Firewire-based Physical Security Attacks on Windows 7, EFS and BitLocker
In the course of the Windows 7 RTM release, the Security Research Lab would like to share some results on firewire/DMA based hacks and Windows 7, which is susceptible to such attacks.
While the attack vector itself is already known from previous Windows versions, we also describe the impact of Firewire-based Windows authentication bypassing on Microsoft's full-disk encryption solution BitLocker, the Encrypted File System (EFS) and Windows domains
This paper discusses Firewire-based physical security attacks on Microsoft Windows 7. In the course of my research, I was successfully able to bypass the Windows 7 RTM1
While the attack vector itself is not new, I also describe the impact of Firewire-based Windows authentication bypassing on Microsoft’s full-disk encryption solution BitLocker, the Windows Encrypted File System (EFS) and Windows domains. A comprehensive section on countermeasures on different layers concludes this paper. authentication check and logon with any password.
Download PDF from http://www.securityresearch.at/publications/windows7_firewire_physical_attacks.pdf