Have a laptop? Beware! You can suffer big losses from hackers even through chargers

A study conducted by the University of Cambridge and Rice University researchers reveal  majority  of the laptops are vulnerable to hacks through plug-in devices.

Have a laptop? Beware! You can suffer big losses from hackers even through chargers
In addition to plug-in devices like network and graphics cards, attacks can also be carried out by seemingly innocuous peripherals. Photo: Pixabay
Written By: ZeeBiz WebTeam
Updated: Tue, Feb 26, 2019
03:49 pm
New Delhi, ZeeBiz WebDesk
RELATED NEWS
Beware of Payment Apps KYC FRAUD! Delhi Police has very important tips for you Beware of Payment Apps KYC FRAUD! Delhi Police has very important tips for you
Want to keep your online payments safe and secure? Here are few things to keep in mind Want to keep your online payments safe and secure? Here are few things to keep in mind
Online shoppers alert! 14 per cent Indians hit by new malware - How to stay safe Online shoppers alert! 14 per cent Indians hit by new malware - How to stay safe
HDFC Bank customer? Beware of vishing; bank Issues dos and don'ts to avoid online frauds HDFC Bank customer? Beware of vishing; bank Issues dos and don'ts to avoid online frauds
SBI Online: SBI card WARNS about fraudsters out to steal money through debit cards; CVV, OTP to SMS, what must not be done SBI Online: SBI card WARNS about fraudsters out to steal money through debit cards; CVV, OTP to SMS, what must not be done

Most modern day laptops and desktops are vulnerable to the hacking through plug-in or charger devices, reveals a study conducted by the researchers from the University of Cambridge in the UK and Rice University in the US. The findings of the study shows that attackers can compromise an unattended machine in a matter of seconds through devices such as chargers and docking stations. the vulnerability to attach was found in both laptops and desktops with Thunderbolt ports running Windows, macOS, Linux and FreeBSD.  
 
The researchers from both the UK and the US universities exposed the vulnerabilities through Thunderclap, an open-source platform they have created to study the security of computer peripherals and their interactions with operating systems. The Thunderclap can be plugged into computers using a USB-C port that supports the Thunderbolt interface and allows the researchers to investigate techniques available to attackers. The researchers found that potential attacks could take complete control of the targeted desktop and laptops.

See Zee Business video below:

In addition to plug-in devices like network and graphics cards, attacks can also be carried out by seemingly innocuous peripherals like chargers and projectors that correctly charge or project video but simultaneously compromise the host machine.
Computer peripherals such as network cards and graphics processing units have direct memory access (DMA), which allows them to bypass operating system security policies.
 
DMA attacks abusing this access have been widely employed to take control of and extract sensitive data from target machines.

Current systems feature input-output memory management units (IOMMUs) which can protect against DMA attacks by restricting memory access to peripherals that perform legitimate functions and only allowing access to non-sensitive regions of memory.
 
However, IOMMU protection is frequently turned off in many systems and the new research shows that, even when the protection is enabled, it can be compromised.

"We have demonstrated that current IOMMU usage does not offer full protection and that there is still the potential for sophisticated attackers to do serious harm," said Brett Gutstein, who is one of the members of the research team.

The vulnerabilities were discovered in 2016 and the researchers have been working with technology companies such as Apple, Intel and Microsoft to address the security risks. 
Companies have begun to implement fixes that address some of the vulnerabilities that the researchers uncovered; several vendors have released security updates in the last two years.

However, the research shows that solving the general problem remains elusive and that recent developments, such as the rise of hardware interconnects like Thunderbolt 3 that combine power input, video output and peripheral device DMA over the same port, have greatly increased the threat from malicious devices, charging stations and projectors that take control of connected machines.
 
The researchers want to see technology companies taking further action, but also stress the need for individuals to be aware of the risks. (With inputs from PTI)

 

Get Latest Business News, Stock Market Updates and Videos; Check your tax outgo through Income Tax Calculator and save money through our Personal Finance coverage. Check Business Breaking News Live on Zee Business Twitter and Facebook. Subscribe on YouTube.