Windows 7 Vulnerable to Memory Attack
Hackers can gain access to a system's memory--thus taking over Windows 7--through its PCMCIA port.
A paper written by researchers Christophe Devine and Damien Aumaitre of the European Security Expertise Center claims that hackers could infiltrate the 64-bit version of Windows 7 by going after kernel code stored in the PC's physical memory. The good news is that a hacker would need direct, physical contact with a system to carry out the invasion.
The research leading to the paper included using a PCMCIA card device that contained a custom DMA engine running on a MIPS CPU. The device was able to access the Windows 7 kernel code, alter it, and then gain control over the operating system. This means that the CPU and OS were bypassed, unable to prevent malicious DMA requests.
The technique isn't anything new: other researchers have been able to gain access to Windows XP and older versions of Mac OS X by tapping into the system's DMA via other ports. However the DMA engine used on the current "hacking" device had to be rebuilt from scratch thanks to major changes to Windows 7. Now the only way to carry out the hack in the current OS is to access the memory via PCMCIA.
Devine and Aumaitre said that the hack can be prevented by deactivating the PCMCIA driver. Another means of protection is by using an input/output memory management unit (IOMMU)--this can protect physical memory from interferences from devices. Many recent CPUs already include this technology.
The research, called Subverting Windows 7 x64 Kernel with DMA Attacks, will be presented at the Hack in the Box security conference (June 29 - July 2). Microsoft has not issued a statement in regards to this Windows 7 vulnerability.
- Crysis 2 Beta Program Announced
- MSI's GT660 Gaming Notebook Gets Spec'd
- Portal 2 Delayed Until 2011, E3 Surprise Revealed
- QOTD: Does Your Child Have a Cell Phone? Why?
- Deals for June 10: Wii Fit Plus, Xbox Live Points
- Toshiba Unleashes 2.5'' HDDs with 10K RPM
- Deals for June 9: GeForce GTX 260 For $140.99
- Massive AT&T Breach Exposes A-Listers' iPad Data
- Woman Calls Tech Support Over Google PAC-MAN
- Team Fortress 2 50% Off, Free to Play at Weekend
- Dell: Ubuntu Safer than Windows
- Crysis 2 Supports 3D Singleplayer, Multiplayer
- Chrome OS May Support "Legacy" PC Applications
- MSI Ships 17'' GX740 with Radeon 5870, Core i7
- Deals for June 14: Free Hot Dog on a Stick Day
- What the PS3 Needs to Compete with Kinect
- Asus Announces AMD Geode-based Eee PC
- VIDEO: Crysis 2 Gameplay Footage @ E3 2010
If someone has physical access to your computer, they can get into it. Don't see how this would be any easier then throwing the hard drive in a secondary machine and running a password cracker on it.
Nothing is safe from direct physical attack.
Breakings news! a hacker has hacked a computer by copying files to a thumb drive as the owner of the computer was in the restroom. More breaking news at eleven.
I read that shocking title to get this?!
...
The pic in the news its me hacking the cracker, giving he a little surprise
thank god my Asus G73JH doesn't have PCMCIA port...or express card...
Breakings news! a hacker has hacked a computer by copying files to a thumb drive as the owner of the computer was in the restroom. More breaking news at eleven.
Hahahaha, thats exactly what came to my mind.
Or it can be prevented by not allowing people near your computer...
Duh, of course the CPU was bypassed by DMA, that's the whole point of it! Direct Memory Access was developed by DEC as a much cheaper replacement to channels, both of which offload work that would otherwise be required by the CPU. I'm kind of surprised this is only a problem on Windows 7.
But, really, it's not an effective virus if you have to break into someone's house to spread it.
You noticed it said older versions of OS X. I thought random memory addressing was all that and that MS was billions of light years ahead of OS X for security. Guess I was wrong as I sit outside having a cold Bud typing this on my Macbook Pro, keyboard illuminated because it is getting dark.
I did just recently update my Gaming rig (Thanks Newegg) to Vista, I mean MS 7 64 bit. Fallout 3 crashes more now.
Ha, my new AMD 1055T has IOMMU. And here I though it was just virtual OS running that benefited from IOMMU!
This just in: computers vulnerable to memory attack by physically interfacing to the computer.
This also just in: computers vulnerable to someone stealing the computer because they're standing right next to it!
Scientists investigating possible power-cord vulnerability are currently recruiting several toddlers as test staff.
You noticed it said older versions of OS X. I thought random memory addressing was all that and that MS was billions of light years ahead of OS X for security. Guess I was wrong as I sit outside having a cold Bud typing this on my Macbook Pro, keyboard illuminated because it is getting dark.
Microsoft is light years ahead. The only reason windows gets more of these hacks and viruses is because apple can only convince so many idiots that paying double for something that does the same thing as a windows machine is a good thing.
