March 5, 2008
The Firewire direct memory access back door
Posted Mar. 5, ’08, 5:25 AM PT by Derik DeLong
Category | Security
Engadget is making famous a report that Firewire can be used to break into computers. One of Firewire’s features is that it allows for Direct Memory Access (DMA). Connect a Firewire device, including another computer and it can read and write to the memory, including the region where the password is stored.
This exploit isn’t limited just to Windows. The same thing can be done on Macs. The one advantage that we have is that turning on OpenFirmware password disables this direct memory access. However, these two reports are both dated and with Intel Macs using EFI instead of OpenFirmware, it’s unsure how one protects against this.
Before you get too worked up, this attack requires physical access. This may not reassure you, but think of it this way: anybody with physical access can use an OS install disc to reset the administrative password to get access to your computer (or just take the disk right out of your Mac). Now, if you’ll excuse me, I need to go put on my new tin foil hat.
2 Comments
Leave a comment
Recent Entries
About MacUser
MacUser is your source for news, info, and opinion about Apple, the Mac, and the iPod. Our dedicated team of bloggers covers everything that is relevant to Mac users — and, okay, some stuff that’s not quite relevant, but is still a lot of fun.
Subscribe/RSS
- Blog Posts
- Blog Comments
- Podcast (RSS) (iTunes)
Tip us off!
- Email: macuser [at] macuser [dot] com
Recent Comments 
- wesg on Happy Independence Day! (and nary a Jeff Goldblum in sight)
- Goobi on Skitch is updated. Skitch is awesome
- Donn on Microsoft offers iPods as search prize in Australia
- ssdfan on Solid state drives eat battery life, don't save it for later
- ssdfan on Solid state drives eat battery life, don't save it for later
- mark kren on Success! Firefox 3 sets world record for downloads
Categories
- Apple (187)
- Advertising (141)
- Events (217)
- Huh? (153)
- Humor (239)
- News (133)
- People (231)
- Rivals (353)
- Speculation (145)
- Steve Jobs (147)
- Stores (187)
- Apple TV (54)
- Business (394)
- Games (133)
- Geekery (423)
- Hardware (855)
- Accessories (59)
- Intel Macs (159)
- Ihnatko (18)
- Internet (398)
- Legal (201)
- MacUser (89)
- Money (156)
- Music (317)
- Podcasting (98)
- Photography (67)
- Security (217)
- Software (1415)
- Updates (488)
- Tips (338)
- Troubleshooting (173)
- Video (366)
- Windows (197)
- iPhone (180)
- iPod (561)
- iPod Accessories (89)
- iPod Software (57)
- iTunes (101)
- iTunes Store (395)
Archives
- July 2008 (26)
- June 2008 (171)
- May 2008 (185)
- April 2008 (234)
- March 2008 (217)
- February 2008 (215)
- January 2008 (239)
- December 2007 (169)
- November 2007 (164)
- October 2007 (187)
- September 2007 (167)
- August 2007 (195)
- July 2007 (152)
- June 2007 (223)
- May 2007 (243)
- April 2007 (286)
- March 2007 (288)
- February 2007 (250)
- January 2007 (266)
- December 2006 (244)
- November 2006 (293)
- October 2006 (307)
- September 2006 (250)
- August 2006 (268)
- July 2006 (288)
- June 2006 (293)
- May 2006 (297)
- April 2006 (351)
- March 2006 (366)
- February 2006 (110)
- January 2006 (107)
- December 2005 (23)
Mac Publishing Sites
Links
Well, there was the expectation that, while someone can indeed reset your Admin account password using the OS X install disk (unless you are using a MacBook Air!), if your data was encrypted using FileVault then the attacker still gets nothing. However, given the other recently reported exploit that shows the password for FileVault is stored in RAM I can only assume that this attack would also get that as well. So rather than a tin foil hat, perhaps a brick wall would be a better idea? While we can flippant about such issues because the attacker needs physical access to your computer, this is a serious issue for those working in open environments like an office.
This at least doesn't seem to require opening the case and then dismantling the MacBook.
Storing your password in RAM is one thing, but think of all the things you have stored in RAM at one moment or another. Your taxes, your spreadsheets, your email, your word processing documents, Web pages. Everything you do on the computer, whether it be confidential, secret, illegal, or just embarrassing is in RAM at one time.
Exploits which require the theft of my laptop are not a huge concern to me since I'm sure anyone who steals my laptop and is clever is going to be able to get to most of my data.
But, an exploit which allows someone to read my RAM simply by plugging in a FireWire cable strikes me as considerably more serious. Hopefully, we'll see a fix. Maybe a password prompt before DMA access is allowed for a device that is plugged in.