Firewire Blocker: A Software Defense Against Firewire-Based Physical Security Attacks on Windows Systems

Date Added: Aug 2009
Format: PDF

This paper presents a software solution to Firewire-based physical security attacks on Microsoft Windows operating systems. In this first proof-of-concept, the FirewireBlocker service is running with SYSTEM privileges in order to be able to enable/disable hardware. While users can normally not interface with service, risk for privilege escalation remains. For example, if users with normal user rights have write access on the executable, they could replace it with a malign piece of software which would then be started with SYSTEM privileges. Future versions should establish the principle of least privilege. Further research is required to identify the fewest required privileges the FirewireBlocker service has to run with in order to be able to serve its purpose.