Adam 'Metlstorm' Boileau is the creator of winlockpwn , which enables a Linux-based computer to disguise itself as an iPod, connect to a Windows-based PC's FireWire port and take it over, regardless of whether it's password protected. Boileau, despite his hackerish nickname, is actually a well-known security consultant.
After demonstrating winlockpwn at a security conference back in 2006, Boileau waited 18 months to see if anyone would address the vulnerability his utility exposed. Nobody did, and with the recent coverage of the physical attack on full-disk encryption, he decided it was time to go public in a March 4 interview on the Australian-based Risky Business security podcast (it starts at 12:36 into the podcast). If you're not a big podcast fan, read about it here .
Simply put, winlockpwn works by exploiting a well-known feature (not a bug, thank you very much!) of the FireWire (aka IEEE-1394 or i.Link) interface: because FireWire is an expansion bus (not a peripheral bus like USB), it's designed to communicate directly with memory.
Boileau's program uses some "secret sauce" to make a Linux-based PC look like a harmless iPod (enabling it to bypass access control programs that block certain types of devices from connecting to a PC) but after the PC recognizes the fake "iPod," winlockpwn can launch software to bypass passwords and create other types of havoc.
Other operating systems, including Linux and MacOS, have long been known to be vulnerable to similar hacks, but winlockpwn is the first FireWire-based attack aimed at Windows PCs. Windows XP is the primary target, but Information Week reports that an Austrian-based security company has created a similar attack method targeting Vista.
So, how should you react to the news that winlockpwn is stalking the Windows PC world? It isn't necessary to sleep with your laptop under your pillow, but you should secure it when you're not using it. Keep your office door locked when you're on break or at lunch, and put those FireWire ports to sleep when you don't need them for video capture or editing jobs.
Getting ready to take Vista for a spin, now that SP1's almost here? Arm yourself (or your office mates or family) with an easy-to-read guide that gives you the inside track: Maximum PC Microsoft Windows Vista Exposed , available at Amazon.com and other fine bookstores.