Questions tagged [dma-attack]
DMA attack is an exploitation of a Direct Memory Access feature of ports like Firewire, Thunderbolt and PCI Express
22 questions
0 votes
1 answer
105 views
"Reverse" DMA attack
Consider this: There is a DMA device in PC A (like a PCIe card) which exfiltrates data through USB to computer B. Can computer A also start hacking PC B through the same connection and e.g. exfiltrate ...
2 votes
0 answers
95 views
How to check whether a PCI device is trusted or not on Linux?
This is a follow-up question to: How to check if a PCI device is trusted or untrusted by the Linux kernel (for IOMMU)? On Linux, is there a way to determine, from the command line, as root if ...
- 21
1 vote
0 answers
295 views
How does IOMMU and/or Linux kernel handle DMA that span a page boundary?
I am looking into how DMA works at the device driver and kernel level in the Linux kernel. I observed that access control to DMA buffers from IO devices is performed by the IOMMU and IOMMU driver in ...
- 41
3 votes
1 answer
391 views
How to check if a PCI device is trusted or untrusted by the Linux kernel (for IOMMU)?
I am looking into the protection provided by IOMMU against DMA attacks. I noticed that the Linux kernel provides a feature called bounce buffers for untrusted PCI devices (https://lwn.net/Articles/...
- 41
0 votes
0 answers
334 views
Security by using USB NIC, USB to SATA adapter, etc
After reading libreboot FAQ i have some questions about USB 2.0 bus. There it is strongly recommended to use usb devices - USB network card and USB to SATA adapter (to connect HDD or SSD with it). The ...
1 vote
0 answers
252 views
Secure data transfer in the face of DMA attacks even on SD card v 7.0
I want to move data from an insecure host to a secure host, e.g. to update the software on a Ballot marking device, or move data back and forth between such hosts. But as we know, even common thumb ...
- 21k
0 votes
0 answers
161 views
Non-obvious Mitigations for This DMA-Attack Demonstrated by F-Secure
Are there any non-obvious mitigations for the big DMA-attack revealed last year and demonstrated in this video by F-Secure? We know that Microsoft has published some material pertaining to DMA-...
- 151
5 votes
1 answer
6k views
BIOS Password vs. BitLocker Pre-boot PIN
I'm attempting to ensure maximum security for my PC. I'm running Windows 10 Pro on a business-class HP notebook. Unless I'm mistaken, I understand that both a BIOS password and the BitLocker pre-boot ...
- 151
2 votes
1 answer
954 views
Does IOMMU protect against malware insertion through PCI Network card/Sound card DMA?
I've just read about this: https://www.tripwire.com/state-of-security/security-data-protection/backdoors-hardware-attacks-rakshasa-malware/ Asides from the question in the title, I'd also like to add ...
- 78
2 votes
1 answer
233 views
What are some attacks to consider in a cloud deployment? [duplicate]
I want to discuss the following scenario: I use a cloud provider like Amazon where every instance of the OS is a VM. The hypervisor launches the VMs as needed. So let's assume there are two VMs ...
- 283
4 votes
1 answer
574 views
Are IDE DMA attacks possible and is it possible to prevent them purely with software means without any IOMMU or other special hardware
I mean if it possible to safely plug a PCMCIA card into a PC without IOMMU? Such computers are very widespread, every digital TV or receiver has a CI+ slot, which is PCMCIA, and people insert there ...
- 920
1 vote
0 answers
184 views
Possible physical interface attacks of DMA on a server
Following from: here, Let's say you have a server at a data centre, but a hacker manages to find a way in and has access to your server. What are the attack possibilities regarding Direct Memory ...
- 181
30 votes
1 answer
7k views
DMA attacks despite IOMMU isolation
If you're already familiar with PCI behavior and Linux's handling of DMA buffers, skip to the third section for my actual question. Otherwise read on for a small summary of how PCI devices perform ...
- 67.8k
6 votes
1 answer
2k views
Does IOMMU prevent DMA attacks?
what does IOMMU actually do, does it manage memory access for devices like MMU does for processes or is it more simplified thing and doesn't provide virtualization/access control ? So basically my ...
- 65
1 vote
2 answers
313 views
Would using a firmware password protect a MacBook Pro from Thunderstrike?
And of course, any other possible attack that involves convincing the target to plug in a modified thunderbolt device into their MacBook I know that Thunderstrike works on MacBooks with firmware ...
- 431