Kwanan nan An saki bayanai kan lahani bakwai da suka shafi kwakwalwa tare da Thunderbolt, wadannan sanannun rauni sun kasance aka jera a matsayin "Thunderspy" kuma tare da su wani mai kawo hari zai iya yin amfani da shi don kewaya dukkan manyan abubuwan da ke ba da tabbacin tsaro na Thunderbolt.
Dogaro da matsalolin da aka gano, tara dabarun yanayin da ake samarwa Ana aiwatar da su idan maharin yana da damar isa ga tsarin ta hanyar haɗawa da wata cuta ko yin amfani da firmware na kwamfutar.
Hanyoyin kai harin haɗa da ikon ƙirƙirar masu ganowa don na'urorin Thunderbolt sabani, na'urorin izini na clone, samun damar ƙwaƙwalwar bazuwar ta hanyar DMA da kuma overriding saitunan matakin tsaro, gami da nakasa dukkan hanyoyin kariya, toshe shigarwa na sabuntawar firmware, da fassara fasalin zuwa yanayin Thunderbolt akan tsarin da aka iyakance ga turawar USB ko DisplayPort.
Game da Thunderbolt
Ga wadanda ba su san Thunderbolt ba, ya kamata ku san cewa wannan eYana da duniya ke dubawa cewa amfani da su don haɗa kayan aiki cewa yana haɗa PCIe (PCI Express) da kuma DisplayPort musaya a cikin kebul ɗaya. Kamfanin Intel da Apple ne suka haɓaka Thunderbolt kuma ana amfani dashi a yawancin kwamfyutocin zamani da PC.
PCIe-tushen Thunderbolt na'urorin sami damar shiga ƙwaƙwalwar kai tsaye I / O, yin barazanar hare-haren DMA don karantawa da rubuta duk ƙwaƙwalwar ajiyar tsarin ko kama bayanai daga na'urori masu rufin asiri. Don kauce wa irin wannan harin, Thunderbolt ya gabatar da batun «Matakan Tsaro», wanda ke ba da izinin amfani da na'urori kawai mai amfani ya ba da izini kuma yana amfani da amincin haɗin haɗi don kariya daga yaudarar ainihi.
Game da Thunderspy
Daga gano raunin da aka gano, waɗannan suna ba da damar kauce wa haɗin haɗin da aka faɗi kuma haɗa wani mummunan abu a ƙarƙashin sunan mai izini. Bugu da ƙari, yana yiwuwa a gyara firmware kuma sanya SPI Flash cikin yanayin karantawa kawai, wanda za a iya amfani da shi don kawar da matakan tsaro gaba ɗaya da hana sabuntawar firmware (an shirya kayan aikin tcfp da spiblock don irin waɗannan magudi).
- Amfani da makircin rashin tabbaci na firmware.
- Yi amfani da makircin ingantaccen na'urar.
- Zazzage metadata daga na'urar da ba a tantance ba.
- Wanzuwar hanyoyin don tabbatar da dacewa tare da sifofin da suka gabata, yana ba da damar amfani da hare-haren baya kan fasahar da ke da rauni.
- Yi amfani da sigogin sanyi daga mai sarrafawa mara izini.
- Laifin Interface don SPI Flash.
- Rashin kariya a matakin Boot Camp.
Raunin yanayin ya bayyana akan dukkan na'urori masu Thunderbolt 1 da 2 (dangane da Mini DisplayPort) da kuma Thunderbolt 3 (dangane da USB-C).
Har yanzu bai bayyana ba idan matsaloli sun bayyana akan na'urori tare da USB 4 da Thunderbolt 4, kamar yadda ake tallata wadannan fasahar kawai kuma babu yadda za ayi a tabbatar da aiwatar da su.
Ba za a iya magance rarar abubuwa ta hanyar software ba kuma yana buƙatar sarrafa kayan haɗin kayan aiki. A lokaci guda, don wasu sabbin na'urori, yana yiwuwa a toshe wasu daga matsalolin DMA ta amfani da hanyar kariya ta DMA Kernel, wanda aka gabatar da goyan bayansa tun daga 2019 (ana tallafawa shi a cikin kernel na Linux tun sigar 5.0, zaku iya tabbatar da shigar ta /sys/bus/thunderbolt/devices/domainX/iommu_dma_protection").
A ƙarshe, don iya gwada waɗannan na'urori a cikin abin da akwai shakku ko za su iya kamuwa da wadannan larurar, an samar da rubutun da ake kira "Spycheck Python", wanda ke buƙatar gudana azaman tushe don samun damar DMI, ACPI DMAR, da kuma WMI tebur.
A matsayin matakan kare tsarin rauni, Ana ba da shawarar kada tsarin ya kasance ba a kula ba, kunna ko a cikin yanayin jiran aikiToari da haɗa wasu na'urorin Thunderbolt, kada ku bar ko canja wurin na'urorinku ga baƙi da kuma samar da kariya ta zahiri don na'urorinka.
Bayan haka idan babu buƙatar amfani da Thunderbolt akan kwamfutar, yana da kyau a kashe musanya mai sarrafa Thunderbolt a cikin UEFI ko BIOS (Kodayake an ambaci cewa tashar USB da DisplayPort na iya zama mara aiki idan an aiwatar da su ta hanyar mai sarrafa Thunderbolt).
Source: https://blogs.intel.com