A study conducted by researchers from the University of Cambridge in the UK and Rice University in the US has confirmed that most desktops and laptops fall prey to hackers due to plug-in devices used commonly like chargers and docking stations.
The security researchers have found that the vulnerabilities were detected mostly in computers running on Thunderbolt ports irrespective of the software OS they were operating on i.e. Windows, MacOS, Linux and FreeBSD.
Thunderclap, an open source platform acted as a source for the researchers to conduct the study in which they discovered that potential attacks on computing devices can help take complete control of the targeted computer.
Moreover, plug-in-devices like graphic and network cards can also act as access points for hackers to target a host machine as these peripherals have direct access to the DMA-Direct Memory Access.
So, those using chargers and projectors should be very careful while connecting commonly used devices as infected machines can help cyber crooks take control of a targeted machine to extract sensitive data.
Some security researchers argue that all modern day computing gadgets come with a feature called I/O Memory Management Units (IOMMUs) which help restrict access to DMA attackers by allowing access only to non-sensitive regions of memory.
However, the researchers from the University of Cambridge have discovered that hackers have become very much sophisticated these days to compromise any protection on the devices.
Although technology companies have addressed the issue by releasing security updates from time to time since 2016, the recent research shows that the main problem remains elusive due to the developments such as a rise in hardware interconnects like Thunderbolt 3 that combines power usage, data I/O and device management from the same port.
So, hackers can easily use malicious devices such as charging docs and projectors to take control of the connected machines…..isn’t it?
Then how to secure a device from such malevolent manifestations…?
1. It’s simple, just install security updates provided by Apple, Microsoft, and others from time to time.
2. And never connect the device to networks and devices whose origin is not trustworthy.