Jump to content
xisto Community
Sign in to follow this  
FlameX

Windows Can Be Hacked Via Firewire

Recommended Posts

A New Zealand security researcher has published a software tool allowing attackers to quickly gain access to Windows systems via a Firewire port.
The tool, which can only be used by attackers with physical access to a system, comes shortly after the publication of research on gaining access to encrypted hard drives via physical access to memory.

Researcher Adam Boileau, a consultant with Immunity, originally demonstrated the access tool at a security conference in 2006, but decided not to release the code any further at the time. Two years later, however, nothing has been done toward fixing the problem, so he decided to go public.

"Yes, this means you can completely own any box whose Firewire port you can plug into in seconds," said Boileau in a recent blog entry.

An attacker must connect to the machine with a Linux system and a Firewire cable to run the tool.

The tool, called Winlockpwn, allows users to bypass Windows authorization, was originally demonstrated at Ruxcon in 2006 at a talk called "Hit By A Bus: Physical Access Attacks With Firewire".

At the time, Boileau also demonstrated some of the malicious uses of the tool, but said he wouldn't be releasing the code for those attacks.

The attack takes advantage of the fact that Firewire can directly read and write to a system's memory, adding extra speed to data transfer. According to Boileau, because this capability is built into Firewire, Microsoft doesn't consider the problem a standard bug.

On the other hand, Boileau said he feels PC users need to be more aware of the fact that their systems can be unlocked via Firewire.

"Yes, it's a feature, not a bug," Boileau stated. "Microsoft knows this. The OHCI-1394 spec knows this. People with Firewire ports generally don't."

Microsoft was not immediately available for comment. In the past the company has downplayed security problems that require physical access.

Firewire has become common on Windows systems in the past few years, and is especially prevalent on laptops.

Researcher Maximillian Dornseif demonstrated a similar exploit on Linux and Mac OS X systems at the CanSec conference in 2005, connecting to those systems via a malicious iPod and Firewire.

According to security researchers, the problem can be remedied by disabling Firewire when not in use.


Share this post


Link to post
Share on other sites

Wow! Thanks for posting this. I am not sure that this is the correct place to post it though unless it deals with PHP. I am a Windows/Linux user and need to watch out for this. I am not sure though that my computer has a Firewire port though. This is huge and dangerous.

Share this post


Link to post
Share on other sites

My question is how does one find out if they have a Firewire port and how do I disable it if I do? I mean, I don't want my laptop hacked...especially since I'm on vista....

Share this post


Link to post
Share on other sites

My question is how does one find out if they have a Firewire port and how do I disable it if I do? I mean, I don't want my laptop hacked...especially since I'm on vista....

Well if your laptop had it it would have either the firewire symbol:

Posted Image

 

or this i1394 symbol next to it:

Posted Image

 

I don't know what you could do about disabling it, but I'm pretty sure that you would notice if somebody plugged a cable into your port of your laptop.

Share this post


Link to post
Share on other sites

Hey flamex do you have the original source for this? The odds that you will have access to a machine with windows and firewire port is very slim. Most people wont leave their machines unattended. I wouldn't too worried unless your computer is a shared one where other people can jump on at anytime.Thanks for sharing the article by the way it was a good read.

Share this post


Link to post
Share on other sites

Hey flamex do you have the original source for this? The odds that you will have access to a machine with windows and firewire port is very slim. Most people wont leave their machines unattended. I wouldn't too worried unless your computer is a shared one where other people can jump on at anytime.
Thanks for sharing the article by the way it was a good read.


hey buddy ... watever was ther in the article i have posted it .. that was it ... >
in the article its written tht the hacker himself cant share a few things ..

Well i read this in the PC WOrld magazine .. > if u want i ll pm u the link .. >

Share this post


Link to post
Share on other sites

Wow! Pretty scary... if you use windows ]:DThat's a huge vulnerabilty but I'm wondering how many laptops have a firewire port (not-apple laptops of course :D )

Share this post


Link to post
Share on other sites

Typical of Microsoft not to do anything unless lots know how to do it, hopefully they release a fix soon...Thanks for letting us know.. (not sure what a firewire port is so I guess I'll go check on Wikipedia or something..).- Tracdoor

Share this post


Link to post
Share on other sites

Hahaha I was arguing with my family earlier today. I was telling them just how good Linux is and how crap (thus the small letter) windows was. None of them agreed saying that Linux was for the clever people and that all the guys at university use it, yet I'm 14 and i can use it better than they can use pen and paper! They have no idea what there on about and this is just proof that windows is dying, Long live Linux and Mac!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.