[GTALUG] DMA kernel attacks
Lennart Sorensen
lsorense at csclub.uwaterloo.ca
Mon Mar 13 10:33:10 EDT 2017
On Mon, Mar 13, 2017 at 10:27:35AM -0400, Lennart Sorensen via talk wrote:
> On Sat, Mar 11, 2017 at 01:02:45PM -0500, Russell Reiter via talk wrote:
> > Another DEFCON talk. This is a hardware attack on M$, OSX & Linux, PCIleech
> > = 150mbs over usb3.
> >
> > https://www.youtube.com/watch?v=fXthwl6ShOg&list=PL9fPq3eQfaaAvXV3hJc4yHuNxoviVckoE&index=15#t=2508.995164
>
> Well first you have to install your PCIe card in the target machine,
> which means you would have to shut it down first, which could make
> booting it again difficult.
>
> I thought initially they found a flaw in USB3, but no that is not
> the case.
>
> So it doesn't do anything we didn't already have a problem with in
> firewire years ago. So yes if you get to put your own PCIe hardware in
> a machine, you can DMA memory. And it's a bit faster than a firewire
> card was.
>
> The firewire and thunderbolt issues in the past seem much more of a
> concern than this because they were hardware already present in the
> target machine. This is pretty much just irrelevant.
The exploit method is interesting (although nothing new), but the access
method is not.
--
Len Sorensen
More information about the talk
mailing list