Physical Hack Via Firewire Port

Friday, March 14, 2008

No screwdriver required: A researcher has released a plug-and-go physical hacking tool that uses a Firewire cable to “own” a Windows machine within seconds.  Winlockpwn, originally built two years ago, bypasses Windows’s authentication system and lets an attacker take over a “locked” Windows machine without even stealing its password.  Adam Boileau, a researcher with Immunity Inc., says he decided it was finally time to make his tool publicly available.  Similar Firewire hacks have been demonstrated on Linux and OS X as well.  With Winlockpwn, the attacker connects a Linux machine to the Firewire port on the victim’s machine.  The attacker then gets full read-and-write memory access and the tool deactivates Windows’s password protection that resides in local memory.  Then he or she has carte blanche to steal passwords or drop rootkits and keyloggers onto the machine…..

Firewire’s abuse should come as no surprise, security experts say.  The peripheral bus connection technology lets you read and write to memory, so the weakness is not a true vulnerability, but a feature of the technology.  “That Firewire port is, as designed, literally there to let you plug things into your laptop memory banks,” says Thomas Ptacek, principal with Matasano Security.  “When you think of Firewire, you really should just think of a cable coming directly out of your system’s DRAM banks.  That’s basically all Firewire is.”  Ptacek says this tool raises the bar in physical hacking.  “People think about physical hacking as something you have to do with a screwdriver and 20 minutes, under cover of darkness.  Attacks like Adam’s can be done in the time it takes you to pick up a sheet of paper off the office printer,” he says.  Not all machines have Firewire ports, of course, but other researchers have already found ways to get around that, using a PCMCIA Firewire card…..Ptacek says the best defense is to disable Firewire.  “I think that enterprises who care about security should make sure they don’t issue laptops with enabled Firewire ports,” he says.

Reference : http://www.darkreading.com/document.asp?doc_id=147713

3 Responses to “Physical Hack Via Firewire Port”

  1. Thomas Says:

    I find this pretty hard to believe, that Microsoft STILL hasn’t fixed this problem. Not even that, but refuses to see it as such. Think about it, this can work from a direct connection from one computer to another, so a resourceful hacker could dull that down into a portable hand-held device that could hack a PC in under a minute. Scary thought

  2. Dave Says:

    If you read the article in reference carefully enough, you should conclude that this is something the software or the OS cannot fix. It really is, as the article describes it, a direct connection to the internal RAM of the computer. No matter what the OS is, the only type of fix is to change the hardware to limit the memory regions that can be read from.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: