Amazing new research: Attacks via Firewire. Firewire is a type of interface that allows DMA – Direct Memory Access. In order to make access to devices attached via Firewire faster, DMA allows complete access to a computer’s memory.

A problem arises since firewire devices can be attached even though a computer is locked. By overwriting the right instructions in memory, it is possible log in with an arbitrary password.

However this is not the only way the issue can be exploited. Especially in connection with the recently published attacks on hard disk encryption this is extremly critical. While those cold boot attacks require to reboot the system, DMA via Firewire allows an attacker to read a complete memory image while the system is running and locked. After a view minutes the image is copied and the attack cannot be detected at all. The tool “keyfind”, described in the paper by Halderman et al. could be easily used to find discover the master keys in such an image. Problems with cold boot attacks like bit decay can be completely disregarded.

So everyone: disable your firewire ports! And while you’re at it: also disable PCMCIA slots and external SATA interfaces. All of those can be used for DMA attacks.

Picture of fire by Millzero Photography