Hacking method to avoid password lock via PC's external interface will be released

ByDiscos Konfort

It is indispensable to keep a password lock on a PC handling important data, but a method to avoid that password lock via the external interface is released. this is"InceptionAlthough it is a hacking method that uses a tool called "hacking method", it is said that there are cases in which it is difficult to take measures, because there are so many interfaces available.

Inception | Break & amp; Enter
http://www.breaknenter.org/projects/inception/

Attacking full-disk encryption with Inception [LWN.net]
http://lwn.net/Articles/531920/

Working self-name at a major security firm in New YorkWhite hackerMr. Kirsten Martman, a computer security theme blog "Break & amp; Enter"And we are disclosing a method that can invade a password-locked PC using software" Inception "among them.

InceptionFireWire (IEEE 1394)It is a tool released in 2011 for the purpose of enabling access to the system memory of sleeping PC via via. To realize high-speed transfer to FireWire, a mechanism to access the system memory directly by avoiding data transfer to the CPU which becomes a bottleneck "DMAFunction "is installed and Inception is a tool that utilizes this DMA function.

The hacking method released by Mr. Martman is a method of avoiding password lock by using Inception and disguising as if there is administrator authority. This is to exploit the property "if you recognize the connection by FireWire, the system enables the DMA function", Inception is to access the memory of the hacking / target PC and in the module which authenticates the OS password It is a content to find a memory page enabling authentication with no password input from password authentication procedure. Martman says, "After running the Inception tool and once avoiding password authentication, any password will pass as the correct passcode."

ByPete Prodoehl

Such a hacking method by Incepiton can be said to be a structural defect that the memory area accessed by FireWire's DMA function and the memory area concerning password checking and authentication are in the same place. The hacking using the Inception tool rewrites the data in the memory area, but the contents of the memory are cleared by restarting the PC, and the nature that it is difficult to notice that the damage has occurred because no trace of hacking remains I'm waiting.

Furthermore, even if the PC does not have a FireWire interface, if the chipset has the FireWire function installed, if the system detects that the FireWire interface has been added, sometimes the DMA function is activated Be careful also. In other words, you can connect to a PC without a FireWire interface from an external interface such as Thunderbolt · PCI / PCI Express · PC cardSBP-2By misunderstanding that the FireWire interface has been added to the PC by notifying the directory, if you install a more appropriate driver you can impersonate FireWire's DMA function, so afterwards you can avoid password lock by using the Inception tool That is possible.

ByJaroslaw W

The hacking method revealed this time is difficult to fundamentally countermeasure unless the mechanism of FireWire's DMA function is changed. Therefore, to prevent hacking damage in the unlikely event, use a PC without FireWire function It seems to be said that it is safe.