[GTALUG] DMA kernel attacks

Lennart Sorensen lsorense at csclub.uwaterloo.ca
Fri Mar 17 14:22:17 EDT 2017 

On Thu, Mar 16, 2017 at 04:41:36PM -0400, Russell Reiter via talk wrote:
> <rreiter91 at gmail.com>
> Date: Mar 16, 2017 12:49 PM
> Subject: Re: [GTALUG] DMA kernel attacks
> To: "Lennart Sorensen" <lsorense at csclub.uwaterloo.ca
> 
> On Mar 13, 2017 10:50 AM, "Russell Reiter" <rreiter91 at gmail.com> wrote:
> 
> 
> 
> On Mar 13, 2017 10:27 AM, "Lennart Sorensen" <lsorense at csclub.uwaterloo.ca>
> wrote:
> 
> On Sat, Mar 11, 2017 at 01:02:45PM -0500, Russell Reiter via talk wrote:
> > Another DEFCON talk. This is a hardware attack on M$, OSX & Linux,
> PCIleech
> > = 150mbs over usb3.
> 
> 
> Sorry, I wasn't clear here. The PCI card goes in the attacking machine. The
> steal is over USB. Two tries for the linux box.
> 
> >
> > https://www.youtube.com/watch?v=fXthwl6ShOg&list=PL9fPq3eQfa
> aAvXV3hJc4yHuNxoviVckoE&index=15#t=2508.995164
> 
> Well first you have to install your PCIe card in the target machine,
> which means you would have to shut it down first, which could make
> booting it again difficult.
> 
> 
> Ummm ... PCIe is hot plugable with the right software.
> 
> 
> I thought initially they found a flaw in USB3, but no that is not
> the case.
> 
> So it doesn't do anything we didn't already have a problem with in
> firewire years ago.  So yes if you get to put your own PCIe hardware in
> a machine, you can DMA memory.  And it's a bit faster than a firewire
> card was.
> 
> The firewire and thunderbolt issues in the past seem much more of a
> concern than this because they were hardware already present in the
> target machine.  This is pretty much just irrelevant.
> 
> 
> Maybe to you. I dont consider increase of transfer rate from 3mbs to 150mbs
> irrelevant by any means.
> 
> Just because I highlight one bit of information which I gleaned from a
> source and wanted to share, as a matter of general interest; this doesent
> mean I didn't want you to learn from the post.
> 
> I did it because I do want you to learn from it. Like you just now learned
> PCIe can be accessed without rebooting.
> 
> 
> Among other things.
> 
> 
> 
> 
> --
> Len Sorensen

I am afraid I can't figure out what the reply was or to what.

Even going through the hassle of trying to view the html version didn't
help much.

-- 
Len Sorensen

More information about the talk mailing list