Hit by a Bus: Physical Access Attacks with Firewire - 2008 - Ruxcon

More documents

Recommendations

Info

Physical Access Attacks • Assertion: Physical access to a general purpose computer is game over • Qualifiers: “general purpose” Systems that are not designed to operate in a hostile environment. Commodity kit. Compare with ATMs, custom kiosks, parking meters • Traditional physical access attacks include: Booting off disk/CD/USB to gain raw disk access Bypass BIOS password with the CMOS reset jumper Hardware keyboard loggers • Hardened systems also get attacked: Side channel attacks on crypto smartcards (Ruxcon 03!) ATM data circuit MitM Copyright Security-Assessment.com 2006
Physical Access Attacks • ATMs: hardened hardware for hostile environments! • But I sure hope their crypto is turned on... Copyright Security-Assessment.com 2006
Page 1 and 2: Hit by a Bus: Physical Access Attac
Page 3 and 4: Copyright Security-Assessment.com 2
Page 5: Introduction • Intro (
Page 9 and 10: Physical Access Attacks • Increas
Page 11 and 12: Firewire Background • Firewire (I
Page 13 and 14: The Fire in your Wire • Periphera
Page 15 and 16: DMA: The Fire in your Wire read 0x0
Page 17 and 18: This aint 0day • “Quinn The Esk
Page 19 and 20: Demo A vict^h^h^holunteer with a Wi
Page 21 and 22: CSR Trickery root@host~# romtool Us
Page 23 and 24: Memory Forensics • Traditional ha
Page 25 and 26: Down & Dirty with Physical RAM •
Page 27 and 28: Password recovery • Passwords and
Page 29 and 30: Mitigation • The OHCI spec doesn'
Page 31 and 32: Other Lunacy • From the 1394 Trad
Page 33: Questions ? http://www.security-ass

Hit by a Bus: Physical Access Attacks with Firewire - 2008 - Ruxcon

Create successful ePaper yourself

Delete template?

Save as template?