Icon Icon Icon Icon Icon Icon

Laptops More Vulnerable to Hacking According to Recent Research

Laptops More Vulnerable to Hacking According to Recent Research

In recent years, laptops have become a staple among young professionals and students. Walk into a Starbucks on any given weekday and there’s a high probability you’ll see at least a half dozen people drinking coffee and working on their laptops. But new research has shown that laptops may be more susceptible to hacking than was previously realized.

 

Laptop vulnerability begins with Thunderbolt ports

This new vulnerability specifically targets laptops with Thunderbolt ports. It’s been found to target computers regardless of the operating system: both Windows and macOS have been compromised as have laptops running FreeBSD and Linux.

 

Entire laptop computers are vulnerable to hacker hijacking

The researchers who participated in this study found the vulnerability is so severe that users could have their entire computer hijacked. This comes from using the Thunderbolt port to connect the laptop to peripherals such as projectors or power chargers. These peripherals work correctly leaving the computer owner unsuspecting anything is wrong and without any sign the laptop is open to hackers.

 

Peripherals with direct memory access are the real culprit

The flaw comes from the fact that these peripherals, when they are plugged into a laptop or other computer, have direct memory access (DMA) to that computer. This allows them to bypass the security of the operating system.

Essentially, when you plug in a peripheral device, the computer assumes that you trust this device and allows it access to your computer. This leads to what has been termed a “DMA attack” which lets hackers control your device and breach your data.

 

IOMMUs are one type of defense against hackers

One of the defenses against these types of attacks are input-output memory management units (IOMMUs). This feature allows peripherals to perform the tasks that they have been designed to do, such as charge the computer, without opening the computer up. IOMMUs can restrict the peripherals access to “non-sensitive” portions of the computer’s memory, preventing it from accessing sensitive data.

 

IOMMUs are not without problems

One of the problems with IOMMUs, however, is that many computer users disable this protection and, even when it’s enabled, it’s easy to compromise the protection to gain access.

Thunderbolt ports are especially problematic because they combine power input along with video output and peripheral direct memory access. All of this is done with the same port, making it even easier for hackers to get in.

 

Public charging stations cannot be trusted

The charging power input is particularly troubling because of the recent trend in charging stations. A person may go into a public place, use one of the complimentary charging stations, and unknowingly open themselves up to attack.

 

No easy fix for the vulnerabilities

These vulnerabilities have been known for the past three years, but no clear-cut fix has been created in that time to complete correct the flaw that allows these types of hacks to occur. Because of this, laptop owners should always run the latest update of their security software as soon as it is rolled out.

Best practices you can implement to prevent hackers

 

Enabling automatic updates is a best practice that cannot be stressed enough. These updates should handle the problems as they are discovered by the operating system manufacturer. To stay even safer, users should limit their use of peripherals. Do not trust public charging stations or other peripherals that may be compromised by hackers.


Posted 3:00 PM

Share |


No Comments


Post a Comment
Name
Required
E-Mail
Required (Not Displayed)
Comment
Required


All comments are moderated and stripped of HTML.
Submission Validation
Required
CAPTCHA
Change the CAPTCHA codeSpeak the CAPTCHA code
 
Enter the Validation Code from above.
NOTICE: This blog and website are made available by the publisher for educational and informational purposes only. It is not be used as a substitute for competent insurance, legal, or tax advice from a licensed professional in your state. By using this blog site you understand that there is no broker client relationship between you and the blog and website publisher.
Blog Archive
  • 2019


View Mobile Version
Facebook
Twitter
Instagram
© Copyright. All rights reserved. Powered by Insurance Website Builder.