English
Français
Light
Dark
System

Alert System

Stay informed at all times
Create an account Open a free account Login Manage your alerts

CAPEC-665

Exploitation of Thunderbolt Protection Flaws
LOW
Stable
2021-06-24 00:00 +00:00
2022-09-29 00:00 +00:00
CAPEC Mitre.org

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.
Alert management

Description

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.

Informations

Execution Flow

1) Explore

[Survey physical victim environment and potential Thunderbolt system targets] The adversary monitors the target's physical environment to identify systems with Thunderbolt interfaces, identify potential weaknesses in physical security in addition to periods of nonattendance by the victim over their Thunderbolt interface equipped devices, and when the devices are in locked or sleep state.

2) Explore

[Evaluate the target system and its Thunderbolt interface] The adversary determines the device's operating system, Thunderbolt interface version, and any implemented Thunderbolt protections to plan the attack.

1) Experiment

[Obtain and/or clone firmware image] The adversary physically manipulates Thunderbolt enabled devices to acquire the firmware image from the target and/or adversary Thunderbolt host controller's SPI (Serial Peripheral Interface) flash.

Technique
  • Disassemble victim and/or adversary device enclosure with basic tools to gain access to Thunderbolt controller SPI flash by connecting adversary SPI programmer.
  • Adversary connects SPI programmer to adversary-controlled Thunderbolt enabled device to obtain/clone victim thunderbolt controller firmware image through tools/scripts.
  • Clone firmware image with SPI programmer and tools/scripts on adversary-controlled device.

2) Experiment

[Parse and locate relevant firmware data structures and information based upon Thunderbolt controller model, firmware version, and other information] The acquired victim and/or adversary firmware image is parsed for specific data and other relevant identifiers required for exploitation, based upon the victim device information and firmware version.

Technique
  • Utilize pre-crafted tools/scripts to parse and locate desired firmware data and modify it.
  • Locate DROM (Device Read Only Memory) data structure section and calculate/determine appropriate offset to replicate victim device UUID.
  • Locate ACL (Access Control List) data structure and calculate/determine appropriate offsets to identify victim device UUID.
  • Locate data structure containing challenge-response key information between appropriate offsets.

3) Experiment

[Disable Thunderbolt security and prevent future Thunderbolt security modifications (if necessary)] The adversary overrides the target device's Thunderbolt Security Level to "None" (SL0) and/or enables block protections upon the SPI flash to prevent the ability for the victim to perform and/or recognize future Thunderbolt security modifications as well as update the Thunderbolt firmware.

Technique
  • The adversary-controlled Thunderbolt device, connected to SPI programmer and victim device via Thunderbolt ports, is utilized to execute commands within tools/scripts to disable SPI flash protections, modify Thunderbolt Security Level, and enable malicious SPI flash protections.

4) Experiment

[Modify/replace victim Thunderbolt firmware image] The modified victim and/or adversary thunderbolt firmware image is written to attacker SPI flash.

1) Exploit

[Connect adversary-controlled thunderbolt enabled device to victim device and verify successful execution of malicious actions] The adversary needs to determine if their exploitation of selected vulnerabilities had the intended effects upon victim device.

Technique
  • Observe victim device identify adversary device as the victim device and enables PCIe tunneling.
  • Resume victim device from sleep, connect adversary-controlled device and observe security is disabled and Thunderbolt connectivity is restored with PCIe tunneling being enabled.
  • Observe that in UEFI or Thunderbolt Management Tool/UI that the Security Level does not match adversary modified Security Level of "None" (SL0)
  • Observe after installation of Firmware update that within Thunderbolt Management UI the "NVM version" is unchanged/same prior to the prompt of successful Firmware update/installation.

2) Exploit

[Exfiltration of desired data from victim device to adversary device] Utilize PCIe tunneling to transfer desired data and information from victim device across Thunderbolt connection.

Prerequisites

The adversary needs at least a few minutes of physical access to a system with an open Thunderbolt port, version 3 or lower, and an external thunderbolt device controlled by the adversary with maliciously crafted software and firmware, via an SPI Programming device, to exploit weaknesses in security protections.

Skills Required

Detailed knowledge on various system motherboards, PCI Express Domain, SPI, and Thunderbolt Protocol in order to interface with internal system components via external devices.
Detailed knowledge on OS/Kernel memory address space, Direct Memory Access (DMA) mapping, Input-Output Memory Management Units (IOMMUs), and vendor memory protections for data leakage.
Detailed knowledge on scripting and SPI programming in order to configure and modify Thunderbolt controller firmware and software configurations.

Resources Required

SPI Programming device capable of modifying/configuring or replacing the firmware of Thunderbolt device stored on SPI Flash of target Thunderbolt controller, as well as modification/spoofing of adversary-controlled Thunderbolt controller.
Precrafted scripts/tools capable of implementing the modification and replacement of Thunderbolt Firmware.
Thunderbolt-enabled computing device capable of interfacing with target Thunderbolt device and extracting/dumping data and memory contents of target device.

Mitigations

Implementation: Kernel Direct Memory Access Protection
Configuration: Enable UEFI option USB Passthrough mode - Thunderbolt 3 system port operates as USB 3.1 Type C interface
Configuration: Enable UEFI option DisplayPort mode - Thunderbolt 3 system port operates as video-only DP interface
Configuration: Enable UEFI option Mixed USB/DisplayPort mode - Thunderbolt 3 system port operates as USB 3.1 Type C interface with support for DP mode
Configuration: Set Security Level to SL3 for Thunderbolt 2 system port
Configuration: Disable PCIe tunneling to set Security Level to SL3
Configuration: Disable Boot Camp upon MacOS systems

Related Weaknesses

CWE-ID Weakness Name
CWE-345 Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
CWE-353 Missing Support for Integrity Check
The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.
CWE-288 Authentication Bypass Using an Alternate Path or Channel
A product requires authentication, but the product has an alternate path or channel that does not require authentication.
CWE-1188 Initialization of a Resource with an Insecure Default
The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References

REF-647

Thunderspy When Lighting Strikes Thrice: Breaking Thunderbolt 3 Security
Björn Ruytenberg.
https://thunderspy.io/

REF-648

Breaking Thunderbolt Protocol Security: Vulnerability Report
Björn Ruytenberg.
https://thunderspy.io/assets/reports/breaking-thunderbolt-security-bjorn-ruytenberg-20200417.pdf

REF-649

Thunderbolt flaws affect millions of computers – even locking unattended devices won't help
Liam Tung.
https://www.zdnet.com/article/thunderbolt-flaws-affect-millions-of-computers-even-locking-unattended-devices-wont-help/

REF-650

Microsoft: Worried about Thunderbolt attacks? Get a Windows 10 Secured-Core PC
Liam Tung.
https://www.zdnet.com/article/microsoft-worried-about-thunderbolt-attacks-get-a-windows-10-secured-core-pc/

REF-651

Thunderbolt flaw allows access to a PC’s data in minutes
Jon Porter.
https://www.theverge.com/2020/5/11/21254290/thunderbolt-security-vulnerability-thunderspy-encryption-access-intel-laptops

REF-652

MORE INFORMATION ON THUNDERBOLT(TM) SECURITY
Jerry Bryant.
https://blogs.intel.com/technology/2020/05/more-information-on-thunderspy/#gs.0o6pmk

Submission

Name Organization Date Date Release
CAPEC Content Team The MITRE Corporation 2021-06-24 +00:00

Modifications

Name Organization Date Comment
CAPEC Content Team The MITRE Corporation 2022-02-22 +00:00 Updated Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2022-09-29 +00:00 Updated Taxonomy_Mappings

More information
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.