Addressing Thunderspy, One Weakness at A Time
Does your company produce hardware? If you don’t take security into account, consumers won’t trust your hardware, and they will act accordingly: by buying elsewhere to minimize risk. This is especially true for corporate purchasing where large organizations view security as a critical requirement. Let’s take a look at a recent vulnerability and see how a brand’s reputation can be protected by mitigating its underlying weaknesses.
Thunderspy is the name for some impressive attacks on Thunderbolt 3 systems, discovered by Bjorn Ruytenberg. Thunderbolt is a proprietary I/O protocol that allows for a two-way high-bandwidth PCIe port for external devices to have Direct Memory Access-enabled I/O. The technology provides the ability to connect and provide power to various peripherals including displays, speakers, and external storage devices, while also supporting USB, Firewire, and Ethernet via adapters. The Thunderspy attacks allow adversaries to steal data from a machine via its Thunderbolt connectivity.
Where to Begin
In Breaking Thunderbolt Protocol Security: Vulnerability Report, Ruytenberg lists seven vulnerabilities. As analyzing all seven would make this blog too long, let’s look at a couple:
- Inadequate firmware verification schemes
“…we have found authenticity is not verified at boot time, upon connecting the device, or at any later point.” [Breaking Thunderbolt Protocol Security: Vulnerability Report, page 4]
Consideration: When designing and implementing hardware, it is important that all updates to firmware are checked for a valid signature before installing. Moreover, avoid using a symmetric key for this signature. Maxim Integrated offers recommendations on how to do this correctly.
See CWE-345: Insufficient Verification of Data Authenticity for more information.
2. No Thunderbolt security on Boot Camp (Boot Camp id a utility that comes with a Mac and lets users switch between macOS and Windows)
“When running either operating system [Windows or Linux], Mac UEFI disables all Thunderbolt security by employing the Security Level “None” (SL0).” [Breaking Thunderbolt Protocol Security: Vulnerability Report, Page 5]
Consideration: Make sure that the default permission level for your product has secure default permissions. While product management may see this as inconvenient for users, it is potentially better in the long run. A design with an insecure default might yield faster consumer adoption of your product, but potentially at the cost of maximum adoption, a higher cost of retrofitting, and a faster abandonment.
See CWE-1188: Insecure Default Initialization of Resource or CWE-862: Missing Authorization for more information.
Attack Patterns for Weaknesses Exploitation
The above weaknesses can be exploited by the following series of CAPECs — CAPEC-401: Physically Hacking Hardware, CAPEC-458: Flash Memory Attacks, CAPEC-148: Content Spoofing, and CAPEC-151: Identity Spoofing. CAPEC-401 covers the necessary physical manipulation of the Thunderbolt port and its protocol. CAPEC-458 covers the writing of attacker-modified firmware to the Thunderbolt controller’s SPI Flash on the target device. This modified firmware can allow the attacker Thunderbolt device to spoof the target device’s Thunderbolt identity and pass the verification check or allow the subversion of other access and/or security controls for further actions as referenced in CAPEC-148 and CAPEC-151.
Consider leveraging the community-developed knowledge within the CWE and CAPEC repositories when producing hardware to figure out where your design and implementation might lead to future vulnerabilities. Over time, this can help you make more secure products.
