PDA

View Full Version : Hack into a Windows PC - no password needed


nekrosoft13
03-06-08, 04:37 PM
A security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password.

Adam Boileau first demonstrated the hack, which affects Windows XP computers but has not yet been tested with Windows Vista, at a security conference in Sydney in 2006, but Microsoft has yet to develop a fix.

Interviewed in ITRadio's Risky Business podcast, Boileau said the tool, released to the public today, could "unlock locked Windows machines or login without a password ... merely by plugging in your Firewire cable and running a command".

Boileau, a consultant with Immunity Inc., said he did not release the tool publicly in 2006 because "Microsoft was a little cagey about exactly whether Firewire memory access was a real security issue or not and we didn't want to cause any real trouble".

But now that a couple of years have passed and the issue has not resolved, Boileau decided to release the tool on his website.

To use the tool, hackers must connect a Linux-based computer to a Firewire port on the target machine. The machine is then tricked into allowing the attacking computer to have read and write access to its memory.

With full access to the memory, the tool can then modify Windows' password protection code, which is stored there, and render it ineffective.

Older desktop computers do not come equipped with Firewire ports, which are needed for the hack to work, but many recent models do. Most laptops made in the last few years include Firewire ports.

Paul Ducklin, head of technology for security firm Sophos, said the security hole found by Boileau was not a vulnerability or bug in the traditional sense, because the ability to use the Firewire port to access a computer's memory was actually a feature of Firewire.

"If you have a Firewire port, disable it when you aren't using it," Ducklin said.

"That way, if someone does plug into your port unexpectedly, your side of the Firewire link is dead, so they can't interact with your PC, legitimately or otherwise."

Ducklin also advised people to be careful when giving others physical access to their computer.

"I know people who'd think three times about asking passing strangers to take their photo in front of the Opera House in case they did a runner with the camera, yet who are much more casual with their laptop PC, as long as it's software-locked, even though the hardware alone is worth five times as much as the camera," he said.

Microsoft was unavailable for comment at the time of publication.


http://www.theage.com.au/news/security/hack-into-a-windows-pc-no-password-needed/2008/03/04/1204402423638.html

bacon12
03-06-08, 04:42 PM
I saw this a day or so ago. He gave MS a chance to fix it too, and of course they didn't. Of course there are other ways to hack passwords when you have physical access.

XDanger
03-06-08, 04:54 PM
In what kind of real world situation would this "hack" be useful?

I guess you would have to break in to somewhere first to get to the goodies.


Sound more like a useful feature to me. How much can I charge to "unlock" peoples pc's now?

ViN86
03-06-08, 05:01 PM
i wonder if this works on Vista. bet it does :(

bacon12
03-06-08, 05:12 PM
In what kind of real world situation would this "hack" be useful?

I guess you would have to break in to somewhere first to get to the goodies.


Sound more like a useful feature to me. How much can I charge to "unlock" peoples pc's now?

If they had access to the computer and were a thief they would just steal the HD? (nana2)

XDanger
03-06-08, 07:59 PM
I imagine the target machine would be locked down in some way but still with access to the port or pin header

or maybe the contents of the hd isn't the prize but access to whatever the pc controls.

RaidenWoW
03-06-08, 08:05 PM
Which is kinda funny: http://digg.com/microsoft/Wanna_protect_Windows_from_Hackers_Set_NO_Password

I guess that's their answer to the problem (for windows XP)

Slammin
03-06-08, 11:35 PM
Some Govt operations have been clogging USB ports with Superglue for years, and I'm sure they did the same with Firewire ports.

As was mentioned, an exploit that relies on physical access really shouldn't be Headline News.

SLippe
03-07-08, 02:21 AM
No password = more secure.

What? :wtf:

Who divided by 0?

LycosV
03-07-08, 03:07 AM
I had a boot CD that would reset a XP or 2000 server password to 1234 a couple of years back.

With physical access to a machine it's REALLY hard to secure data. Just recently there was a group who froze the RAM so they could pull it, swap it to a new machine, and retrieve the drive encryption codes from the RAM before it faded away.

Moral of the story: If you're trying to protect data make sure noone has physical access to the machine.

Absolution
03-07-08, 03:46 AM
No password = more secure.

What? :wtf:

Who divided by 0?
Remote desktop doesn't allow users to login no matter what if there is a blank password, hence, it is more secure than a weak password. To be honest, this is actually smart. . .

So, no password and leave remote desktop enabled (most people probably don't know how to turn it off)
Or, put a weak password and disable the service
Or a strong password and leave the service running

Revs
03-07-08, 04:15 AM
Would this still work if you've changed your administrator name?

Runningman
03-07-08, 05:14 AM
Would this still work if you've changed your administrator name?
no, but if you used EFS, that should stop it becuase even in memory access is stull encyripted.