Quantcast
PC World: Technology Advice You Can Trust
Search
Browse by Topic
Subscribe to magazine

Magazine

Subscribe & Get
a Bonus CD

Customer Service

Find a Review
Dads & Grads Gift Guide Audio & Video Business Center Cameras Cell Phones & PDAs Communications Components & Upgrading Desktop PCs DVD & Hard Drives Gaming Hardware & Software HDTV Laptops Macs & iPods Monitors Printers Spyware & Security The PCW Test Center Windows Vista & XP
Resource Centers
Asus Notebook Center
CDW Solution Center
HP Ink Center
Intel Technology Center
Lenovo Laptop Showcase
Try It Free
White Paper Library
Webcast Library
Most Popular Search Terms
Most Popular Products
Most Popular Downloads
Free Newsletters
Receive the latest reviews, how-to's, news, and more.
Security & Privacy
Weekly Brief
Windows Vista
Go
WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
RSS Feeds
Get our latest content via convenient RSS feeds.
Latest News
Today @ PC World
Become a PCW Member
Join the community and start enjoying the benefits:
  • Get tech advice from thousands of PC World Members
  • Rate and recommend the latest tech products
  • Share your thoughts in blog and article comments
  • Get free excerpts and exclusive discounts on Super Guides
Signing up is free and easy.
Read More About: WindowsHackersHardware Security ComponentsCybercrime

Windows Hacked in Seconds via Firewire

Matthew Broersma, Techworld.com

Saturday, March 08, 2008 12:00 PM PST
Recommend this story?
Yes
No

A New Zealand security researcher has published a software tool allowing attackers to quickly gain access to Windows systems via a Firewire port.

The tool, which can only be used by attackers with physical access to a system, comes shortly after the publication of research on gaining access to encrypted hard drives via physical access to memory.

Researcher Adam Boileau, a consultant with Immunity, originally demonstrated the access tool at a security conference in 2006, but decided not to release the code any further at the time. Two years later, however, nothing has been done toward fixing the problem, so he decided to go public.

"Yes, this means you can completely own any box whose Firewire port you can plug into in seconds," said Boileau in a recent blog entry.

An attacker must connect to the machine with a Linux system and a Firewire cable to run the tool.

The tool, called Winlockpwn, allows users to bypass Windows authorization, was originally demonstrated at Ruxcon in 2006 at a talk called "Hit By A Bus: Physical Access Attacks With Firewire".

At the time, Boileau also demonstrated some of the malicious uses of the tool, but said he wouldn't be releasing the code for those attacks.

The attack takes advantage of the fact that Firewire can directly read and write to a system's memory, adding extra speed to data transfer. According to Boileau, because this capability is built into Firewire, Microsoft doesn't consider the problem a standard bug.

On the other hand, Boileau said he feels PC users need to be more aware of the fact that their systems can be unlocked via Firewire.

"Yes, it's a feature, not a bug," Boileau stated. "Microsoft knows this. The OHCI-1394 spec knows this. People with Firewire ports generally don't."

Microsoft was not immediately available for comment. In the past the company has downplayed security problems that require physical access.

Firewire has become common on Windows systems in the past few years, and is especially prevalent on laptops.

Researcher Maximillian Dornseif demonstrated a similar exploit on Linux and Mac OS X systems at the CanSec conference in 2005, connecting to those systems via a malicious iPod and Firewire.

According to security researchers, the problem can be remedied by disabling Firewire when not in use.


Recommend this story?
Yes
No
Related Searches: windows hacker firewire

Comments
Related Content
Tags at a Glance
HP Ink Center
Bring improved color and brilliance to your printed material. Visit the Resource Center for more info...
CDW Solution Center
Deliver speed and scalability in your storage systems. Find out how at the CDW Solution Center.
Asus Notebook Center
Ultra-fashionable thin and light notebooks with SmartLogon Face Recognition. Find out more at the Asus Resource Center.
Intel Processor Technology
Which Intel Processor is Right for You?
Which Intel Processor is Right for You?Centrino, Core 2 Duo, Core 2 Quad, Core 2 Extreme? Check out the Intel Technology Center for more info...
Are you a gamer?
Are you a gamer?Visit the Intel's Gaming section for the latest downloads, hottest gaming events and to learn about Intel & Gaming.
See what Intel can do for Vista...
See what Intel can do for Vista...Discover how Windows Vista technology work in the benchmarks with Intel Centrino processor technology.
VoIP Web Demo
Join Altigen for a Live Web Demo and learn how VoIP technology can improve your business communications.
The Future Sales Force - A Consultative Approach
This white paper discusses the challenges of selling complex products and services, and the new skill sets sales professionals must employ.
Latest News
CSC Settles Government Kickbacks Case
Computer Sciences (CSC) has agreed to pay US $1.37 million to settle allegations that it received kickbacks on technology... 13-May-2008
Apple to Sell HBO Shows on ITunes
HBO will begin selling some of its most popular television series on Apple's iTunes Store, the companies announced on Tuesday... 13-May-2008
Hackers Hijack a Half-Million Sites
A variety of malware already infects millions of PCs in an accelerated attack, security expert warns. 13-May-2008
EU Won't Seek New Antitrust Complaint Against Microsoft
The European Commission confirmed it has received a complaint about Microsoft's business practices from a British government... 13-May-2008
Microsoft Releases Service Pack 1 for Office 2008
On Tuesday, Microsoft released Service Pack 1 (SP1) for Office 2008 for Mac, designed to add stability, security, and... 13-May-2008
HP and EDS: A High Risk Pairing, Say Analysts
HP's acquisition of another top-tier IT company brings benefits but huge challenges, analysts agree. 13-May-2008
HBO May Sell Shows on iTunes
Some episodes could cost $1.99 and up, in a pricing switch, sources say. 13-May-2008
Firefox Update Expected This Month
Mozilla has wrapped its changes to RC1 of Firefox 3.0 and expects to release it in late May. 13-May-2008
Study: US Corporate Software Spending Slowing
One in four respondents to a new US corporate IT spending survey by ChangeWave Research said their company will spend less on... 13-May-2008
Japanese Internet Satellite Hits 1.2Gbps
Engineers testing a recently launched Japanese data communications satellite have succeeded in establishing a two-way Internet... 13-May-2008

PC World's Marketplace

PC World's Free Whitepapers

Name City
Address 1 State Zip
Address 2 E-mail (optional)