Adam Boileau (Metlstorm) has released a script (winlockpwn) written in Python, which allows a device running Linux to be connected to the FireWire port of a target workstation running Windows XP to get full read/write memory access and bypass Windows authentication. He demonstrated the tool in 2006, but didn’t release it until a few days ago. And this type of attack is also apparently effective against other OSes such Linux and OS X. And if the device doesn’t have a FireWire port, you’re not necessarily out of luck. If it has a slot for a PCMCIA card, a PCMCIA FireWire card will do the trick. And if you don’t have Linux on your laptop, just run your favorite Linux Live CD distro and grab the winlockpwn code and go.
Of course, it always makes sense to disable services and ports that aren’t needed, but we all know that’s not always done and it’s not always trivial to do. Besides, some users may have a business need for the FireWire port. Ah, the challenges of physiscal security!
Tool Physically Hacks Windows
http://www.darkreading.com/document.asp?doc_id=147713&WT.svl=news2_2
No Firewire for Hack? No Problem
http://www.darkreading.com/blog.asp?blog_sectionid=447&doc_id=147718&WT.svl=blogger2_2
Windows XP FireWire Attack Also Defeats Windows Vista
http://www.informationweek.com/news/showArticle.jhtml?articleID=206901949
Hit by a Bus: Physical Access Attacks with FireWire
http://www.ruxcon.org.au/files/2006/firewire_attacks.pdf
storm.net.nz Projects - Firewire, DMA & Windows
