great way that small companies with big ideas can get the cash they need to get started.ET rounds up some of his current favourite..
Read More
A multi-screen computer setup offers several advantages for work and play. This is easy to do in your home or at the office but what about when you’re travelling or working out of a café? For such instances, Taihe Gemini is a portable 15.6-inch touchscreen display which weighs just 900 grams. You can get it in full HD (touchscreen) or 4K (non touch) resolution and it has a metal kickstand design to prop up at any viewing angle. Depending on the version you choose, it can have HDMI, USB Type-C, mini DisplayPort, 3.5mm audio and multiple USB ports (UHD variant only) for connectivity. You don’t have to worry about power because the Gemini has a built-in battery for up to 5 hours of backup. You can use it in landscape or portrait mode with your laptop, phone or console in mirror mode or as a second display. It’s currently on Kickstarter and the full HD variant is for US$ 219 while the 4K variant is US$ 299 with shipping estimated to begin in May 2019.
(Image: www.kickstarter.com)
A multi-screen computer setup offers several advantages for work and play. This is easy to do in your home or at the office but what about when you’re travelling or working out of a café? For such i..
Read More
Only when you get a good laptop stand will you realize the difference it makes in terms of ergonomics. Trouble is, laptop stands are large and heavy — you don’t really want to add that weight to your existing laptop, especially if you move around a lot. MOFT is the world’s first invisible laptop stand that sticks to your laptop without adding much bulk. It’s made using polyurethane and fiberglass — you shouldn’t notice the 3mm thickness and 65 gram weight at all. It can be adjusted to raise the laptop up by 2 to 3.2-inches. MOFT works with laptops with up to 15.6-inch screens and uses removable glue to attach/detach without leaving residue. You can get it in four colours: gold, rose gold, silver & grey. At the time of writing, it has already been 22535% funded on Indiegogo. You can get your order in for US$ 19 with delivery in April 2019.
(Image: www.kickstarter.com)
Only when you get a good laptop stand will you realize the difference it makes in terms of ergonomics. Trouble is, laptop stands are large and heavy — you don’t really want to add that weight to you..
Read More
It may look like a fat whiteboard marker but Zanco’s Smart Pen is actually several devices in one. They claim it’s the world’s thinnest mobile phone (it’s a feature phone but has a 0.96-inch colour display). It also has physical number and navigation buttons. Other features include a nano SIM slot, microSD slot for storage, 3.5mm jack, built-in dual mics, a call receiver speaker, loudspeaker, front camera and rear camera. For connectivity, it has Bluetooth 3.0 using which it can connect with a smartphone and act as Bluetooth headset. Not to forget, it also works as a touchscreen stylus, a laser pointer, voice recorder, Mp3/Mp4 player and has a voice changer feature. Battery life is about 6 hours on a single charge. At the time of writing, the project has already been funded and you can pre-order one for US$ 59 + shipping with delivery expected in April 2019.
(Image: www.kickstarter.com)
It may look like a fat whiteboard marker but Zanco’s Smart Pen is actually several devices in one. They claim it’s the world’s thinnest mobile phone (it’s a feature phone but has a 0.96-inch colour ..
Read More
If you want a 100-inch or larger screen using a projector, you would need one of those heavy, bulky devices that consume a lot of power. The Piqo pocket projector changes this notion by projecting a 240-inch screen from a 2-inch size cube that weighs only 210 grams! It has full HD resolution, 200 lumens brightness (most pocket projectors only do 100 Lumens) and even has automatic keystone adjustment so that you get the best possible picture. It has HDMI input, 3.5mm audio out, a microSD card slot, USB port for media playback, plus WiFi and Bluetooth 5.0 connectivity. There are touch controls on top, built in speakers, a quad core processor, 16GB internal storage and a 5-hour battery life. Moreover, the projector is Android powered — you can install apps from Google Play Store and watch content without connecting any device. At the moment, the projector is available for an early bird price of US$ 349 on Indiegogo (Rs 25,000 approx.) with delivery expected in May 2019.
(Image: www.piqoprojector.com)
If you want a 100-inch or larger screen using a projector, you would need one of those heavy, bulky devices that consume a lot of power. The Piqo pocket projector changes this notion by projecting a ..
Read More
With mobile gaming on an all-time high (thanks to games like PUBG), there is a lot of interest in smartphone gaming accessories. There are gaming docks and controllers available, but nothing looks quite like the Muja gaming pad. It sticks to the back of your phone using suction cups, connects over Bluetooth and is compatible with iOS and Android. This design ensures that the phone does not overheat. The touchpad is divided into four zones which can be customized for any controls. You get front as well as rear controls which is handy for FPS games. Muja has a built-in 450mAh battery which should last about 56 hours of gameplay on a single charge. The company behind the gamepad, HandScape Inc, will be offering it at a 50% discount compared to standard retail price when it goes live for funding in February 2019 on Indiegogo.
(Image: www.indiegogo.com)
With mobile gaming on an all-time high (thanks to games like PUBG), there is a lot of interest in smartphone gaming accessories. There are gaming docks and controllers available, but nothing looks q..
Most laptops vulnerable to attacks via plug-in devices: Study
