2

I recently used a Thunderbolt to HDMI connector (ADAM 4K2K) casually given by a colleague who then left the country, misguidedly thinking "oh, it's a display adapter, not a USB, so it probably isn't risky". My computer immediately froze with a crazy interleaved display (looked like corrupted video memory), and I had to restart it.

Computer is a 2012 MacBook Air, still running El Capitan 10.11.6

Googling and reading this tells me that the Thunderbolt is indeed USB-like and a security issue, worse for some MacBooks than others, though I don't exactly understand what this is saying:

However, because Thunderbolt has been standard on Macs since 2011 and only started appearing on Windows and Linux systems more recently, this platform is most at risk. All Apple models are affected (except for the 12-inch MacBook), including post-2016 models running Thunderbolt 3 over USB-C as well as older ones using a Mini DisplayPort.

Question(s):

  1. What are the potential security risks here?
  2. Would the ultra-paranoid response be to do a clean install and change any password that I've since typed on the keyboard since? (I don't use stored passwords) Considering that I'm using a vintage OS I wouldn't mind doing one anyway.

Being slightly nervous, I pulled out the connector when typing passwords during the session, and haven't used the connector since.

uhoh
  • 1,385
  • 1
  • 11
  • 21

1 Answers1

1

Ultra paranoid to me means you destroy your computer, put on a tinfoil hat and dig a bunker, so I'm going to interpret that as "sensible precautions"

The security risk of any physical port is that there is an exploitable vulnerability that would allow an attacker to compromise the hardware, firmware of OS. An attacker could embed an exploit into a device like display adapter to compromise vulnerable systems when it is plugged in.

The article is about Thunderclap, which is a vulnerability in how MacOS treats thunderbolt devices, and impacts thunderbolt 2 as well as thunderbolt 3. Your older Mac should have thunderbolt 2 so would be vulnerable until Apple develops a fix.

Unplugging the device while you are typing in your password isn't going to protect you if it is malicious because a compromise would involve installing memory resident software on your system to do whatever the attacker intends, once the device delivers its payload and infects your system the damage is done. However, the chances of the display adapter being malicious is extremely low - there aren't any known instances of that exploit being used in the wild. I don't think nuking the site from orbit is warranted, it's almost certainly it was just a glitch - even Macs get them occasionally.

GdD
  • 17,291
  • 2
  • 41
  • 63
  • how did you know about my [tinfoil helmet](https://space.stackexchange.com/questions/26889/why-is-sentinel-3bs-dish-antenna-overwrapped-with-metallized-film/31663#comment79813_26889)? – uhoh Oct 25 '19 at 13:01
  • 2
    I've seen your questions in Space.SE @uhoh. ;) – GdD Oct 25 '19 at 13:02
  • I guess the exploit I was thinking about would be a bit of "aftermarket electronics" embedded into to the device that was handed to me, along the lines of [this answer](https://security.stackexchange.com/a/102874/115702). But yes, the whole setup was glitchy and slightly bumping the connection sent the projector into search mode. – uhoh Oct 25 '19 at 13:05