Get a Quote or File a Claim: 1-888-WEBRISK | info@insuretrust.com

In recent years, laptops have become a staple among young professionals and students. Walk into a Starbucks on any given weekday and there’s a high probability you’ll see at least a half dozen people drinking coffee and working on their laptops. But new research has shown that laptops may be more susceptible to hacking than was previously realized.

Laptop vulnerability begins with Thunderbolt ports

This new vulnerability specifically targets laptops with Thunderbolt ports. It’s been found to target computers regardless of the operating system: both Windows and macOS have been compromised as have laptops running FreeBSD and Linux.

Entire laptop computers are vulnerable to hacker hijacking

The researchers who participated in this study found the vulnerability is so severe that users could have their entire computer hijacked. This comes from using the Thunderbolt port to connect the laptop to peripherals such as projectors or power chargers. These peripherals work correctly leaving the computer owner unsuspecting anything is wrong and without any sign the laptop is open to hackers.

Peripherals with direct memory access are the real culprit

The flaw comes from the fact that these peripherals, when they are plugged into a laptop or other computer, have direct memory access (DMA) to that computer. This allows them to bypass the security of the operating system.

Essentially, when you plug in a peripheral device, the computer assumes that you trust this device and allows it access to your computer. This leads to what has been termed a “DMA attack” which lets hackers control your device and breach your data.

IOMMUs are one type of defense against hackers

One of the defenses against these types of attacks are input-output memory management units (IOMMUs). This feature allows peripherals to perform the tasks that they have been designed to do, such as charge the computer, without opening the computer up. IOMMUs can restrict the peripherals access to “non-sensitive” portions of the computer’s memory, preventing it from accessing sensitive data.

IOMMUs are not without problems

One of the problems with IOMMUs, however, is that many computer users disable this protection and, even when it’s enabled, it’s easy to compromise the protection to gain access.

Thunderbolt ports are especially problematic because they combine power input along with video output and peripheral direct memory access. All of this is done with the same port, making it even easier for hackers to get in.

Public charging stations cannot be trusted

The charging power input is particularly troubling because of the recent trend in charging stations. A person may go into a public place, use one of the complimentary charging stations, and unknowingly open themselves up to attack.

No easy fix for the vulnerabilities

These vulnerabilities have been known for the past three years, but no clear-cut fix has been created in that time to complete correct the flaw that allows these types of hacks to occur. Because of this, laptop owners should always run the latest update of their security software as soon as it is rolled out.

Best practices you can implement to prevent hackers

Enabling automatic updates is a best practice that cannot be stressed enough. These updates should handle the problems as they are discovered by the operating system manufacturer. To stay even safer, users should limit their use of peripherals. Do not trust public charging stations or other peripherals that may be compromised by hackers.

INSUREtrust (d/b/a ITDC Insurance Services) is a national insurance wholesaler simplifying insurance for emerging risks. For over 22 years, INSUREtrust has focused on emerging risks related to Cyber Liability, Technology Errors & Omissions issues, and Miscellaneous Professional Liability (MPL).

Contact Information

5185 Peachtree Pkwy Suite 230 Norcross, GA 30092
(770) 200-8000
info@INSUREtrust.com

Newsletter Sign-Up

Keep up with our news and upcoming events delivered straight to your inbox. Enter your e-mail and subscribe to our newsletter.