Funderbolt: Adventures in Thunderbolt DMA Attacks

Presented at Black Hat USA 2013, Aug. 1, 2013, 2:15 p.m. (60 minutes)

Intel's Thunderbolt allows for high-speed data transfers for a variety of peripherals including high-resolution high-bandwidth graphics displays, all using the same physical connection. This convenience comes at a bit of a cost: an external port into your computer's bus and possibly memory! Thunderbolt ports appear on high-end laptops like the MacBook Pro, but also increasingly on PC hardware, and on newer desktop and server motherboards. This proprietary technology is undocumented but problems with it could potentially undermine the privacy and security of users.

This talk chronicles process of exploring these risks through a practical exercise in reverse engineering. Experience the tribulations with reversing Thunderbolt chips, understand the attack strategies for exploiting DMA and see the pitfalls one encounters along the way, while gaining a deeper understanding of the risks of this new feature.

Presenters:

• Russ Sevinsky - iSEC Partners
  Russ Sevinsky is a security researcher/consultant at iSEC Partners, an information security firm specializing in application, network, and mobile security. At iSEC, Russ specializes in hardware reverse engineering, web application/web services security, network security/red-team testing, and client/server testing.

Links:

• https://www.blackhat.com/us-13/archives.html#Sevinsky
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2013/video/Black Hat 2013 - Funderbolt - Adventures in Thunderbolt DMA Attacks.mp4
• https://www.youtube.com/watch?v=q0HthE3qDMw
• https://media.blackhat.com/us-13/US-13-Sevinsky-Funderbolt-Adventures-in-Thunderbolt-DMA-Attacks-Slides.pdf

Similar Presentations:

• Black Hat USA 2020 Virtual / When Lightning Strikes Thrice: Breaking Thunderbolt 3 Security
• Kiwicon 7: Cyberfriends (2013) / Thunderbolts and Lightning ⚡ Very, Very Frightening
• Black Hat USA 2019 / PicoDMA: DMA Attacks at Your Fingertips