backtop


Print 53 comment(s) - last by lexluthermiest.. on Mar 14 at 3:11 PM

New Zealand hacker releases source code to utility that reads password directly from memory

Exploiting a little known feature built into Firewire port specifications, Adam Boileau released the source code to a utility authored in 2006 that allows anyone to bypass the Windows Authentication dialog box on any PC with a Firewire port.

The tool is a simple, 200-line script written in the Python programming language exploits features built into Firewire that allow direct access to a computer’s memory.  By targeting specific places that Windows consistently stores its vital authentication functions, Boileau’s tool is able to overwrite Windows’ secured code with patches that skip Windows’ password check entirely.

Boileau says he decided to release the script now, two years after it was initially unveiled, because Microsoft had not acted to patch the vulnerability. Boileau considers his tool a “party-trick demo script thats been lying around my [home folder] for two years gathering dust,” and considers it “a pity to write code and have no one use it.”

“Besides,” says Boileau, “according to Microsoft's definition, it never was a Security Vulnerability anyway – screensavers and login prompts are … about the Feeling of Security.”

Boileau also notes that he’s seen others successfully modify the script to hack Windows Vista’s password-check code, as well as use a laptop’s PCMCIA port to plug in a Firewire card and attack the laptop after Windows auto-installed the card’s drivers.

It’s important to note that Firewire’s provisions for direct memory access, called DMA, are useful in other contexts, like in the use of software debuggers. Nowadays, a sizable percentage of the world’s software checks for the presence of programs monitoring memory directly – which is what a debugger does – and will frequently act differently or refuse to start up if it detects their presence.

Firewire ports are therefore usable as high-speed debugging devices, allowing developers and hackers alike to passively monitor anywhere in a computer’s memory and make changes where needed, whether its reprogramming a password check or seeding buggy software with correct data. It might also allow forensic investigators to grab an encrypted hard drive’s decryption key directly from memory, while the computer is running.

Also important is that the same technique has been known to work on other operating systems, including Mac OS X and Linux – and in fact some people have used modified iPods to run Firewire DMA attacks on the fly.

Common security thought dictates that a computer is essentially lost if it is in your opponent’s possession, and that security on a physical machine will be subverted with time: for computers equipped with Firewire, the thought couldn’t be more true.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Once Again
By Flunk on 3/7/2008 11:01:00 PM , Rating: 5
Once again, there is not a computer system made with no security vulnerabilities. If you notice, this is actually the same issue that was reported with Mac OS the other day.




RE: Once Again
By Master Kenobi (blog) on 3/7/2008 11:59:03 PM , Rating: 4
This exploit actually works on any operating system. It exploits a flaw in the Firewire driver that allows it to interact with the system. Mac OSX, Windows, Linux, etc... The problem is with firewire. Now to put this into perspective, utilities have been available for years to 1-2 KO windows passwords (See: ERD Commander and various Ultimate Boot CD utilities).

Now to take a cheap shot though, Firewire is largely a product of Apple (some other vendors were involved later on, but Apple was the starter and biggest supporter of it). Apple has always been known for the security through obscurity model, and Firewire seems to fit in quite well :P


RE: Once Again
By dare2savefreedom on 3/8/2008 1:25:50 AM , Rating: 4
u r FOS

al gore created firewire.

next your going to tell me apple invented the internet and the open standard protocol that it uses known as appletalk.


RE: Once Again
By winterspan on 3/8/08, Rating: -1
RE: Once Again
By MAIA on 3/11/2008 1:50:37 PM , Rating: 3
Yep, i saw al gore creating firewire as well. It's like a wire with lots of fire.

He did the same thing with a wall, and called it firewall ...


RE: Once Again
By Polynikes on 3/8/2008 11:28:08 AM , Rating: 2
quote:
Apple was the starter and biggest supporter of it). Apple has always been known for the security through obscurity model, and Firewire seems to fit in quite well :P

Ain't that the truth. Mac OS is much more secure than Windows! Steve Jobs & Co would never mislead the public.


RE: Once Again
By Hare on 3/8/08, Rating: -1
RE: Once Again
By TomZ on 3/8/2008 1:29:00 PM , Rating: 3
quote:
And yes. If you look at the track record of Mac OS X vs. Windows it's quite clear that it's more secure.

Are you making a joke? Or are you just unaware of the security statistics of the current versions of OSX and Windows (Vista)? Vista is trouncing OSX.


RE: Once Again
By Hare on 3/8/2008 2:07:54 PM , Rating: 1
Leopard was just announced so it's a bit difficult to make any direct comparisons between latest operating systems. I was more or less comparing Mac OS X vs Win XP/Vista (long term).

I personally use Vista 95% of the time (like it a lot) and consider it as or more secure than Mac OS X. The problem is that the OS itself doesn't make a system either secure or unsecure (when the system is used by the average consumer). Unfortunately viruses and malware target mainly Windows machines so problems in Mac OS X are rarely exploited (this is something that you can't find in Secunia statistics). There's hardly any malware for Macs (open windows don't matter that much if you are living in a nice neighbourhood).

Security statistics for 2007
Mac OS X (26 advisories, none critical)
http://secunia.com/product/96/?task=statistics_200...
Vista (17 advisories, few critical/extremely critical)
http://secunia.com/product/13223/?task=statistics_...
Windows XP (30 advisories, many critical/extremely critical)
http://secunia.com/product/22/?task=statistics_200...


"My sex life is pretty good" -- Steve Jobs' random musings during the 2010 D8 conference











botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki