Wednesday, March 05, 2008

Firewire Windows Hack logo
Dark Reading reports Tool Physically Hacks Windows. Attackers using Firewire can take over a 'locked' Windows machine.

Adam Boileau, a noted hacker and researcher with Immunity Inc. originally built the tools two years ago. Winlockpwn bypasses Windows’s authentication system and lets an attacker take over a “locked” Windows machine without even stealing its password.

A hacker simply connects a Linux machine to the Firewire port on the victim’s machine. In turn receiving full read-and-write memory access and the tool deactivates Windows’s password protection that resides in local memory. Then he or she has carte blanche to steal passwords or drop rootkits and keyloggers or any other malicious code you like onto the machine.

On his Web site, Boileau said Microsoft doesn't consider the attack a legitimate security vulnerability. Indeed, as Microsoft points out in the third of its 10 Immutable Laws of Security, "If a bad guy has unrestricted physical access to your computer, it's not your computer anymore."

“That Firewire port is, as designed, literally there to let you plug things into your laptop memory banks,” says Thomas Ptacek, principal with Matasano Security. “When you think of Firewire, you really should just think of a cable coming directly out of your system's DRAM banks. That's basically all Firewire is.”

Ptacek says this tool raises the bar in physical hacking. “People think about physical hacking as something you have to do with a screwdriver and 20 minutes, under cover of darkness. Attacks like Adam's can be done in the time it takes you to pick up a sheet of paper off the office printer,” he says.

The tool has been demonstrated to work on PCs and laptops running Windows XP, Windows Vista, MAC OSX and even Linux.

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you