This is a frighteningly effective hack, which once again underscores that if your attacker has physical access to the machine, you're hosed. I've seen this attack demonstrated live on Windows Server. It just uses DMA to search the memory and skip the subroutine that checks whether the password entered was valid.
Just put glue in the firewire connector, you say? Well, for instance most laptops that can be docked are firewire-accessible through the docking port. The firewire interface is also reachable through a USB adapter. So you'd have to glue the USB ports shut as well. (Impractical). Even if you do all this, most motherboards have the FireWire interface enabled on a PCI level, even if there are no physical PCI ports on the computer. So against this attack you'd be pretty much hosed regardless, unless you use a chipset that explicitly doesn't implement FireWire.
To prevent this attack, disable auto-loading of FireWire drivers within the OS. I believe one of the Linux driver stacks already does this & OS X protects itself when the machine is locked.
Also, FireWire over USB is repeatedly mentioned as not working.
marvin|12 years ago
Just put glue in the firewire connector, you say? Well, for instance most laptops that can be docked are firewire-accessible through the docking port. The firewire interface is also reachable through a USB adapter. So you'd have to glue the USB ports shut as well. (Impractical). Even if you do all this, most motherboards have the FireWire interface enabled on a PCI level, even if there are no physical PCI ports on the computer. So against this attack you'd be pretty much hosed regardless, unless you use a chipset that explicitly doesn't implement FireWire.
j_s|12 years ago
Also, FireWire over USB is repeatedly mentioned as not working.
thejosh|12 years ago