Dark Mode

Settings

Capec-665 Detail

Exploitation of Thunderbolt Protection Flaws

Detailed Communications Software Likelihood: Low Typical Severity: Very High

Parents: 276

Description

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.

Not present

External ID Source Link Description
CAPEC-665 capec https://capec.mitre.org/data/definitions/665.html
CWE-345 cwe http://cwe.mitre.org/data/definitions/345.html
CWE-353 cwe http://cwe.mitre.org/data/definitions/353.html
CWE-288 cwe http://cwe.mitre.org/data/definitions/288.html
CWE-1188 cwe http://cwe.mitre.org/data/definitions/1188.html
CWE-862 cwe http://cwe.mitre.org/data/definitions/862.html
T1211 ATTACK https://attack.mitre.org/wiki/Technique/T1211 Exploitation for Defensive Evasion
T1542.002 ATTACK https://attack.mitre.org/wiki/Technique/T1542/002 Pre-OS Boot: Component Firmware
T1556 ATTACK https://attack.mitre.org/wiki/Technique/T1556 Modify Authentication Process
REF-647 reference_from_CAPEC https://thunderspy.io/ Björn Ruytenberg, Thunderspy When Lighting Strikes Thrice: Breaking Thunderbolt 3 Security, 2020, Eindhoven University of Technology
REF-648 reference_from_CAPEC https://thunderspy.io/assets/reports/breaking-thunderbolt-security-bjorn-ruytenberg-20200417.pdf Björn Ruytenberg, Breaking Thunderbolt Protocol Security: Vulnerability Report, 2020--04---17, Eindhoven University of Technology
REF-649 reference_from_CAPEC https://www.zdnet.com/article/thunderbolt-flaws-affect-millions-of-computers-even-locking-unattended-devices-wont-help/ Liam Tung, Thunderbolt flaws affect millions of computers – even locking unattended devices won't help, 2020--05---11, ZDNet
REF-650 reference_from_CAPEC https://www.zdnet.com/article/microsoft-worried-about-thunderbolt-attacks-get-a-windows-10-secured-core-pc/ Liam Tung, Microsoft: Worried about Thunderbolt attacks? Get a Windows 10 Secured-Core PC, 2020--05---14, ZDNet
REF-651 reference_from_CAPEC https://www.theverge.com/2020/5/11/21254290/thunderbolt-security-vulnerability-thunderspy-encryption-access-intel-laptops Jon Porter, Thunderbolt flaw allows access to a PC’s data in minutes, 2020--05---11, The Verge
REF-652 reference_from_CAPEC https://blogs.intel.com/technology/2020/05/more-information-on-thunderspy/#gs.0o6pmk Jerry Bryant, MORE INFORMATION ON THUNDERBOLT(TM) SECURITY, 2020--05---10, Intel Corporation
Explore

  1. Survey physical victim environment and potential Thunderbolt system targets: The adversary monitors the target's physical environment to identify systems with Thunderbolt interfaces, identify potential weaknesses in physical security in addition to periods of nonattendance by the victim over their Thunderbolt interface equipped devices, and when the devices are in locked or sleep state.

  2. Evaluate the target system and its Thunderbolt interface: The adversary determines the device's operating system, Thunderbolt interface version, and any implemented Thunderbolt protections to plan the attack.

Experiment

  1. Obtain and/or clone firmware image: The adversary physically manipulates Thunderbolt enabled devices to acquire the firmware image from the target and/or adversary Thunderbolt host controller's SPI (Serial Peripheral Interface) flash.

    2. Techniques
    Disassemble victim and/or adversary device enclosure with basic tools to gain access to Thunderbolt controller SPI flash by connecting adversary SPI programmer.
    Adversary connects SPI programmer to adversary-controlled Thunderbolt enabled device to obtain/clone victim thunderbolt controller firmware image through tools/scripts.
    Clone firmware image with SPI programmer and tools/scripts on adversary-controlled device.

  2. Parse and locate relevant firmware data structures and information based upon Thunderbolt controller model, firmware version, and other information: The acquired victim and/or adversary firmware image is parsed for specific data and other relevant identifiers required for exploitation, based upon the victim device information and firmware version.