You'll see, once Steve jobs can make people stop thinking logically about their purchases and buy macs you'll be watching your bank accounts drain, and you SSN will be used in three different states... at the same time.
Forgive me if I'm wrong, but wouldn't this require physical access?
I can think of a TON of ways to own any computer regardless of OS through physical access. No offense, but I believe this article is a little sensationalist by not mentioning that key fact. I mean, this is definitely newsworthy as far as the technical feat goes, but at the same time it's not the end of the world for Windows 7 users.
If someone is going to go to all the trouble of gaining direct, physical access to my computer, why the hell would they go for this type of attack? Seems like someone taking a plane to go to the grocery store.
If someone is going to go to all the trouble of gaining direct, physical access to my computer, why the hell would they go for this type of attack? Seems like someone taking a plane to go to the grocery store.
ROFL, and who the hell has a working PCMCIA device anymore? I think I had one somewhere in a box full of crap like 10 years ago.
If someone has physical access to your computer, they can get into it. Don't see how this would be any easier then throwing the hard drive in a secondary machine and running a password cracker on it.
For example, using PGP Desktop, full drive encryption. Tethering the SAM database of cached credentials to the boot sector as a key to allow the system to boot.
If you have physical access to the hardware, are forced to restart, and the hard drive is encrypted, then you will not get your information.
Forgive me if I'm wrong, but wouldn't this require physical access?I can think of a TON of ways to own any computer regardless of OS through physical access.
Yep. I know many ways to get physical access to a PCMCIA/Express Card without being there....
nahh...just kidding I'm just overhyping my statement..just as the article's title.
hmmm.. the hacker would build a mini-pcmcia card without the casing so he will sceretly install it in the victim's laptop. without the casing it wont protrude, or be visible as its covered by a dust flap.
then waiting for the victim to come back and enter passwords/retina scans/thumbprints wolla!
suitable for computer repair shops/crocked IT dept. Do check ur pcmcia slot after sending for repairs.
good thing to know. Now I will be sure to lock my house to keep hackers out?
In the news, another new hacking method that is totally new, hackers can now run video games on your Windows 7 PC believe it or not, the attack is made possible when the hackers broke into your house and stole your password unprotected Win 7 PC. This is a revolutionary kind of attack that will put you and your family in danger just because you have Windows 7, this news has been brought to you by Apple.
/sarcasm
But it is a good thing this case surface so that it can be solved.
So if you can plug a DMA device (Direct Memory Access) to the PC you can hack it? That's interesting, its more of a hardware issue for allowing DMA devices access to kernel memory and not and OS problem
"Devine and Aumaitre said that the hack can be prevented by deactivating the PCMCIA driver. "
If you have physical access to the computer, wouldn't your first task be to activate the driver? Then again, if you can do that, you probably don't need to hack anything...
Well, at least this is a 'physical access needed' attack. It's bad when some of these remote attacks can be done, though really those damned hackers are taking advantage of things that were put into Windows and other OS's to make people's lives easier.
can this be done is someway if the user is using a pcmcia wireless or wired card?
"The research leading to the paper included using a PCMCIA card device that contained a custom DMA engine running on a MIPS CPU."
THIS INVALIDATES THE WHOLE THING. WHO THE HELL IS RUNNING WINDOWS 7 ON A MIPS CPU?
"The research leading to the paper included using a PCMCIA card device that contained a custom DMA engine running on a MIPS CPU."THIS INVALIDATES THE WHOLE THING. WHO THE HELL IS RUNNING WINDOWS 7 ON A MIPS CPU?
Nobody, because it's not a supported architecture. I think the article meant that the add-in card is running the MIPS cpu.
You noticed it said older versions of OS X. I thought random memory addressing was all that and that MS was billions of light years ahead of OS X for security. Guess I was wrong as I sit outside having a cold Bud typing this on my Macbook Pro, keyboard illuminated because it is getting dark.
Illluminated keyboards are cool, aren't they? I got mine when I bought my Dell desktop (Saitek Eclipse II) and my friend just got a Dell laptop with an illuminated keyboard as well. Pretty.
You noticed it said older versions of OS X. I thought random memory addressing was all that and that MS was billions of light years ahead of OS X for security. Guess I was wrong as I sit outside having a cold Bud typing this on my Macbook Pro, keyboard illuminated because it is getting dark.
Of course its light years a head. Hell, no one should ever try to compare Microsoft Windows Security to Mac GARBAGE OSX, cuz its not even the same level. One is working hard to lock things down, the other one is "pretending" that everything has been locked. Its just different.
Who the heck still uses PCMCIA these days? if he/she does, shame on him/her.
Fortunately, most laptops sold today (and in the last 2 years) lack a PCMCIA port.