[GTALUG] DMA kernel attacks
Lennart Sorensen
lsorense at csclub.uwaterloo.ca
Mon Mar 13 10:39:31 EDT 2017
On Mon, Mar 13, 2017 at 10:33:10AM -0400, Lennart Sorensen via talk wrote:
> On Mon, Mar 13, 2017 at 10:27:35AM -0400, Lennart Sorensen via talk wrote:
> > On Sat, Mar 11, 2017 at 01:02:45PM -0500, Russell Reiter via talk wrote:
> > > Another DEFCON talk. This is a hardware attack on M$, OSX & Linux, PCIleech
> > > = 150mbs over usb3.
> > >
> > > https://www.youtube.com/watch?v=fXthwl6ShOg&list=PL9fPq3eQfaaAvXV3hJc4yHuNxoviVckoE&index=15#t=2508.995164
> >
> > Well first you have to install your PCIe card in the target machine,
> > which means you would have to shut it down first, which could make
> > booting it again difficult.
> >
> > I thought initially they found a flaw in USB3, but no that is not
> > the case.
> >
> > So it doesn't do anything we didn't already have a problem with in
> > firewire years ago. So yes if you get to put your own PCIe hardware in
> > a machine, you can DMA memory. And it's a bit faster than a firewire
> > card was.
> >
> > The firewire and thunderbolt issues in the past seem much more of a
> > concern than this because they were hardware already present in the
> > target machine. This is pretty much just irrelevant.
>
> The exploit method is interesting (although nothing new), but the access
> method is not.
OK, I am wrong. The fact he has an expressscard, not just PCIe makes it
very interesting since that is hot pluggable from outside the machine.
Now I am impressed.
--
Len Sorensen
More information about the talk
mailing list