44

This question notes that a person briefly connected an Android device to an Apple computer via USB, and one comment indicates that it would "quite possibly" be a risk:

In theory, yes, in practice, probably not. If it had been a Firewire device, quite possibly. – Matthew

Why is Firewire a bigger threat than USB? How can connecting a Firewire device to a machine be a security risk?

I am a PC user and don't know anything about Firewire.

Anders
  • 64,406
  • 24
  • 178
  • 215
Torben Gundtofte-Bruun
  • 622
  • 6
  • 11
  • This question is rather silly. In what case of a person having direct physical access to a machine would you expect security? Give me physical access to a server and there are a 100 ways to break in, most of them not taking much tech knowledge. – blankip Jun 10 '16 at 19:48
  • 30
    It's not a silly question -- why would I think that plugging my laptop into someone else's thunderbolt display could give them any privileged access to my computer? It's not like I handed it over to them and they took it into a back room to open it up and gain access, and I'm not running any software they gave me -- the laptop never left my hands, I'm just using a monitor. – Johnny Jun 10 '16 at 20:07
  • I agree with @blankip , its a silly question. As the old saying goes, once you get physical access to equipment, it's game over. – Little Code Jun 11 '16 at 07:49
  • 2
    @LittleCode so, you should buy all your equipment (including keyboards, screens, printers...), unpack it from the sealed boxes, transport it wherever you go, and keep it under biometric padlocks when you aren't there? Unless you are holding military grade secret information in a room full of enemy spies, most physical actions are still safe, and it is good to know which ones may not be. – Davidmh Jun 11 '16 at 13:45
  • @Davidmh, you exaggerate. Let me put it in alternative terms. In the specific context of this question, USB, Firewire, SATA, or whatever ... nobody plugs anything into my computer and I don't plug anything unknown into it either. – Little Code Jun 11 '16 at 19:05
  • 1
    @LittleCode but it's such an inconspicuous situation: _hey Little, my phone's nearly empty, mind if I recharge it from your computer?_ Joe Average wouldn't let a stranger do this, but he would not suspect a security risk from a person he knows. – Torben Gundtofte-Bruun Jun 11 '16 at 19:13
  • @TorbenGundtofte-Bruun whenever people ask me that question (and it happens a lot because I attend quite a few conferences every year) , my response is simple, "here's my cable" (most times I have a USB power adapter to hand and I give that too). The potential loss of cable if they don't give it back is low compared to the risk of malware on my computer and the time it would take for me to reformat and restore my computer. I don't care if I know that person or not (even direct family, wherever possible, I will give them the cable and power adapter). – Little Code Jun 11 '16 at 19:33
  • 2
    @LittleCode: While your personal and private security measures seem to be formidable, that does not render moot the question the OP brought up. There are plenty of people out there who have no clue whatsoever about USB or Firewire vulnerabilities. Asking a question on how/why these are dangerous is exactly what this Stack is for, and it seems this is also a topic which many people here are interested in. – fgysin Jun 28 '16 at 15:10

1 Answers1

60

Firewire and also Thunderbolt provide direct access to the OS memory, thus bypassing the operating system. See Wikipedia: DMA attack for more details on the possible attacks.

USB does not provide this kind of direct access. But it has other problems like the ability to unexpectedly emulate devices like a keyboard, see BadUSB.

