Archive

Posts Tagged ‘i1394’

Firewire Attacks Revisited

September 14, 2009 4 comments

For those who follow these kinds of things, you’ll remember that back in 2004 an enterprising group of people (Maximilian DornseifMichael Becher, and Christian Klein) gave a series of talks on how to bypass many kinds of computer security using the FireWire ports. This attack, though obvious from reading the specification of the Firewire / i.LINK / IEEE 1394 bus, simply used a computer acting as a “rogue” device to read and modify any memory location on a target PC.

Yes, ANY memory location, and that’s quite supported, even required by the FireWire/iLink specification, which needs direct-memory-access for some devices (like iPODs) to function.

Enterprising people have written attacks that use this “exploit” to get around encryption products, and locked workstations on Mac, Linux and PC.

Read more…