13

FireWire has security issues. But what happens if there aren't any FireWire ports on the given machine, and the operating system doesn't support FireWire, like OpenBSD?

I mean converters like:

  • usb to firewire converter
  • pcmcia to firewire converter
  • etc.

Are there any FireWire security issues when we are talking about FireWire converters?

schroeder
  • 125,553
  • 55
  • 289
  • 326
newuser999
  • 747
  • 5
  • 9
  • 2
    From what I've seen before, the same memory mapping issues apply but the device driver has to be loaded and running. – Polynomial Sep 02 '13 at 14:55

2 Answers2

9

The security issues with FireWire come from Direct Memory Access: the FireWire hardware can read RAM contents directly, and (that's the critical part), the FireWire device gets to tell what parts of the RAM should be read and when. Of course, under normal operations, a FireWire device will not read RAM unless the machine tells it to do it; but a malicious FireWire device could read all RAM contents on its own initiative, without being ordered to do so by the OS. Indeed, the OS kernel would not even be aware of this mass slurping of memory. Implementations exist with another computer as "the malicious FireWire device".

This property of FireWire is convenient for very low-level hardware debugging, but it is somewhat scary with regards to security.

This contrasts with USB, where DMA can occur, but only when initiated by the host system explicitly. The device receives an order which amounts to "yay, now you can read a lot of data, I've setup DMA just right" but has no way to trigger the DMA transfer and/or to select the relevant addresses in RAM.

Now for a FireWire-to-USB converter, things become speculative because it depends on how the converter is implemented. However, it can be envisioned that when the FireWire device asks for some DMA, the converter sends the request the the machine over USB, and the corresponding driver sets up the DMA transfer on behalf of the device. So the same security issues should be present, unless the OS (through the converter driver) enforces a security model in which such DMA transfers are first validated before being authorized. At least, things go up to the CPU level, so the OS has theoretically a chance to intervene. I doubt that most converter drivers would do that, though.

For FireWire-to-PCMCIA, the DMA might occur directly (without going through the host CPU at all) because PCMCIA is just a hotplug version of PCI, and PCI has full DMA access. The conversion may occur directly in the converter without hitting the host-side driver at all. Caution dictates that you should assume that a FireWire-to-PCMCIA converter exposes to the same vulnerabilities as raw FireWire.

The really scary part is that in some operating systems, simply plugging the converter may trigger an automatic download of the relevant driver, even if the host system is "locked" (e.g. no logged-on user at all).

Thomas Pornin
  • 322,884
  • 58
  • 787
  • 955
1

It is not possible to convert the data streams between Firewire and USB because of the way both technologies work. However, you can find a PCMCIA card that can provide you with Firewire connectivity. The PCMCIA will not change the way the protocol works and hence the same risks would still exist.

AdnanG
  • 707
  • 2
  • 8
  • 18