Uden fysisk sikkerhed er der ingen sikkerhed

inceptionDet kan ikke gentages nok: Ved IT sikkerhed er der ingen sikkerhed uden den fysiske sikkerhed.

Et nyt eksempel på det er redskabet Inception, kreativt navngivet efter Nolan’s fantastiske film fra 2010. Teknikken? En computer, endda en computer i sleep-mode og med fuld disk kryptering, vil lade enhver Firewire enhed der tilkobles få adgang til dens hukommelse. Så en enhed der lader som om den er en Firewire enhed kan bruge denne hukommelsesadgang til at overbevise computeren om at alle efterfølgende indtastede adgangskoder er korrekte.

Q: Wasn’t this fixed years ago? I remember hearing about this in the olden days (2004).

A: Sadly, no. And yes, the problem is old, but it is not entirely fixable with a driver update, a patch or a new OS version. The problem is in the Firewire specs. All OS vendors that want to include Firewire drivers that are OHCI compliant and works out of the box with SBP-2 devices are vulnerable in some degree.

Q: Isn’t FireWire a dying horse? Few laptops ship with FireWire ports these days, which makes Inception a useless tool.

A: You can use any interface that expands the PCIe bus, for example PCMCIA, ExpressCards, the new Thunderbolt interface and perhaps SD/IO to hotplug a FireWire interface into the victim machine. The OS will install the necessary drivers on the fly, even when the machine is locked.

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.