Skip to main content

Windows 7 Vulnerable to Memory Attack

A paper written by researchers Christophe Devine and Damien Aumaitre of the European Security Expertise Center claims that hackers could infiltrate the 64-bit version of Windows 7 by going after kernel code stored in the PC's physical memory. The good news is that a hacker would need direct, physical contact with a system to carry out the invasion.

The research leading to the paper included using a PCMCIA card device that contained a custom DMA engine running on a MIPS CPU. The device was able to access the Windows 7 kernel code, alter it, and then gain control over the operating system. This means that the CPU and OS were bypassed, unable to prevent malicious DMA requests.

The technique isn't anything new: other researchers have been able to gain access to Windows XP and older versions of Mac OS X by tapping into the system's DMA via other ports. However the DMA engine used on the current "hacking" device had to be rebuilt from scratch thanks to major changes to Windows 7. Now the only way to carry out the hack in the current OS is to access the memory via PCMCIA.

Devine and Aumaitre said that the hack can be prevented by deactivating the PCMCIA driver. Another means of protection is by using an input/output memory management unit (IOMMU)--this can protect physical memory from interferences from devices. Many recent CPUs already include this technology.

The research, called Subverting Windows 7 x64 Kernel with DMA Attacks, will be presented at the Hack in the Box security conference (June 29 - July 2). Microsoft has not issued a statement in regards to this Windows 7 vulnerability.

  • kyeana
    If someone has physical access to your computer, they can get into it. Don't see how this would be any easier then throwing the hard drive in a secondary machine and running a password cracker on it.
    Reply
  • misry
    Nothing is safe from direct physical attack.
    Reply
  • proxy711
    Breakings news! a hacker has hacked a computer by copying files to a thumb drive as the owner of the computer was in the restroom. More breaking news at eleven.
    Reply
  • mchawk
    I read that shocking title to get this?!

    ...
    Reply
  • gege
    The pic in the news its me hacking the cracker, giving he a little surprise
    Reply
  • icepick314
    thank god my Asus G73JH doesn't have PCMCIA port...or express card...
    Reply
  • proxy711Breakings news! a hacker has hacked a computer by copying files to a thumb drive as the owner of the computer was in the restroom. More breaking news at eleven.
    Hahahaha, thats exactly what came to my mind.

    Devine and Aumaitre said that the hack can be prevented by deactivating the PCMCIA driver.

    Or it can be prevented by not allowing people near your computer...
    Reply
  • ta152h
    Duh, of course the CPU was bypassed by DMA, that's the whole point of it! Direct Memory Access was developed by DEC as a much cheaper replacement to channels, both of which offload work that would otherwise be required by the CPU. I'm kind of surprised this is only a problem on Windows 7.

    But, really, it's not an effective virus if you have to break into someone's house to spread it.
    Reply
  • Regulas
    I did just recently update my Gaming rig (Thanks Newegg) to Vista, I mean MS 7 64 bit. Fallout 3 crashes more now.
    Reply
  • Regulas
    You noticed it said older versions of OS X. I thought random memory addressing was all that and that MS was billions of light years ahead of OS X for security. Guess I was wrong as I sit outside having a cold Bud typing this on my Macbook Pro, keyboard illuminated because it is getting dark.
    Reply