0

Are there any non-obvious mitigations for the big DMA-attack revealed last year and demonstrated in this video by F-Secure?

We know that Microsoft has published some material pertaining to DMA-attacks, but, from my reading of Microsoft's article, it seems that there is no real, acceptable solution or mitigation for the specific method demonstrated in the video.

I'm looking for "non-obvious mitigations" because I do not consider powering-down a machine every time one has to leave it unattended an acceptable solution.

Please correct me if I'm mistaken. The new GP setting to disallow new DMA devices upon locking Windows would not have prevented the attack in the video, as the attack (1) utilized USB and not Thunderbolt and (2), more importantly, relied on dumping the BitLocker key from the RAM through booting to the USB drive. Am I missing something?

Are there any realistic mitigations for this attack yet--including from the OS side and the firmware side (I'm running an HP business-class notebook.)?

Thanks very much.

Daniel
  • 151
  • 1
  • 6
  • This is a classic case of commodity vs security. Mitigation is training users in what not do do and forcing security policy compliance on everyone. – Overmind Jul 18 '19 at 09:16
  • @Overmind thank you for your reply. Are you saying that you are not aware of a mitigation for this particular attack besides obstructing physical access and forcing shutdown/hibernation when a machine is unattended? – Daniel Jul 18 '19 at 12:53

0 Answers0