Sign in with
Sign up | Sign in

Windows 7 Vulnerable to Memory Attack

By - Source: Tom's Hardware US | B 50 comments

Hackers can gain access to a system's memory--thus taking over Windows 7--through its PCMCIA port.

A paper written by researchers Christophe Devine and Damien Aumaitre of the European Security Expertise Center claims that hackers could infiltrate the 64-bit version of Windows 7 by going after kernel code stored in the PC's physical memory. The good news is that a hacker would need direct, physical contact with a system to carry out the invasion.

The research leading to the paper included using a PCMCIA card device that contained a custom DMA engine running on a MIPS CPU. The device was able to access the Windows 7 kernel code, alter it, and then gain control over the operating system. This means that the CPU and OS were bypassed, unable to prevent malicious DMA requests.

The technique isn't anything new: other researchers have been able to gain access to Windows XP and older versions of Mac OS X by tapping into the system's DMA via other ports. However the DMA engine used on the current "hacking" device had to be rebuilt from scratch thanks to major changes to Windows 7. Now the only way to carry out the hack in the current OS is to access the memory via PCMCIA.

Devine and Aumaitre said that the hack can be prevented by deactivating the PCMCIA driver. Another means of protection is by using an input/output memory management unit (IOMMU)--this can protect physical memory from interferences from devices. Many recent CPUs already include this technology.

The research, called Subverting Windows 7 x64 Kernel with DMA Attacks, will be presented at the Hack in the Box security conference (June 29 - July 2). Microsoft has not issued a statement in regards to this Windows 7 vulnerability.

Discuss
Display all 50 comments.
This thread is closed for comments
Top Comments
  • 30 Hide
    kyeana , June 11, 2010 10:41 PM
    If someone has physical access to your computer, they can get into it. Don't see how this would be any easier then throwing the hard drive in a secondary machine and running a password cracker on it.
  • 28 Hide
    misry , June 11, 2010 10:51 PM
    Nothing is safe from direct physical attack.
  • 25 Hide
    proxy711 , June 11, 2010 10:55 PM
    Breakings news! a hacker has hacked a computer by copying files to a thumb drive as the owner of the computer was in the restroom. More breaking news at eleven.
Other Comments
  • 30 Hide
    kyeana , June 11, 2010 10:41 PM
    If someone has physical access to your computer, they can get into it. Don't see how this would be any easier then throwing the hard drive in a secondary machine and running a password cracker on it.
  • 28 Hide
    misry , June 11, 2010 10:51 PM
    Nothing is safe from direct physical attack.
  • 25 Hide
    proxy711 , June 11, 2010 10:55 PM
    Breakings news! a hacker has hacked a computer by copying files to a thumb drive as the owner of the computer was in the restroom. More breaking news at eleven.
  • 23 Hide
    mchawk , June 11, 2010 11:05 PM
    I read that shocking title to get this?!

    ...
  • -4 Hide
    gege , June 11, 2010 11:26 PM
    The pic in the news its me hacking the cracker, giving he a little surprise
  • 3 Hide
    icepick314 , June 11, 2010 11:45 PM
    thank god my Asus G73JH doesn't have PCMCIA port...or express card...
  • 7 Hide
    Anonymous , June 11, 2010 11:55 PM
    proxy711Breakings news! a hacker has hacked a computer by copying files to a thumb drive as the owner of the computer was in the restroom. More breaking news at eleven.


    Hahahaha, thats exactly what came to my mind.

    Quote:
    Devine and Aumaitre said that the hack can be prevented by deactivating the PCMCIA driver.


    Or it can be prevented by not allowing people near your computer...
  • 0 Hide
    ta152h , June 12, 2010 12:02 AM
    Duh, of course the CPU was bypassed by DMA, that's the whole point of it! Direct Memory Access was developed by DEC as a much cheaper replacement to channels, both of which offload work that would otherwise be required by the CPU. I'm kind of surprised this is only a problem on Windows 7.

    But, really, it's not an effective virus if you have to break into someone's house to spread it.
  • 1 Hide
    Anonymous , June 12, 2010 1:30 AM
    Ha, my new AMD 1055T has IOMMU. And here I though it was just virtual OS running that benefited from IOMMU!
  • 10 Hide
    megahustler , June 12, 2010 1:42 AM
    This just in: computers vulnerable to memory attack by physically interfacing to the computer.

    This also just in: computers vulnerable to someone stealing the computer because they're standing right next to it!

    Scientists investigating possible power-cord vulnerability are currently recruiting several toddlers as test staff.
  • 4 Hide
    sinfulpotato , June 12, 2010 2:53 AM
    regulasYou noticed it said older versions of OS X. I thought random memory addressing was all that and that MS was billions of light years ahead of OS X for security. Guess I was wrong as I sit outside having a cold Bud typing this on my Macbook Pro, keyboard illuminated because it is getting dark.


    Microsoft is light years ahead. The only reason windows gets more of these hacks and viruses is because apple can only convince so many idiots that paying double for something that does the same thing as a windows machine is a good thing.

    You'll see, once Steve jobs can make people stop thinking logically about their purchases and buy macs you'll be watching your bank accounts drain, and you SSN will be used in three different states... at the same time.
  • 1 Hide
    thisismyname , June 12, 2010 2:59 AM
    Forgive me if I'm wrong, but wouldn't this require physical access?

    I can think of a TON of ways to own any computer regardless of OS through physical access. No offense, but I believe this article is a little sensationalist by not mentioning that key fact. I mean, this is definitely newsworthy as far as the technical feat goes, but at the same time it's not the end of the world for Windows 7 users.
  • 4 Hide
    Stryter , June 12, 2010 3:15 AM
    If someone is going to go to all the trouble of gaining direct, physical access to my computer, why the hell would they go for this type of attack? Seems like someone taking a plane to go to the grocery store.
  • 4 Hide
    littlec , June 12, 2010 3:35 AM
    StryterIf someone is going to go to all the trouble of gaining direct, physical access to my computer, why the hell would they go for this type of attack? Seems like someone taking a plane to go to the grocery store.


    ROFL, and who the hell has a working PCMCIA device anymore? I think I had one somewhere in a box full of crap like 10 years ago.
  • 0 Hide
    spectrewind , June 12, 2010 4:00 AM
    kyeanaIf someone has physical access to your computer, they can get into it. Don't see how this would be any easier then throwing the hard drive in a secondary machine and running a password cracker on it.


    For example, using PGP Desktop, full drive encryption. Tethering the SAM database of cached credentials to the boot sector as a key to allow the system to boot.

    If you have physical access to the hardware, are forced to restart, and the hard drive is encrypted, then you will not get your information.
  • 1 Hide
    athreex , June 12, 2010 4:05 AM
    thisismynameForgive me if I'm wrong, but wouldn't this require physical access?I can think of a TON of ways to own any computer regardless of OS through physical access.


    Yep. I know many ways to get physical access to a PCMCIA/Express Card without being there....

    nahh...just kidding I'm just overhyping my statement..just as the article's title. :) 
  • 1 Hide
    Anonymous , June 12, 2010 4:26 AM
    hmmm.. the hacker would build a mini-pcmcia card without the casing so he will sceretly install it in the victim's laptop. without the casing it wont protrude, or be visible as its covered by a dust flap.
    then waiting for the victim to come back and enter passwords/retina scans/thumbprints wolla!

    suitable for computer repair shops/crocked IT dept. Do check ur pcmcia slot after sending for repairs.
  • 3 Hide
    qwoz , June 12, 2010 4:45 AM
    good thing to know. Now I will be sure to lock my house to keep hackers out?
Display more comments