< Microsoft - Oh My | Chip & Pin Cards are a joke >
Mar 5

The Fire in Firewire

Security 1 Comment »
Security

I'm really enjoying the hype around the firewire hacks, originally presented by Maximillian Dornseif in 2004, breathed new life in 2006 by Adam Boileau and now re-hyping in 2008 thanks to Adam releasing the last bit of scripts to unlock a Windows machine (illegally!, gosh). I think Adam sums this up quite nicely:

Yes, it's a FEATURE, not a bug. It's the Fire in Firewire. Yes, I know this, Microsoft know this. The OHCI-1394 spec knows this. People with firewire ports generally don[']t.

Now, owning windows' unlock mechanism is good enough for a demo, and we all know if you have physical access you can do lots of stuff. However, one of the key growth industries in security is to provide more protection at the physical layer. Have a look at all the acquisitions and players in this space:

Gartner Magic Quadrant for Mobile Data Protection 2007
There are a lot of people spending a lot of money to make damn sure that you can't get at data if you have physical access. I've personally been involved in an evaluation of several of these products, and I can assure you they aren't cheap. Now, those clever boys at Princeton worked out that the right sort of hype would be to target these products in their coldboot attacks. But, here we have a cheaper and easier way to read the memory while the machine is still on, without any of those pesky controls getting in the way.

To be fair, many of these products provide anti-theft/theft detection/theft response type controls which include steps as drastic as automagically deleting the encryption keys. However, I can't see that being enabled without a hefty addition to your service desk and at least 'top secret' classified documents lounging about on your machine.

As an aside, I would really like to see someone modify Black Dog to use this firewire attack vector, and instead of 'autorunning' the X server, using DMA and the host's hardware to run it. This would allow you to 'hijack' the hardware of any machine you plug into. This could be a pretty cool feature; "Take your machine with you, leave the hardware".

Update: T'was only a matter of time: PointSec Disk Encryption Cracked via Firewire

Posted by Dominic White

Last modified on 2008-03-14 15:22

0 Trackbacks

Trackback specific URI for this entry
  1. No Trackbacks

1 Comments

Display comments as(Linear | Threaded)
  1. Sam says:
    03/21/2008 12:13:50 PM

    Clever boys indeed.
    Nice post guy - keep it coming.

    /Disappears to the server room with a tub of dry ice...

Add Comment


E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA