IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [dma-attack]

DMA attack is an exploitation of a Direct Memory Access feature of ports like Firewire, Thunderbolt and PCI Express

DMA attack is an exploitation of a Direct Memory Access (DMA) feature of certain ports like PCI, Firewire, PCI Express and Thunderbolt.

18 questions
28
votes
1 answer

DMA attacks despite IOMMU isolation

If you're already familiar with PCI behavior and Linux's handling of DMA buffers, skip to the third section for my actual question. Otherwise read on for a small summary of how PCI devices perform memory accesses, and how the kernel handles…
forest
  • 64,616
  • 20
  • 206
  • 257
8
votes
1 answer

Is Thunderbolt still insecure?

Has Apple fixed the Thunderbolt DMA attack when the computer is unlocked or is it unfixable since DMA is built into Thunderbolt? I don't want to get hacked simply by plugging my Mac into a modified projector in a hotel or something. Btw, what is the…
genealogyxie
  • 431
  • 3
  • 13
7
votes
1 answer

How long does the system encryption key stay in RAM

The thread title says it, i would like to know how long a system encryption key will stay in RAM or CPU and will be therefore be extractable using boot attacks. I read somewhere that encryption in case of Linux and LUKS is handled by virtual memory…
Junior J. Garland
  • 677
  • 5
  • 15
6
votes
1 answer

Does IOMMU prevent DMA attacks?

what does IOMMU actually do, does it manage memory access for devices like MMU does for processes or is it more simplified thing and doesn't provide virtualization/access control ? So basically my question is: does IOMMU mitigate DMA attacks ?
sec
  • 65
  • 4
5
votes
1 answer

Is malware or screen capture possible with iMac as external display?

If using a foreign iMac as an external display (through the Thunderbolt to Thunderbolt, or Mini DisplayPort to Mini DisplayPort cable, and Command+F2 on the iMac, as per iMac Target Display Mode FAQ), is there a chance that my MacBook or ThinkPad…
cnst
  • 1,884
  • 2
  • 19
  • 30
5
votes
1 answer

BIOS Password vs. BitLocker Pre-boot PIN

I'm attempting to ensure maximum security for my PC. I'm running Windows 10 Pro on a business-class HP notebook. Unless I'm mistaken, I understand that both a BIOS password and the BitLocker pre-boot PIN can help to prevent DMA attacks. I'm also…
Daniel
  • 151
  • 1
  • 6
4
votes
2 answers

Preventing DMA Attacks

I read on the Wikipedia article on DMA attacks that a misconfigured BIOS allowed for this type of attacks. I am asking whether, given the hardware I am using, DMA attacks are possible and whether I can mitigate them by changing options in my…
Junior J. Garland
  • 677
  • 5
  • 15
4
votes
3 answers

How can the secret and keys be read out from the bus?

I heard that the attacks that focus on the bus between chip's blocks (e.g. between CPU and functional blocks / memory blocks) are possible. ​ The buses become the weak parts of hardware security.​ Then the secret such as secondary keys can be read…
TJCLK
  • 818
  • 8
  • 23
3
votes
1 answer

Are IDE DMA attacks possible and is it possible to prevent them purely with software means without any IOMMU or other special hardware

I mean if it possible to safely plug a PCMCIA card into a PC without IOMMU? Such computers are very widespread, every digital TV or receiver has a CI+ slot, which is PCMCIA, and people insert there cards they don't control and which they haven't…
KOLANICH
  • 892
  • 6
  • 14
2
votes
1 answer

Rasberry Pi with TRESOR immune to cold boot and DMA attacks?

I would like to set up a Rasberry Pi and connect a large USB Harddrive and some webcams to run motion for homesurveillance. If I am understanding everything correctly if I get Ubuntu mate to run with the TRESOR kernel patch the system would be…
Junior J. Garland
  • 677
  • 5
  • 15
2
votes
1 answer

Does IOMMU protect against malware insertion through PCI Network card/Sound card DMA?

I've just read about this: https://www.tripwire.com/state-of-security/security-data-protection/backdoors-hardware-attacks-rakshasa-malware/ Asides from the question in the title, I'd also like to add the following question: Is it possible to flash…
Resonce
  • 78
  • 8
2
votes
1 answer

What are some attacks to consider in a cloud deployment?

I want to discuss the following scenario: I use a cloud provider like Amazon where every instance of the OS is a VM. The hypervisor launches the VMs as needed. So let's assume there are two VMs running, mine and attacker's on the same box at the…
SFlow
  • 263
  • 1
  • 2
  • 7
1
vote
0 answers

Secure data transfer in the face of DMA attacks even on SD card v 7.0

I want to move data from an insecure host to a secure host, e.g. to update the software on a Ballot marking device, or move data back and forth between such hosts. But as we know, even common thumb drives can stage BadUSB attacks. Until 2019, I was…
nealmcb
  • 20,544
  • 6
  • 69
  • 116
1
vote
0 answers

Possible physical interface attacks of DMA on a server

Following from: here, Let's say you have a server at a data centre, but a hacker manages to find a way in and has access to your server. What are the attack possibilities regarding Direct Memory Attacks (DMA) attacks? Are there any known attack and…
Kevin C
  • 151
  • 6
1
vote
2 answers

Would using a firmware password protect a MacBook Pro from Thunderstrike?

And of course, any other possible attack that involves convincing the target to plug in a modified thunderbolt device into their MacBook I know that Thunderstrike works on MacBooks with firmware passwords as of early 2015, but I'm not sure if Apple…
genealogyxie
  • 431
  • 3
  • 13
1
2