Recently a security researcher discovered a security flaw in the Intel chips that control the Thunderbolt ports that allow it An attacker with physical access to a computer can reset a password user and access its content. This error, which affects all PCs, has little or no effect on Mac computers and we may wonder why.
The risk is back in 2012
The danger that Björn Ruytenberg found in reality, is a combination seven security flaws:
- Insufficient firmware authentication schemes.
- Weakest technology verification scheme.
- Use of metadata from unverified devices.
- Reduced attacks using older techniques.
- Unauthorized use of driver's license.
- SPI service failure.
- ThunderBolt's lack of security at Bootcamp.
With these bugs it attacks a given person physical access to the computer, you can achieve an entry that can give you access to the computer through the lock screen.
Although this vulnerability has been present in Intel chips since 2011, it is one the operating system handles device security in a different way
I have a Mac, is the computer safe?
The short answer is yes the computer is completely invulnerable.
The long answer, thanks to my partner Julio César Fernández of Apple Coding, is even more complex. In 2014 an exploit was discovered by BadUSB. It was PenDrive that, when connected to a computer, mimicked the keyboard and managed to enter commands and slow down the machine. By then Macs had already entered the attack and the reason for this was that Macs used a tool to make memoryize accessible via DMA (Direct Memory Access) using Thunderbolt. Because of this observation, prevents the actual memory addresses unknown from other uses and that, as a result, this memory can be overwritten to initiate manipulation.
Now with Thunderspy, even if the attack itself has failed, DMA protection is being added. At a conceptual level we can say that you applied first Thunderspy's "tracked down" attacks via BadUSB will be able to reset the password user, or technological use, which would have to be developed directly, has a very important stumbling block: if the computer is locked the attack will not succeed.
As soon as we read about Thunderspy and BadUSB we will see that some media sources say that Macs are in danger and some are not. In short, the situation is like this: If the Mac is unlocked during a user password reset, the attack has no effect. Therefore, although cleverly it is risky, its effect is closer to zero
Using BootCamp on my Mac, what's the situation there?
We must know that the fault is in the harbor. The issue, in short, is that the port has its own security system and this attack is able to slow down the system. When an operating system communicates with that port, the system risks depends on the information received from the port
What happens next with BootCamp? If during a raid, Mac logs into BootCamp, even if the session is password-locked, Attacks are capable of unlocking the computer.
As Apple announced in response to the investigator who informed them of the accident, computers with macOS are more resistant to attack:
Some of the Hardware security features you described are available only when users are not running macOS. If users are concerned about any problems in their research, we recommend using macOS.
It should be noted that performing this type of attack, whether on a Mac or Windows computer, requires that the taskman remove the computer back cover, connect some cables and use another computer to make an attack. In other words, it's not possible when you leave your computer unattended in a restaurant for a few minutes.
Based on what you've seen, it's clear that many of the security programs that Apple uses on its computers, both on-chip and T2 or T1 chip, both on software, make Macs unable to withstand Thunderspy and many other attacks have been visible for some time.