Matthew
  • 27,233
  • 7
  • 87
  • 101
Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • 5
    Craziness. Who thought that was a good idea ;) – Desthro Jun 10 '16 at 15:26
  • 1
    @Desthro The firewire thing and the USB thing? Firewire I'm guessing just predates the era where security was much of a concern. The USB thing is just a natural consequence of how USB works; It's the same interface for all hardware so obviously any piece of hardware can claim to be whatever it wants. – Cubic Jun 10 '16 at 16:23
  • @Cubic: nice theory but it does not explain why do they do the same design (direct memory access) with the much newer Thunderbold again. I think DMA is simply chosen because it is faster and has less overhead. – Steffen Ullrich Jun 10 '16 at 16:37
  • 17
    @Cubic: The FireWire thing is also a natural consequence of how FireWire works: It's built to be _fast_. Capital _F_ _Fast_. Which it is. The same with Thunderbolt. And at the point where someone can connect a compromised device to your computer, you've already lost; because they have physical access either to your computer or your device, which is a total loss. – Williham Totland Jun 10 '16 at 16:38
  • 3
    The direct memory access is all the more frightening when you consider that Firewire has a peer-to-peer architecture, in contrast to USB, in which a host controls the devices. – 200_success Jun 10 '16 at 17:16
  • It's also disconcerting that Thunderbolt, which offers DMA, uses the USB-C connector. – 200_success Jun 10 '16 at 17:22
  • 1
    Neither USB nor Firewire really have a security model. – David Schwartz Jun 10 '16 at 17:47
  • 6
    @WillihamTotland - unfortunately, Joe Average user may have an infected/corrupted device, not know it, and plug it into his personal machine, thus infecting his own machine. It's not necessarily that a bad guy has gotten access to the machine and is plugging in his bad guy device. – FreeMan Jun 10 '16 at 17:51
  • @FreeMan: The bad guy has gotten a bad device and the belief that it isn't a bad device to someone. It doesn't matter what that device is at this point; USB, FireWire, Thunderbolt, whatever: Joe Average is screwed. Any compromised device up to and including a PS/2 keyboard can hijack a computer. – Williham Totland Jun 10 '16 at 17:54
  • 1
    @WillihamTotland: If one wants to maximize speed, I would think what would make the most sense for an information-streaming protocol would be to have two or more memory banks each of whose address and data buses could be connected to either of two external memory buses (one controlled by the main CPU, one controlled by the stream-port controller). The stream-port could have ability to directly control anything within the region of memory attached to it (and unlike with DMA, there would be no contention on the main bus during such access). If there were two or more such memories... – supercat Jun 10 '16 at 17:57
  • ...the main CPU could fetch data from one while the stream-port was filling the other, or vice versa. – supercat Jun 10 '16 at 17:58
  • 2
    @WillihamTotland: Interestingly, the original PC with its original keyboard connector could be taken over by a device plugged into the keyboard connector *even before it performed its horribly slow RAM test*. – supercat Jun 10 '16 at 17:59
  • 1
    Keep in mind: USB is just a connection type. The USB connector isn't inherently a security risk. What is a security risk, is the operating system's decision to try to automatically install drivers to support common USB devices, and to interact with the USB devices. If your operating system doesn't do that (e.g., MS-DOS, or a newer operating system that doesn't have drivers for your particular device), you get a lot less risk. USB is just particularly risky because many operating systems try to support any detected USB device, including keyboards/mice/combinations/hubs/network-connections. – TOOGAM Jun 11 '16 at 05:58
  • 1
    @supercat Without further evidence I am not willing to believe the PC could be taken over through the keyboard interface in any other way than by simulating a sequence of keypresses which a user could have typed on a legitimate keyboard. – kasperd Jun 11 '16 at 19:34
  • @kasperd: I'm willing to believe it. The reason early PCs didn't boot w/o a keyboard is the keyboard controller was involved in setting up the system bus. – Joshua Jun 11 '16 at 20:03
  • 1
    @Joshua That hack was introduced later when the 286 CPU was introduced. Besides that was the keyboard controller on the motherboard, which would be functional regardless of whether a keyboard was present or not. The only reason I know of for the machine to refuse to boot without a keyboard was such that you could safely power off the machine and attach a keyboard. – kasperd Jun 11 '16 at 21:45
  • 1
    @kasperd: I don't have the link handy, but there's a web site on the net for testing raw machine code for display/audio hacks on an IBM Portable PC (basically a PC motherboard, floppies, and amber monitor) which is hooked up to an audio/video capture card. The machine is cold-booted each time software is submitted to run on it, but uses a gizmo plugged into the keyboard port to enter a diagnostic mode (thus avoiding the main power-on self test). – supercat Jun 11 '16 at 22:37
  • @TOOGAM "_What is a security risk, is the operating system's decision to try to automatically install drivers to support common USB devices_" Installing driver is only a security risk if the drivers are not hardened. "_and to interact with the USB devices_" Interacting with devices (at a low level) is one thing, accepting input as if it was user input is another. "_The USB connector isn't inherently a security risk_" A universal connector is inherently ambiguous about user intent thus a potential security issue. You couldn't plug a keyword on a old style HD connector (ATA or SCSI). – curiousguy Jun 04 '17 at 14:23
  • @curiousguy "A universal connector is inherently ambiguous about user intent thus a potential security issue." What kind of security do you expect the connector type to give? In pre-USB days, we had more port types were typically thought of as less universal (than USB). Mice used generic serial ports. Parallel ports, often called "printer ports", were used for IOMega Zip drives, competitor SyQuest EZDrives, & I think some CD-ROM drives. Keyboard ports (PS/2, and AT) have been used for various obscure connectors. Plus there were many available adapters to convert between port types. – TOOGAM Jun 04 '17 at 14:53
  • @TOOGAM "_Mice used generic serial ports._" A mouse on a generic serial port (not the dedicated mouse port) was usually not plug and play, some configuration was needed. – curiousguy Jun 05 '17 at 11:19