    3. Techniques
    Utilize pre-crafted tools/scripts to parse and locate desired firmware data and modify it.
    Locate DROM (Device Read Only Memory) data structure section and calculate/determine appropriate offset to replicate victim device UUID.
    Locate ACL (Access Control List) data structure and calculate/determine appropriate offsets to identify victim device UUID.
    Locate data structure containing challenge-response key information between appropriate offsets.

  3. Disable Thunderbolt security and prevent future Thunderbolt security modifications (if necessary): The adversary overrides the target device's Thunderbolt Security Level to "None" (SL0) and/or enables block protections upon the SPI flash to prevent the ability for the victim to perform and/or recognize future Thunderbolt security modifications as well as update the Thunderbolt firmware.

    4. Techniques
    The adversary-controlled Thunderbolt device, connected to SPI programmer and victim device via Thunderbolt ports, is utilized to execute commands within tools/scripts to disable SPI flash protections, modify Thunderbolt Security Level, and enable malicious SPI flash protections.

  4. Modify/replace victim Thunderbolt firmware image: The modified victim and/or adversary thunderbolt firmware image is written to attacker SPI flash.

Exploit

  1. Connect adversary-controlled thunderbolt enabled device to victim device and verify successful execution of malicious actions: The adversary needs to determine if their exploitation of selected vulnerabilities had the intended effects upon victim device.

    2. Techniques
    Observe victim device identify adversary device as the victim device and enables PCIe tunneling.
    Resume victim device from sleep, connect adversary-controlled device and observe security is disabled and Thunderbolt connectivity is restored with PCIe tunneling being enabled.
    Observe that in UEFI or Thunderbolt Management Tool/UI that the Security Level does not match adversary modified Security Level of "None" (SL0)
    Observe after installation of Firmware update that within Thunderbolt Management UI the "NVM version" is unchanged/same prior to the prompt of successful Firmware update/installation.

  2. Exfiltration of desired data from victim device to adversary device: Utilize PCIe tunneling to transfer desired data and information from victim device across Thunderbolt connection.

  1. The adversary needs at least a few minutes of physical access to a system with an open Thunderbolt port, version 3 or lower, and an external thunderbolt device controlled by the adversary with maliciously crafted software and firmware, via an SPI Programming device, to exploit weaknesses in security protections.
  1. SPI Programming device capable of modifying/configuring or replacing the firmware of Thunderbolt device stored on SPI Flash of target Thunderbolt controller, as well as modification/spoofing of adversary-controlled Thunderbolt controller.
  2. Precrafted scripts/tools capable of implementing the modification and replacement of Thunderbolt Firmware.
  3. Thunderbolt-enabled computing device capable of interfacing with target Thunderbolt device and extracting/dumping data and memory contents of target device.
High
Detailed knowledge on scripting and SPI programming in order to configure and modify Thunderbolt controller firmware and software configurations.
Integrity Authorization Access Control Confidentiality
Modify Data Execute Unauthorized Commands Bypass Protection Mechanism Read Data
  1. An adversary steals a password protected laptop that contains a Thunderbolt 3 enabled port, from a work environment. The adversary uses a screw driver to remove the back panel of the laptop and connects a SPI Programming device to the Thunderbolt Host Controller SPI Flash of the stolen victim device to interface with it on the adversary's own Thunderbolt enabled device via Thunderbolt cables. The SPI Programming device is utilized to execute scripts/tools from the adversary's own system to copy, parse, and modify the victim's Thunderbolt firmware stored on SPI Flash. The device UUID value is obtained, by computing the appropriate offset based upon Thunderbolt firmware version and the OS of victim device, from the DROM section of victim Thunderbolt host controller firmware image. The firmware image is written to adversary Thunderbolt host controller SPI flash to clone and spoof victim device identity. The adversary reboots the victim device, with the victim device identifying the Thunderbolt connection of the adversary's Thunderbolt device as itself and enables PCIe tunneling. The adversary finally transfers the hard drive and memory contents of victim device across Thunderbolt connection.

We use cookies to ensure you get the best experience on our website.