Firewire: The Forgotten Security Risk

Tue 18 January 2011 Category: Security

The battle between Firewire and USB has been won by USB, but Firewire is still arround. It is not that prevalent, cheap computers lack Firewire, but they often have a PCMCIA slot.

The thing is this: Firewire allows direct access to all RAM of your computer. An attacker can:

  • unlock your screensaver without a valid password;
  • read the contents of documents or files present in memory;
  • defeat FDE (Full Disk Encryption) like Truecrypt or Bitlocker;
  • do nasty things with your computer limited only by skill and imagination.

So if you leave your system unattended for a short duration, consider your system compromised. I mean, if you are a celebrity or something, otherwise, don't worry, nobody would be bothered since it is a risky attack: the attacker needs physical access.

The attacker attacks your laptop by connecting his laptop to yours with a Firewire cable. Firewire must be enabled in the BIOS of the victim, which is the default in most cases. Even if Firewire is disabled, the PCMCIA adapter can also be used to access RAM. The attacker can insert a PCMCIA Firewire controller and use it to attack your laptop.

Basically, the Attacker makes the attacking laptop pretending to be an iPpod, a type of advice which is allowed to access memory through DMA. This allows the attacker READ and WRITE access to memory. The possibilities are endless, but injecting executable code, compromising the laptop is not far fetched.

Many people may already have stopped reading because this attack is very old and widely publicised: it dates back to 2003/2004. However if you are not familiar with this attack and want to know more about it, visit this site.

The mitigation

As far as I know, the only solution to prevent this type of attack is to disable both Firewire and PCMCIA support in the BIOS. It is smart to protect the BIOS with a strong password, so both options cannot be enabled.

I read somewere that most recent Apple Macbook models are no longer vulnerable, but I could just make that up.