[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Recent developments in FireWire Attacks


The security vulnerabilities associated with open FireWire ports are
nothing new, having been covered extensively by Maximilian Dornseif
(2004 and 2005) and more recently by Adam Boileau (2006 and 2008).
Unfortunately the tools released as part of these disclosures (pyfw,
pythonraw1394 and winlockpwn) have all started to succumb to bit rot. In
addition, there has been comparative lack of research on the
vulnerabilities of Mac OS X against FireWire attacks.

Therefore I would like to share my updated research in the field. This
includes a open source cross platform (GNU/Linux and Mac OS X) library,
libforensic1394, for performing memory forensics/attacks over FireWire
and a paper on the subject. (Although written from a forensics
standpoint the security implications associated with the interface are
discussed at great length.)

The paper can be found here:


with the associated pages for it and libforensic1394 being


Included in the paper is:
 - A comprehensive discussion on obtaining memory access over the interface.
 - Coverage of the new "Juju" FireWire stack, introduced in the 2.6.22
Linux kernel. (Its features, susceptibility to memory access attacks, etc.)
 - Limitations of existing libraries and how libforensic1394 represents
an improvement over them.
 - User-space code samples showing how responses to read/write requests
can be spoofed my a malicious application on the target system.
 - Updated attack signatures for 32- and 64-bit versions of Windows to
bypass logon passwords.
 - Similar signatures for Mac OS X 10.6 along with a discussion of how
the user logon password can be extracted from a (locked) system. This,
from a security standpoint, is particularly concerning.
 - Mitigation for Windows, Mac OS X and GNU/Linux.
 - Source code for all sample programs.

Polemically yours, Freddie.