Profile picture
Robᵉʳᵗ Graham
@ErrataRob
, 9 tweets, 2 min read Read on Twitter
Note that we hackers have been using DMA attacks since the 1990s, starting with Firewire devices. While these "Thunderclap" attacks are new innovations, the basic concept has been around for a long time.
appleinsider.com/articles/19/02…
2/ DMA means "direct memory access", it means the hardware copies data to/from memory, bypassing the CPU, bypassing software drivers. In theory, a device on a DMA-capable port has full access to memory.
3/ To prevent this, modern computers now have IOMMUs, similar to the older "MMU", the "memory management unit", the feature of modern CPUs that prevents user-mode apps in the operating system from messing with kernel memory. IOMMU is just an I/O version of the MMU.
4/ IOMMUs can be expensive in some cases, so even though they exist in the hardware, they may not be enabled by the operating system or the driver. Part of this is technology evolution, it'll be a while before IOMMUs are a natural part of the system instead of a wart.
5/ Even with an IOMMU preventing arbitrary access to the system, the remaining parts of memory exposed to the hardware still provide enough of an attack surface to exploit. It's highly selective, targeting individual components one by one.
6/ What's going on here is that what they've done is simply layered the PCIe bus on top of the USB cable. PCIe was designed to be an INTERNAL way of adding things like Ethernet cards and graphics cards, where you implicitly trust the hardware. It wasn't designed for external.
7/ Now we've exported PCIe across the cable so any external device can hack you. It means when you plug in the cable for video when presenting at DEF CON, the projector can hack you back.
8/ It's not just USB. PCIe has also been added to the spec for microSD cards. In the future, sticking a microUSB card into your computer to transfer files may hack your machine in exactly the same way.
9/ BTW, I mentioned this back in 2011 when Thunderbolt was first added to Macs, though only from a theoretical perspective. The way Thunderclap messes with exposed Ethernet driver regions is something I didn't anticipate.
blog.erratasec.com/2011/02/thunde…
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Robᵉʳᵗ Graham
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @ErrataRob see all

Profile picture
Robᵉʳᵗ Graham
@ErrataRob
1/ There are always two sides to every story. In the following story, Lyft points to declining car purchases as proof that people no longer are interested in cars. Maybe they are right. But what else can explain declining car purchases?
2/ My theory is "average age of cars". A quick google leads to graphs like this. The average age of cars on the roads is steadily increasing. All else being equal, if the average age of cars is increasing, then new car purchases will be decreasing.
3/ Another possible explanation: the U.S. population is increasingly urban. The more population moves to the city, the more they can use mass transit. Sure, this means fewer cars, but doesn't necessarily mean more Lyft/Uber.
Read 5 tweets
Profile picture
Robᵉʳᵗ Graham
@ErrataRob
1/ Let's talk USB power for a moment. Even if you buy a good USB power supply and cable, you still may not be able to run a Raspberry Pi at full 1.4-GHz without it throttling back to 600-MHz because off low voltage issues.
2/ I'm not talking about current limits, which is another problem. I'm assuming you already have a power supply that can provide 2.4amps. Instead, I'm talking about Ohm's Law.
3/ There are two equations you care about:
P = V*I (power/watts = voltage times current/amps)
and
V = I*R (voltage drop = current/amps times resistance)
Read 18 tweets
Profile picture
Robᵉʳᵗ Graham
@ErrataRob
1/ As I often do, I'm going to say something offensive, though it won't seem offensive a first.

We shouldn't judge somebody according to the group they belong to. Just because a terrorist is a Muslim doesn't mean all Muslims support terrorism.
2/ Likewise, just because somebody is Muslim doesn't mean we should ask them to condemn terrorism. Maybe in some limited cases: if you publicly praise Hamas's community charities, then maybe you should be expected to condemn their support for terrorism. But not in general case.
3/ This isn't controversial because I say "Muslim". If I change the group to one you don't like, then this principle changes.
Read 5 tweets

Related threads

Profile picture
🅺🅰🆁🅼🅰🏴 Sunlight Is The Best Disinfectant
@NazisNotWelcome
1.
#Hackers #OpSec #InfoSec #Privacy

Every day I see more articles about hacks & exposed info. Hackers spend their time actively getting better at what they do; studying what both companies & individuals are doing.

Want to protect yourself? They’re not foolproof...anyone can
2.
be hacked. Here how you can lessen the risk of being affected.

1) 2FA: Use 2 Factor Authentication for everything that allows it

2) Use a physical security key for authentication (@Yubico = 👍🏼)

3) Most folks would benefit from a password manager, that works with your
3.
physical security key. Use one that encrypts usernames and passwords separately and uses a master password that only gets stored locally.

4) Go set up more free e-mail accounts. I prefer @Protonmail for a variety of reasons, one of which being their servers are underground
Read 16 tweets
Profile picture
Cyrus Toulabi
@CyrusToulabi
#NEW: Rick Gates told Mueller that he and Manafort shared Trump Campaign Polling Data in 2016 w/ Konstantin Kilimnik, who has ties to Russian Intelligence.

In new unsealed court docs, it was revealed that Gates was at least one source for the revelation.

bloomberg.com/news/articles/…
#BREAKING: In new court filing, it was revealed that Konstantin Kilimnik...WAS IN DC FOR THE INAUGURATION.

The Manafort and Gates associate, with ties to Russian Intelligence, met with Manafort about the "Russia-Ukraine peace plan."

#REDFLAG: In court transcripts, Andrew Weissman, senior Mueller prosecutor, suggested Konstantin Kilimnik's relationship w/ Manafort & Gates...TIES DIRECTLY TO #CONSPIRACY/COLLUSION.

“This goes...very much to the heart of what the [SCO] is investigating.”
Read 5 tweets
Profile picture
Zafar Shaikh
@zafargs79
#New Traders, Understand #Mathematics Of #Profit In Market Before You Put Hard #Earned Money On Risk.

Expectancy = Success Rate x Reward Risk Ratio

Lets Talk About Expectancy Of Short Term Directional Trading System.

Read On (1/n)
Success Rate = No Of Profitable Tades/ No Of Loss Making Trades

Reward Risk Ratio = Average Profit Per Trade / Average Loss Per Trade

If Success Rate is 0.5 and Reward Risk 2, Then

Expectancy = 2 x 0.5 =1

For Making Profit, Expectancy Should Be Positive Number (2/n)
To Calculate Expectancy, You Need Defined System With Rules To Get Success Rate and Reward Risk. If You Have No System To Take Decisions, You Are Hanging In Thin Air and Will Never No Whether You Will Keep Making Or Loosing Money In Future (3/n)
Read 12 tweets
Profile picture
ARC 2020
@ARC2020eu
#NEW on ARC2020: #CAP & #MFF | Eco-Spin without Public Goods Substance.
Its been 2 weeks since the MFF proposals, here's our round up of some of the perspectives so far.
All perspective-givers tagged in picture.
arc2020.eu/cap-mff-eco-sp…
What's needed?
@davidbaldock & Allan Buckwell of @IEEP_eu:
1: Sufficient funding for environmental measures in Pillar 1
2: Specifics for New Delivery Model
3: Flexibility for Pillar 1 to 2 transfers
4. Fund ANCs under Pillar 1
arc2020.eu/cap-mff-eco-sp…
#MFF #FutureofCAP #CAP
And who said: "unconditional direct income support to farmers is manifestly absurd in today’s world when it maintains uncompetitive farming practices that have negative implications for the climate, the environment or people’s health"?
Why @AnnikaAhtonen of @epc_eu
Read 8 tweets
Profile picture
G. Elliott Morris📈🤷‍♂️
@gelliottmorris
#New PA cong. map increases D chance of winning the House majority by 4%. They only need a 6.8% generic ballot margin now (down from 7.7) to be favored.

Diff. will be closer to 10% in Nov when uncertainty from polls is ⬇️. Redraw is a very big deal.

One major reason the new PA map is such a big gain for Democrats is that it solidifies, not just tips, PA districts in Philly burbs. Also creates one additional vulnerable R district. (Easily seen in this map made by @JMilesColeman)
My forecasting model will have new PA map in the near future. This is not just a simple switch; it’s a coding redesign, restructuring of input, & drawing new geographic files. Takes a while (for me, a student).

In the meantime, just add 3-4% to the model: bit.ly/2018_house
Read 4 tweets

Trending hashtags

#BramptonEast #BuildTheDamnWall #politique #Mathematics #SanctionsAreComing114 #Dark2Light #MilitaryTribunals #UN #shame #jellyfish #US #Qutaifa #схема #BuildTheWall #Pentagon #Crete #MyHouseMyAmerica #Thessaloniki #ndppoli #Q2417 #Outremont #SyrianArmy #demands #threatintel #InternetofThings
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!