Domain: breaknenter.org
Stories and comments across the archive that link to breaknenter.org.
Comments · 10
-
Re:One connector to rule them all.
Any modern computers will not allow DMA access except for, you know, computers today that have Thunderbolt, FireWire, etc.
http://www.breaknenter.org/pro... -
Re:uh - by design?
USB 3.0's DMA is not the same as Thunderbolt's. With USB the host controller configures itself with limited DMA access to a RAM buffer, and then the USB device can only access that buffer by setting up transfers within the USB spec. In fact it can't even specify the address within the buffer or anything like that, the controller handles it all. It's closer to a NIC that supports DMA - it doesn't mean that any device on your network has full access to your computer's RAM.
Thunderbolt is rather different, because the devices are basically PCI-E cards with a Thunderbolt transceiver bolted on. As such they can do anything that a PCI-E card can do, including accessing all RAM. PC Card devices have the same issue, and so does Firewire. It's a serious issue and tools that exploit it have been available for a while, both open source and commercial. For example: http://www.breaknenter.org/pro...
The BadUSB attack relies on either exploiting bugs in the USB driver or emulating something like a keyboard and typing commands into a terminal. It's bad, but not nearly as bad as having complete, unfettered access to RAM by design. For example, a locked computer or server that isn't logged in locally is unlikely to be affected by BadUSB because it can't know the login details, but with Thunderbolt you have total access.
-
reeeally thorough "security checks" ;)
The only "benefit" I see here is the simplification of
"security checks" ;) with tools similar tohttp://www.breaknenter.org/pro...
(or whatever the Tailored Access Operations guys call
their equivalent piece of software ;) ) -
Re:Intentional sabotage?
It's a shame they didn't think about security when setting up all that stuff. Just like Firewire and PC-Card the ports are vulnerable to DMA attacks, meaning an attached device can read the computer's memory and modify it at will. There are already tools to exploit this, both open source and proprietary.
Law enforcement, government agencies and criminals alike love this attack. Maybe that's why they left it in. The only mitigation is to disable the port, preferably physically.
-
Re:Memory dump lol
Yes, TrueCrypt implies windows.
The parent implied that his use of Linux and ecryptfs somehow protected him from this type of attack, which really it doesn't, just this particular implementation of this attack.
My point is, that other full disk encryption implementations are typically vulnerable to the same sort of attack, that is the encryption key is going to be stored in memory.
There are in fact tools to extract keys over firewire(or other methods) for a variety of operating systems, not just Windows and TrueCrypt, consider Inception
-
Re:dark conspiracy against open hardware
Hey, it worked with firewire and thunderbolt.
http://www.breaknenter.org/projects/inception/ -
Re:Why yes!
I prefer to plug in random firewire cables that i find hanging out of walls.
-
Re:Setting up for iFailure
Macs are easy to hack as long as they have firewire or thunderbolt. Here is a tool: http://www.breaknenter.org/projects/inception/
-
extracting keys from RAMThis tool extracts the keys from RAM dumps. There are free tools that do this too, of course.
But isn't it difficult to get a RAM dump, you say? Not really:
- Hibernating a computer writes this data to disk. Starting in Windows 8, "shutdown" actually writes some hibernate data by default.
- VMs also have their own suspend functionality that does a RAM dump, as well as non-SAN VM migration.
- Firewire ports actually allow devices to scan RAM of the machine they're connected to.
- Obviously, if you have access to a live machine, you can get the keys directly from RAM.
-
Re:Encryption is not broken
Link to inception: http://www.breaknenter.org/projects/inception/