Thunderbolt cable users beware. A recent report by security researcher Theo Markettos claims that the Thunderclap specification in Thunderbolt tech could potentially leave your device vulnerable to malicious attacks.
Markettos’ report details the method by which hackers can take advantage of this flaw – the Thunderbolt 3 connection bypasses the Input-Output Memory Management Units (IOMMUs), that’s usually the last line of defense preventing attacks on the Direct-Memory Access (DMA).
This allows attackers to access personal data, files and even inject malicious codes into your device. According to The Verge, the level of access granted to Thunderbolt accessories is similar to OS-level access. Users are at risk the most when they plug in unknown external devices.
The discovery of this flaw was done in 2016, but this information is only now made public. Since then, Apple has resolved the issue for their devices with the macOS 10.12.4 patch, while Windows 10’s version 1803 also protects from the flaw.
This doesn’t mean every device that uses Thunderbolt is safe, so remember to be weary when plugging in unknown devices.