Sunday, November 13, 2005


Don't trust your hardware: "flash drivealign="texttop" border="0" height="325" hspace="4" vspace="4" width="400" />




I wasn’t able to see David Maynor’s ‘You are the Trojan’
(pdf) talk at Toorcon, but it’s a really
interesting subject. With such a large emphasis being placed on tightening perimeter security with firewalls and IDS
systems how do attacks keep getting through? The user: bringing laptops on site, connecting home systems through a VPN,
or just sacrificing security for speed.




Peripherals can also be a major threat. USB and other computer components use Direct Memory Access (DMA) to bypass
the processor. This allows for high performance data transfers. The CPU is completely oblivious to the DMA activity.
There is a lot of trust involved in this situation. Here’s how this could be exploited: Like a diligent individual
you’ve locked you Windows session. Someone walks in with their hacked USB key and plugs it into your computer. The USB
key uses its DMA to kill the process locking your session. Voila! your terminal is now wide open and all they had to do
was plug in their USB key, PSP, iPod… With the XBox 360’s eagerness to work with your iPod, I’m guessing it is probably
just vulnerable to this attack as anything else.




Has anyone done this? Maximillian Dornseif presented 0wn3d by an iPod at CanSecWest. The firewire protocol allows
direct memory access and doesn’t require a host which makes this attack even easier. He’s got presentation materials
and code for iPod Linux on his site. There are
legitimate uses. If you were doing forensics you could copy the live memory contents of the machine with minimal
effects.




Permalink | Email this | Linking Blogs | Comments
© 2005 Weblogs, Inc.



"



(Via hack a day.)


No comments: