A security consultant, Adam Boileau, based in New Zealand has released a tool that can unlock Windows computers in seconds, via a Firewire port, without the need for a password.
With this tool, called Winlockpwn, one could "unlock locked Windows machines or login without a password ... merely by plugging in your Firewire cable and running a command".
The hack, which affects Windows XP computers but has not yet been tested with Windows Vista, was first demonstrated, at a security conference in Sydney in 2006, but Microsoft has yet to develop a fix. But now that a couple of years have passed and the issue has not resolved, Boileau, decided to release the tool on his website.
Link: theage
With this tool, called Winlockpwn, one could "unlock locked Windows machines or login without a password ... merely by plugging in your Firewire cable and running a command".
The hack, which affects Windows XP computers but has not yet been tested with Windows Vista, was first demonstrated, at a security conference in Sydney in 2006, but Microsoft has yet to develop a fix. But now that a couple of years have passed and the issue has not resolved, Boileau, decided to release the tool on his website.
Link: theage
A little too many comma's me thinks.
EDIT: a few links down, it seems that other OSes too, possibly due to a problem in the general 1394 spec.
See here: http://md.hudora.de/presentations/firewire...-cansecwest.pdf
and a blog post about it here: http://blog.juhonkoti.net/2008/02/29/autom...al-via-firewire
EDIT: a few links down, it seems that other OSes too, possibly due to a problem in the general 1394 spec.
I guess if you had a stupid user and hid the USB-Firewire device before the boot. They might miss the installation of the new device and you could come back later with your 'tool'.
Nonetheless, i have no firewire ports, nor am i blind, so a cable running from my comp to someone elses would be kinda noticeable to me.
Yes but it's still physical access.
It's far from new and ksalter is absolutely correct as once someone has physical access to a machine it's all over.
1) Unnoticed access. You can leave the PC exactly as it was when you arrived. No passwords reset, no red flags.
2) Access to currently opened items, this is especially useful in a corporate setting where the user is "logged in" to some sort of networked application. You can access it with their privileges and then leave the computer as in #1.
3) Access network shares. This is a big one too, you can authenticate against the server just as you would if you were actually logged in as the user. On a domain, this breaks 99% of your security.
Enjoy.
Last edited by Angel Blue01 on 08 Mar 2008 - 13:39
If I was still at my old school, I would use this with a rootkit to get the admin passwords and reformat the HDs with a linux distro, guess quite a load of other people would too
original source
And if you're an IT guy who manages computers with Firewire ports, well, I feel for you.
i do like the 10 microsoft laws of security though:http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx?mfr=true (found at the source if you are wondering if this is offtopic
We tried it and it retreives all hashed account passwords, thus making any Windows version up to Vista accesible. And yes, I've tried it already, and it works.
I wouldn't be suprised anyone could make such tool.
original source
(Author's page) Bypasses windows authentication via firewire, as demoed at Ruxcon 2006, and released on Risky Business, 2008.
Same source you're using.
We tried it and it retreives all hashed account passwords, thus making any Windows version up to Vista accesible. And yes, I've tried it already, and it works.
I wouldn't be suprised anyone could make such tool.
original source
(Author's page) Bypasses windows authentication via firewire, as demoed at Ruxcon 2006, and released on Risky Business, 2008.
Same source you're using.
Only looking for what you want to see? Same source, farther down the page:
Of course, Bitlocker and domain-joined machines make doing any of those things impossible.
You're sure he's talking about the SAME tool?
Skip forward a few months, and it's now a big deal for reasons I'm not wholly sure about. I presented "Hit By A Bus: Physical Access Attacks With Firewire" at Ruxcon 2006, and hopefully if you came along, you were entertained.
At Ruxcon I released my firewire libraries (high level python bindings for libraw1394), the tool for fooling windows into giving you DMA (romtool), and a forensic memory imager (1394memimage). I demoed some of the malicious uses (like unlocking a locked Win XPSP2 workstation, and spawning an admin shell), but I'm not going to release that code (uh, unless you've got a compelling reason, I suppose). The talk and the tools are available just below.
vista has LM hashes disabled, though if you really need to you can enable them.
Anyway, my firewire plug short-circuited, so I'm protected against this.
lmao, I used that in a college thing I did last month, my tutor found it funny too
All it takes is a USB drive or a Bootable CD and you have access. I can see why MS ignored this.
Edit: come to think of it, this is just another tool for techs to use when users lock themselves out of their own machines.
This Firewire issue also affects Mac's and Linux based PC's. It's not a Windows problem.
It's a Firewire problem because it depends on the DMA access which all Firewire implimentations use to send and recieve data.
The only way to resolve this is to disable your fireware ports and don't allow strange folks to plug their devices into your firewire ports.
So unless the protocols for Firewire are changed then there is very little you can do to stop this other than prevent physical access to your systems.
Regards
Simon
Obviously another of the many articles written with the intent of spreading an opinion (in this case, that Microsoft OSs are insecure), even if that meant skipping a few facts because they didn't help the author's case...
Firewire is majorly used in digital video production, I don't see it dieing anytime soon
So why is this article pinning the blame on Microsoft to fix their mistake?
Also, if Apple managed to create a flaw so vast in one protocol, surely it's feasible to think that they've done it in other places as well?
So why is this article pinning the blame on Microsoft to fix their mistake?
Also, if Apple managed to create a flaw so vast in one protocol, surely it's feasible to think that they've done it in other places as well?
Yes Apple created the firewire spec... which is also called i.Link (Sony), IEEE1394(Standard Name) and Firewire(Apple)
As previously pointed out, in most cases someone can just use one of those Linux boot CDs or whatever that automatically mount NTFS partitions to gain access to the local file system. All the NTFS security, unless the files are encrypted, is completely managed from within Windows and does not actually physically exist on the files. However, a smart administrator would disable booting from a CD/usb memory stick from bios and password protect bios. Too bad there isn't that many smart administrators out there...
Under any OS that doesn't disable the port (And I do not believe any of them do) or unless you've got some funky non-standard Firewire controller stuff going on (Like in Apple's old G5s), the machine is completely compromised.
What makes this particularly scary is that it does not require a reboot.
It will NOT magically let them know your username and password, and will certainly not give them your encryption keys.
Also, they haven't said if they have compromised domain accounts. If they have, they would only be able to logon to the local PC and access unencrypted data that is ACL'd for that user. It won't let you magically access corporate resources on the network with that person's token, since they don't have it.
This gives them the SAME level of access as if they had removed the hard drive and put it in another PC. Nothing more. No encrypted file access, no corporate network access.
If you have just booted a computer, bypassing local passwords *should* not give you access to these things. On the other hand, you are now logged in as an authenticated user, so anything is possible. Argumentatively, though from boot if you're logging into a domain type computer it is almost sure that you will NOT have access because you will not have authenticated.
Moral of the story? When you lock your computer (that has firewire ports) you're not safe at all.
A worker from workshop based in New Zealand has shown a tool that can break Windows computers in seconds, via smashing them with a hammer, without the need for a password.
With this tool, called Hammer, one could "hack locked Windows machines or erase sensitive data without a password ... merely by hitting it with Hammer several times".
This hack, which affects Windows XP computers but has not yet been tested with Windows Vista, was first demonstrated, at a drunk party in 2006, but Microsoft has yet to develop a fix. But now that a couple of years have passed and the issue has not resolved, the worker, decided to show the tool on his website.
I am the first time hear about this.
I used http://www.resetwindowspassword.com/ before.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.