Where there’s smoke, there’s FireWire
- Thursday, July 28, 2011, 10:19
- Threat Research
Forensic software developer PassWare announced a new version of its eponymous software forensics kit on Tuesday. Already several news sources are writing about how the program can automatically obtain the login password from a locked or sleeping Mac simply by plugging in a USB flash drive containing their software and connecting it to another computer via the FireWire port. FireWire, (also called i.LINK by SONY and known by the name of its standard, IEEE-1394) is, for those unfamiliar with it, a peripheral connection standard similar to USB. Arguably superior, the higher cost and complexity of implementation has restricted it largely to professional use, such as digital media recording and editing, while USB has gone on to become the more popular interface for connecting peripheral devices.
First off, a little background: One of the design features of FireWire, and part of what makes it attractive for professional use, is that it allows for DMA (Direct Memory Access), a technology used in modern computers which allows peripherals to bypass the CPU and directly read from and write to memory. Because the processor does not have to manage the data transfer, higher data rates and lower CPU utilization can be ensured, while leaving the CPU available to perform other functions.
While this form of password theft sounds novel enough to have been picked up by several