In association with heise online

06 March 2008, 11:39

Windows login bypass tool released

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security expert Adam Boileau has released the winlockpwn tool, which makes it possible to bypass the Windows login via a FireWire port without knowing a Windows password. The program manipulates the login routines in the memory of a running system using direct memory access (DMA), making a FireWire connection possible. So far, the tool supports Windows XP with SP2 as the target system. Neither the tool nor the attack are new: Boileau demonstrated both two years ago.

"People with physical access to a system can win in a number of ways," Boileau writes on his website, but with winlockpwn it is "quick and easy". The New Zealander gave a presentation about the FireWire vulnerability at the Ruxcon security conference in 2006. In the presentation he also explained the trick necessary to gain access: Using a copied FireWire ID, the software tricks the targeted OS into thinking it is a device like an iPod that needs DMA.

Microsoft does not view FireWire DMA as a security problem, since it is part of the IEEE-1394 specification. According to Boileau, this is the reason why Redmond is not considering a fix. Direct memory access is essentially independent of the operating system used, so Linux and Mac OS X are susceptible. To protect systems where security is critical, unused FireWire ports should be deactivated as a rule.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit