Internet privacy and security course
About translation
Previous Next

Chapter 123

Firewire attack

There are some problems in IT, the absence of which is enough to check once, calm down and forget. However, if this is not done, it is possible at some point to regret about it very much. The FireWire port is just the case.

I hope you have enabled encryption at system level; I told about the consequences of the lack of such encryption here. Let's take a very simple look how full disk encryption works on your device.

You have an encryption key that encrypts and decrypts all information. When the computer is running, even if the system is locked or in hybrid sleep mode, this key is in the RAM of the device.

Having connected to the FireWire port, this key can be obtained directly from the RAM. Your interlocutor can do this when you are temporarily out to a WC in the cafe, or a forensic expert at the visit of uninvited guests can do that as well. Whoever it is, they will receive information from your RAM, which is extremely bad.The attack will not take much time, and the consequences will be really sad.

In addition, the connection via the FireWire port allows you to bypass the password to the system. This is possible due to the rewriting of the memory area containing the access control data.

This attack has a number of details, for example, antivirus can protect against direct access to RAM and the protocol itself allows access to only the first 4 GB of memory. But even despite this the FireWire port is the ability to access valuable data directly. Some time ago the presence of such a port was considered a real gift to an expert in the field of forensics.

DMA attacks (getting direct memory access) are a very dangerous class of physical attacks. We will talk a lot about them, check for vulnerabilities, configure protection. In this chapter our task is to check whether your computer has a FireWire port, and if there is one, you should work with a nipper or change the device.

What is a FireWire port

The correct name is IEEE 1394 (FireWire, i.LINK, mLAN are commercial names), this is a technology of digital information exchange. FireWire technology was developed by Apple in 1992-1995, in 1998 the popularization of FireWire began. Since 2010 its popularity has sharply declined and today FireWire is installed extremely rarely in new computers. According to Wikipedia, the main reason for the recession is Apple’s desire to receive rewards for every installedtire.

FireWire allowed to share information with impressive speed and was mainly used to transfer big data, such as video from video cameras. Today you will not find FireWire even in Mac Pro, however, you can occasionally discover a FireWire port in your home computers and this creates the threat of unauthorized access to valuable data.

Appearance and denomination of the port FireWire

порт FireWire

How to check whether one has FireWire port

You can just have a look, the picture and denomination of the FireWire port are given above. If in doubt I offer you a programmatic way of checking, Panic Button will help you in this situation, I think you are already familiar with it. In the free part of the program I added a system security scanner that checks some important points, including the presence of a FireWire port.

Install Panic Button, at the activation stage select a trial license. During the initial setup the program will offer you a security checker, which will check some points including the presence of the FireWire port. 

If you already have Panic Button installed, select the item “System Security Scanner” in the menu.

How to disable the FireWire port

If you are not very familiar with technique in general, you may contact any master for the physical deactivation of the port, it will take a little time and will be an effective solution to the problem. The only thing is to let them do it with you. Why it should be done only with you, I have described in this material.

The second option is to change the device to a more modern one without FireWire port. Fortunately, today finding a device without this port is incomparably easier than finding a device with it.