Firewire and similar DMA attacks
cbuxton at menandmice.com
Tue Mar 11 13:34:07 PDT 2008
I've been reading about the effectiveness of attacks from devices with
DMA access such as Firewire mass storage devices.
The article states that this affects Mac, Windows, and Linux machines
with FW ports, because the device that is granted DMA access through
the FW interface is given read/write access to all memory. It can then
apparently determine the OS type and start doing things to memory,
outside of the control of the CPU and therefore of the kernel. This
includes reading encryption keys, writing to executable memory, etc.
The very flexibility of Firewire to hook up different machines, with
different operating systems, and have one see the other as a mass
storage device appears to be one source of the risk.
Does anything in the hardened toolchain, kernel with grsec, etc.,
protect against this?
Men & Mice
More information about the hlfs-dev