Windows hacked in seconds via Firewire
A New Zealand security researcher has published a software tool allowing attackers
to quickly gain access to Windows systems via a Firewire port.
The tool, which can only be used by attackers with physical access to a system,
comes shortly after the publication of research on gaining access to encrypted
hard drives via physical access to memory.
Researcher Adam Boileau, a consultant with Immunity, originally demonstrated
the access tool at a security conference in 2006, but decided not to release
the code any further at the time. Two years later, however, nothing has been
done toward fixing the problem, so he decided to go public.
"Yes, this means you can completely own any box whose Firewire port you
can plug into in seconds," said Boileau in a recent blog entry.
An attacker must connect to the machine with a Linux system and a Firewire
cable to run the tool.
The tool, called Winlockpwn, allows users to bypass Windows authorization,
was originally demonstrated at Ruxcon in 2006 at a talk called "Hit By
A Bus: Physical Access Attacks With Firewire".
At the time, Boileau also demonstrated some of the malicious uses of the tool,
but said he wouldn't be releasing the code for those attacks.
The attack takes advantage of the fact that Firewire can directly read and
write to a system's memory, adding extra speed to data transfer. According to
Boileau, because this capability is built into Firewire, Microsoft doesn't consider
the problem a standard bug.
On the other hand, Boileau said he feels PC users need to be more aware of
the fact that their systems can be unlocked via Firewire.
"Yes, it's a feature, not a bug," Boileau stated. "Microsoft
knows this. The OHCI-1394 spec knows this. People with Firewire ports generally
don't."
Microsoft was not immediately available for comment. In the past the company
has downplayed security problems that require physical access.
Firewire has become common on Windows systems in the past few years, and is
especially prevalent on laptops.
Researcher Maximillian Dornseif demonstrated a similar exploit on Linux and
Mac OS X systems at the CanSec conference in 2005, connecting to those systems
via a malicious iPod and Firewire.
According to security researchers, the problem can be remedied by disabling
Firewire when not in use.
» posted by abennett
Techworld.com
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Crimeware: Understanding New Attacks and Defenses
By Markus Jakobsson, Zulfikar Ramzan
Published Apr 6, 2008 by Addison-Wesley Professional. Part of the Symantec Press series.
Enter now! | Official rules | Sample chapter
Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures
By Peter Thermos, Ari Takanen
Published Aug 1, 2007 by Addison-Wesley Professional.
Enter now! | Official rules | Sample chapter
