You're presenting at a conference. You hook up your shiny new Macbook with Thunderbolt to the Thunderbolt-enabled projector and give a wonderful presentation. Unbeknownst to you, someone who had physical access to the projector and Inception software, now has a full dump of your RAM, including unencrypted passwords and keys.
If this was VGA or DVI, you have no reason to be suspicious. But with Thunderbolt, you can never be sure anymore.
This attack is hot precisely bc it blurs the local/remote line.
Physical access is relative. 'Remote' vulns are still exploited with some level of physical access: i.e. via a network that lets you touch bits on the other side of the machine's ethernet jack / wireless card.
The other extreme is standing over the ripped carcass of the machine case, triumphantly raising an unencrypted hard disk over your head, and blowing a kiss to the receptionist on your way out through the main lobby.
The OP's attack can be staged multiple hops away, through a physical network of peripheral devices. In a heavy SAN or PPPoFW environment, where FW cables are regularly disappearing under desks, a somewhat-insider could dump a lot of RAM.
RAM which, for some goddamned reason on OS X, apparently contains an unencrypted copy of my login password?! Ouch.
RAM which, for some goddamned reason on OS X, apparently contains an unencrypted copy of my login password?
Really? Most software does that, most crypto software and encryption algorithms are vulnerable to RAM attacks. It's not as easy to protect against that as you think it is.
Better still - this is "plug into a compromised Thunderbolt monitor, and it can own the lower 4 Gigs of RAM on your machine".
Did I mention that Thunderbolt daisychains, so compromising a Thunderbolt monitor (or better still, projector) is a simple matter of plugging an attack machine into the Daisy-chain out port.
Who really worries about plugging their laptop into a projector?
"The other extreme is standing over the ripped carcass of the machine case, triumphantly raising an unencrypted hard disk over your head, and blowing a kiss to the receptionist on your way out through the main lobby."
If this was VGA or DVI, you have no reason to be suspicious. But with Thunderbolt, you can never be sure anymore.