Tuesday, January 21, 2014

Inception FireWire/Thunderbolt Hack

Inception:

Inception is a FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP-2 DMA. The tool can unlock (any password accepted) and escalate privileges to Administrator/root on almost any powered on machine you have physical access to. The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe interfaces.

Via Jen Savage, who writes:

I knew these Thunderbolt/FireWire attacks were possible, but I wasn’t aware there was a tool that makes them easy.

Crucially:

If FileVault 2 is enabled, the tool will only work when the operating system is unlocked.

2 Comments RSS · Twitter

Bruce G
January 21, 2014 2:52 PM

"operating system is unlocked"

What does that mean? If I'm logged in?

Michael Tsai
January 21, 2014 3:05 PM

@Bruce Yes, it sounds like they mean logged in (and screen not locked by screensaver). In other words, it’s OK to unlock FileVault and leave it booted to the login screen.

Leave a Comment

Copyright © 2000–2024 Michael Tsai.