Ubuntu QA:
BlogBrainstormPackage status
Log in
Ubuntu QA
The Ubuntu community has contributed 15664 ideas, 77393 comments, 1416168 votes

Idea #5074: Fix firewire vulnerabilities



bug This entry was marked as not being an idea the 24 July 08. To report a bug, please use the Ubuntu bug tracker.
closed
Not an idea
(37)
Written by Rioting_Pacifist the 19 Mar 08 at 01:31. Category: Security.
Related to: Nothing/Others. Status: Not an idea
Description
Firewire can be used to completly bypass most OS level security. while your at your desktop this isn't too bad, and im not even sure if it can by fixed, but when you lock your screen, AFAIK turning off all firewire ports is the only way to stop your system being compromised.

http://it.slashdot.org/article.pl?sid=08/03/04/1258210
Tags: (none)

Attachments
No attachments.


Duplicates


Comments
Eldmannen wrote on the 19 Mar 08 at 02:10
Security is very important for me!

Auzy wrote on the 19 Mar 08 at 02:28
Oh yeah, thats all great, until you consider USB can too!
And so can PCMCIA, Expresscard, etc

Before voting for this, consider that USB, PCMCIA and expresscard are also just as vulnerable!

Eldmannen wrote on the 19 Mar 08 at 02:33
Auzy,
I think only FireWire is vulnerable, because it uses DMA that bypasses the operating system.

vexorian wrote on the 19 Mar 08 at 02:45
Physical access to the computer = root access.

A guy wanting your information (and having physical access to your computer) just needs the ubuntu live CD.

And it is equally as effective against other OSes.

Auzy wrote on the 19 Mar 08 at 05:04
Not just, because Devices can always do dodgy stuff with vulnerable drivers


But yeah, Firewire is the main one.. But as someone pointed out, you can just disable them in Bios

christopher_lees wrote on the 19 Mar 08 at 08:36
The actual problems with Firewire are due to the specifications. A Firewire device must be allowed to peek and poke - that is, look at system memory and modify it. This is ridiculously insecure. Surprise surprise, Apple co-authored the Firewire specification.

Linux, of course, implements this functionality, but in Ubuntu the device file needed to get this to work is not accessible by unprivileged users. My understanding is that this prevents the problem. Unless you do video editing, in which case you will have enabled write access on that device file.

But this is all pointless! If an attacker has physical access to your computer, it's game over anyway. Attackers who are knowledgable enough to utilise the Firewire vulnerability are few and far between in the real world, and are probably spending their time creating e-mail worms.

Rioting_Pacifist wrote on the 19 Mar 08 at 14:13
just because there are other vulnerabilities doesn't mean this one is any less important.

regarding liveCD attacks, thats what entire disk encryption/bios passwords, protects against so physical access != root access. There are also lots of situations where the requirements for other attacks, physically opening a system or rebooting, are not viable (e.g a locked PC in a public place, uni, library, etc)

"Before voting for this, consider that USB, PCMCIA and expresscard are also just as vulnerable!"
As they don't have direct memory access, that's simply not true!

@christopher, while it is true that they are insecure by design, if a system turns off the firewire port when locked, or uses the new firewire stack (which has a similar effect), the system can't be unlocked by this attack.


Post your comment