Physical memory attacks via Firewire/DMA - Part 1: Overview and Mitigation...
This is part 1 of a series on articles about the Firewire security issues mentioned below.For many years now, attacks via Firewire / i.LINK / IEEE 1394 have been a known security issue. Basically, if...
View ArticleBlacklisting firewire in software
Is this, in a file in modprobe.d, enough to prevent this attack for Linux users who never want to use Firewire?# prevent automatic loading blacklist sbp2 blacklist ieee1394 blacklist ohci1394 blacklist...
View Articleblacklisting linux kernel modules
Yep, that (partially) works, thanks!For the "old" Firewire stack it's sufficient to blacklist ohci1394 (and/or ieee1394, which ohci1394 depends on, if you want). However, you must also run...
View ArticleOpenFirmware
Interesting, I'll try to validate/reproduce this. Note however, that newer Macs are partially EFI-based (AFAIK) so this may not apply there...Update: Oh, and this will only work for Mac OS X of course...
View ArticleShould Linux distro disable Firewire physical DMA by default?
Since disabling physical DMA on Linux is trivial and effective, should the various Linux distributions ship with "options ohci1394 phys_dma=0" somewhere in modprobe config by default? What would that...
View ArticleFireWire can be completely disabled in Mac OS X.
I have an iBook G4 running Leopard, and I toasted my FireWire controller. This caused all sorts of problems, until it occurred to me to disable the FireWire drivers. You don't need to recompile the...
View Articlephys_dma=0 and userland
That's a good question. I don't know if there would be any breakage, but I expect slowdowns for devices which make heavy use of DMA (disks, video cameras, for instance). But I haven't tested any of...
View ArticleFirewire
Yes, completely disabling Firewire via removal/destruction, in the BIOS/Firmware, or in the kernel/drivers is the best thing you can do if you don't ever use Firewire.
View ArticleMy Mac will be at your mercy
My Mac will be at your mercy once again, I suppose. So be it, next time we meet.
View ArticleThere's another option that
There's another option that seems to have been overlooked. Many (if not all) motherboard BIOSes have the option of disabling the firewire ports and likely PCMCIA ports as well.
View ArticleMaybe, but it depends how
Maybe, but it depends how the "disable" is done (which might be BIOS and hardware-specific). I wouldn't trust that unless you actually tested that disabling those options really spoils this specific...
View ArticleDid you determine if
Did you determine if disabling ohci 1394 in device manager prevents the attack in xp sp2?
View ArticleDMA and Hardware
I was wondering if you knew what the advantages to implementing DMA in the hardware, without the intervention of the OS is?
View ArticleOr just power down, right?
Just to be clear, this attack is valid if your computer is asleep or powered up with the key in memory, correct? Shutting down a computer that doesn't unlock the drive without manual authentication...
View Articleuse nvmram security-mode to disable firewire DMA on OS X
On OS X as noted here: http://matt.ucc.asn.au/apple/Setting security-mode to anything other than 'none' puts the firewire controller into secure mode, disabling Firewire DMA. This is effective even...
View ArticleWhat a question !
??? What a question ! See on Google "Direct Memory Access" and you'll have a lot of articles about it... Else this link too : http://www.omninerd.com/articles/Firewire_Interface_Hack
View Article