Who's Afraid of the FireWire Port? Maybe - You!

15

Comments

+ Add a Comment
avatar

1234


Firewire is useless. It will allow someone to compromise my system but I am unable to Connect my PC to my cable DVR with a Firewire Cable. I am paying to record the tv shows to a hard drive, but I get nothing when I try to find a Vista x64 driver for the devices that show up. Can someone tell me why I shouldn't be able to copy a show from one drive to another when that is when I pay for the chance to record it to a hard drive in the first place, and the cable company doesnt want to let you swap out the drives either.

avatar

Marcus_Soperus

Thanks to everyone who's commented on this story. You've all made excellent contributions to the general knowledge level on threats and exploits. Keep 'em coming!
-----------------------------------------------
It's amazing how illogical a business built on binary logic can be.

avatar

Oh Yeah Sure

i would like to see my pc let me use my mac hd at fw800 speeds. microsoft vista sp1 would but i hear it does not

usb 3 will be cool someday - fw800 is here now

avatar

mikeart03a

Heh, why does this not surprise me one bit? While XP does support networking via. FireWire, it's been a bit of a pain to get it working right. While you can daisy chain FireWire devices in general, you can't string a few PCs together using Windows.

Anyway, back on topic. For the most part, people don't use their FireWire ports on average and it would be a good idea to disable them. I've disabled all of mine on both my PC and Laptop via. the BIOS as well as in Windows. I also employ a firewall that monitors all processes at the kernel level and before anything can execute, it has to obtain my approval. A good firewall that does a similar job is COMODO firewall, we are currently employing it on our newer remote VPN clients.

- mike_art03a
IT Technician
Gov't of Canada

avatar

Marcus_Soperus

Good points, mike from Canada. The FireWire networking support in XP was mainly for a quick-and-dirty two-station network (a sort of supercharged version of the old parallel-port Direct Cable Connection).

Here's the URL for COMODO: http://www.personalfirewall.comodo.com/

It looks like a useful alternative to ZoneAlarm and bundled firewalls - and it's free!
----------------------------------------
It's amazing how illogical a business built on binary logic can be.

avatar

mikeart03a

Hell, you can use COMODO for business use as well! Tell me how many other free firewalls allow you to do that?

- mike_art03a
IT Technician
Gov't of Canada

avatar

Kay Jay

Well, good thing I disable the FireWire port on every one of my new builds - until and only during the time I'm actually going to use it for something - which is rarely.

avatar

Marcus_Soperus

Most PC users in a home or office situation are going to be concerned if a tech called in on a software-related task whips out a screwdriver to open the system. However, most of these users probably wouldn't blink if the tech connects a cable between the "diagnostic" system and the system with an alleged problem ("I just need to run some diagnostics, sir" or "These tests will just take a few moments, ma'am").

This type of exploit has "social engineering" written all over it, and that (along with the technical nature of the threat) is why it's dangerous. It doesn't "look" threatening - but it is.

It's amazing how illogical a business built on binary logic can be.

avatar

damicatz

This is silly.

I can reset the passwords of any Windows computer simply by booting off a CD.

I can reset the password of a Mac OS X computer simply by holding Command + S while the computer is starting up which boots the computer in single user mode and allows anyone to change the root password without knowing the existing one.

I can reset the password of a Linux computer by appending single to the boot string (unless the person uses Grub and put a password on it, which is a whole different story).

There are many simpler and much faster ways to gain access to a computer that you have physical access to other than using firewire. So this exploit isn't really that big of a deal because if the attacker already has physical access to your computer, you've lost.

avatar

Marcus_Soperus

I often keep a spare FireWire or USB cable dangling for a quick ad hoc connection to a peripheral. Now, my office is a private office and I keep it locked, but in a cubicle environment, leaving a FireWire cable available for a peripheral could make it very, very easy for the data thief next door to pull an unused cable, add an extension, plug in their Linux+winlockpwn PC, and presto! A system compromised by a user who never needed to touch the system itself, the keyboard, the CD/DVD drive, etc.

When you consider that Windows XP (but not Vista) supports networking over FireWire, there may be more unattended FireWire cables that nobody's keeping a close watch on than you might suspect.

Anyway, if nothing else, this exploit reminds everyone of why FireWire and USB are fundamentally different technologies and how the difference can be exploited.

I've disabled my FireWire ports until they're needed - and I recommend everyone do the same.
-----------------------------------------
It's amazing how illogical a business built on binary logic can be.

avatar

b00tpwnz4ll

Yeah... You'd be astounded at how many peoplpe don't even know what firewire is, or maybe not, lol. Whenever people call me for internet tech support (work at an isp) they always like to tell me that they have a 1394 connection in the listed network connections, that it has a 169 ip, and that is why they can't access the internet. So this kind of exploit would be super easy to accomplish, as a previous poster mentioned (social engineering, etc) .... Pretty amusing stuff. Could possibly educate the masses on yet another part of thier computer by scaring them into getting the correct knowledge. There is no patch for human stupidity as someone was quoted as saying.

avatar

pcfxer

FreeBSD not affected. Why? Because, by default users with access to su/root are the only users allowed to mount "extra" devices.

avatar

horzo

There is no security without physical security. This is well known. "Exploits" that require physical access to the PC don't worry me all that much.

Hell, all someone who can touch your PC has to do to get access to your data is take it apart and walk off with your hard drive(s).

avatar

sdcat

horzo,
"There is no security without physical security. This is well known. "Exploits" that require physical access to the PC don't worry me all that much.

Hell, all someone who can touch your PC has to do to get access to your data is take it apart and walk off with your hard drive(s)."

Why not just take(steal) the whole system case aways instead, if someone could open up a case without knowing?:p

avatar

Caboose

It's harder to get away with an entire system (think trying to steal a hotel TV by slipping it under your shirt)than with a single drive tucked into your pocket.

-= I don't want to be dead, I want to be alive! Or... a cowboy! =-

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.