Windows 7 Vulnerable to Memory Attack

A paper written by researchers Christophe Devine and Damien Aumaitre of the European Security Expertise Center claims that hackers could infiltrate the 64-bit version of Windows 7 by going after kernel code stored in the PC's physical memory. The good news is that a hacker would need direct, physical contact with a system to carry out the invasion.

The research leading to the paper included using a PCMCIA card device that contained a custom DMA engine running on a MIPS CPU. The device was able to access the Windows 7 kernel code, alter it, and then gain control over the operating system. This means that the CPU and OS were bypassed, unable to prevent malicious DMA requests.

The technique isn't anything new: other researchers have been able to gain access to Windows XP and older versions of Mac OS X by tapping into the system's DMA via other ports. However the DMA engine used on the current "hacking" device had to be rebuilt from scratch thanks to major changes to Windows 7. Now the only way to carry out the hack in the current OS is to access the memory via PCMCIA.

Devine and Aumaitre said that the hack can be prevented by deactivating the PCMCIA driver. Another means of protection is by using an input/output memory management unit (IOMMU)--this can protect physical memory from interferences from devices. Many recent CPUs already include this technology.

The research, called Subverting Windows 7 x64 Kernel with DMA Attacks, will be presented at the Hack in the Box security conference (June 29 - July 2). Microsoft has not issued a statement in regards to this Windows 7 vulnerability.

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
50 comments
    Your comment
    Top Comments
  • If someone has physical access to your computer, they can get into it. Don't see how this would be any easier then throwing the hard drive in a secondary machine and running a password cracker on it.
    30
  • Nothing is safe from direct physical attack.
    28
  • Breakings news! a hacker has hacked a computer by copying files to a thumb drive as the owner of the computer was in the restroom. More breaking news at eleven.
    25
  • Other Comments
  • If someone has physical access to your computer, they can get into it. Don't see how this would be any easier then throwing the hard drive in a secondary machine and running a password cracker on it.
    30
  • Nothing is safe from direct physical attack.
    28
  • Breakings news! a hacker has hacked a computer by copying files to a thumb drive as the owner of the computer was in the restroom. More breaking news at eleven.
    25