Quantcast
Channel: Uwe Hermann - Physical memory attacks via Firewire/DMA - Part 1: Overview and Mitigation (Update) - Comments
Browsing latest articles
Browse All 16 View Live
↧

Image may be NSFW.
Clik here to view.

Physical memory attacks via Firewire/DMA - Part 1: Overview and Mitigation...

This is part 1 of a series on articles about the Firewire security issues mentioned below.For many years now, attacks via Firewire / i.LINK / IEEE 1394 have been a known security issue. Basically, if...

View Article


Blacklisting firewire in software

Is this, in a file in modprobe.d, enough to prevent this attack for Linux users who never want to use Firewire?# prevent automatic loading blacklist sbp2 blacklist ieee1394 blacklist ohci1394 blacklist...

View Article


blacklisting linux kernel modules

Yep, that (partially) works, thanks!For the "old" Firewire stack it's sufficient to blacklist ohci1394 (and/or ieee1394, which ohci1394 depends on, if you want). However, you must also run...

View Article

OpenFirmware

Interesting, I'll try to validate/reproduce this. Note however, that newer Macs are partially EFI-based (AFAIK) so this may not apply there...Update: Oh, and this will only work for Mac OS X of course...

View Article

Should Linux distro disable Firewire physical DMA by default?

Since disabling physical DMA on Linux is trivial and effective, should the various Linux distributions ship with "options ohci1394 phys_dma=0" somewhere in modprobe config by default? What would that...

View Article


FireWire can be completely disabled in Mac OS X.

I have an iBook G4 running Leopard, and I toasted my FireWire controller. This caused all sorts of problems, until it occurred to me to disable the FireWire drivers. You don't need to recompile the...

View Article

phys_dma=0 and userland

That's a good question. I don't know if there would be any breakage, but I expect slowdowns for devices which make heavy use of DMA (disks, video cameras, for instance). But I haven't tested any of...

View Article

Firewire

Yes, completely disabling Firewire via removal/destruction, in the BIOS/Firmware, or in the kernel/drivers is the best thing you can do if you don't ever use Firewire.

View Article


My Mac will be at your mercy

My Mac will be at your mercy once again, I suppose. So be it, next time we meet.

View Article


There's another option that

There's another option that seems to have been overlooked. Many (if not all) motherboard BIOSes have the option of disabling the firewire ports and likely PCMCIA ports as well.

View Article

Maybe, but it depends how

Maybe, but it depends how the "disable" is done (which might be BIOS and hardware-specific). I wouldn't trust that unless you actually tested that disabling those options really spoils this specific...

View Article

Did you determine if

Did you determine if disabling ohci 1394 in device manager prevents the attack in xp sp2?

View Article

DMA and Hardware

I was wondering if you knew what the advantages to implementing DMA in the hardware, without the intervention of the OS is?

View Article


Or just power down, right?

Just to be clear, this attack is valid if your computer is asleep or powered up with the key in memory, correct? Shutting down a computer that doesn't unlock the drive without manual authentication...

View Article

use nvmram security-mode to disable firewire DMA on OS X

On OS X as noted here: http://matt.ucc.asn.au/apple/Setting security-mode to anything other than 'none' puts the firewire controller into secure mode, disabling Firewire DMA. This is effective even...

View Article


What a question !

??? What a question ! See on Google "Direct Memory Access" and you'll have a lot of articles about it... Else this link too : http://www.omninerd.com/articles/Firewire_Interface_Hack

View Article
Browsing latest articles
Browse All 16 View Live