Windows 7 Vulnerable to Memory Attack
Hackers can gain access to a system's memory--thus taking over Windows 7--through its PCMCIA port.
A paper written by researchers Christophe Devine and Damien Aumaitre of the European Security Expertise Center claims that hackers could infiltrate the 64-bit version of Windows 7 by going after kernel code stored in the PC's physical memory. The good news is that a hacker would need direct, physical contact with a system to carry out the invasion.
The research leading to the paper included using a PCMCIA card device that contained a custom DMA engine running on a MIPS CPU. The device was able to access the Windows 7 kernel code, alter it, and then gain control over the operating system. This means that the CPU and OS were bypassed, unable to prevent malicious DMA requests.
The technique isn't anything new: other researchers have been able to gain access to Windows XP and older versions of Mac OS X by tapping into the system's DMA via other ports. However the DMA engine used on the current "hacking" device had to be rebuilt from scratch thanks to major changes to Windows 7. Now the only way to carry out the hack in the current OS is to access the memory via PCMCIA.
Devine and Aumaitre said that the hack can be prevented by deactivating the PCMCIA driver. Another means of protection is by using an input/output memory management unit (IOMMU)--this can protect physical memory from interferences from devices. Many recent CPUs already include this technology.
The research, called Subverting Windows 7 x64 Kernel with DMA Attacks, will be presented at the Hack in the Box security conference (June 29 - July 2). Microsoft has not issued a statement in regards to this Windows 7 vulnerability.