[carmaa]

It should not be that way, though. Physical access should not equal compromise.

There's no good reason why this vulnerability still exists after 10 years except a failed design, laziness on the part of OS developers and that security professionals in general meet the problem with the above statement that "physical access equals compromise".

I think end users deserve (and expect) secure devices, even when physical access is lost. I realize that it's harder to protect a physical device, but it's not impossible.

[stcredzero]

> Physical access should not equal compromise.

Physical access == compromise even for devices that are as simple as a hollow metal box.

http://en.wikipedia.org/wiki/Safe

Security ratings for those devices are measured in time. Basically, if you lose possession, it's just a matter of time. Digital security is both easier and harder, because all you're protecting there is information. If you wish for the information to be destroyed on tampering, then your job may be easier.

The only way for there to be hardening when physical access is lost is to have some form of layered defense in depth, the aim being giving the user enough time to send a command to wipe the device.

[carmaa]

Over time, yes. Your statement about physical access == compromise is missing that crucial detail. There's no reason why someone should be able to access all your data just because they have physical access to your device for a short period.

If you really want to do the analogy thing, the DMA vulnerability would be the equivalent of a safe with a door where no key is needed in the back. It would not be a very good safe.

Just sayin'.

[stcredzero]

> the DMA vulnerability would be the equivalent of a safe with a door where no key is needed in the back.

More like a safe where the "master key" was leaked and wasn't disabled in the models that were sold.

[carmaa]

I don't think the specifics of the analogy is under discussion here, but rather that it's stupid and counter-productive to dismiss an obvious vulnerability because protecting against it is hard.

Welcome to the world of security, I guess.

[wisty]

> Physical access == compromise even for devices that are as simple as a hollow metal box.

Only if it's unattended. You can't break a safe, without looking suspicious. You can't disassemble a PC, and take out its hard drive, and not attract a bit of attention.

Being able to root a system by attaching a dongle is a whole different story. It's like auto-play on USB all over again.

[stcredzero]

> Only if it's unattended. You can't break a safe, without looking suspicious. You can't disassemble a PC, and take out its hard drive, and not attract a bit of attention.

Yes, it goes both for a safe and a computer, so you're reinforcing my point about the equivalency of their security. Safes wouldn't be secure at all without the vigilance of bank employees, etc.

With a Firewire device to DMA the password, all you need is to hook up the device long enough to copy all of active memory. Certainly something that could happen at a hackerspace or at a conference. For the James Bond set, invent a device that you can set about 4 feet (1.3 meters) away on the table, and after it's done copying memory, the firewire cord unhooks itself and retracts back into the device.

[carmaa]

Hey.

Do you leave your PC or in standby when traveling? When you leave your desk at work?

More importantly, do you think that end users would expect password protection to work? Even when their PC is on?

There's plenty of scenarios where a PC may end up being in another persons control while powered on. This is a relevant threat scenario. Deal with it.

[Oflameo]

Attaching a dongle seems very suspicions to me, unless it something like a library computer. A library computer shouldn't have any critical data in the first place making the point moot.

[lotyrin]

> There's no good reason why this vulnerability still exists after 10 years except a failed design

I'll give you that, but there are too many kinds of physical access attacks to even consider aiming at solving the entire class of attacks.

> Physical access should not equal compromise.

And I want a million dollars. Guess which one's more likely.

[DanBC]

Physical access always has been much harder to protect against than anything else.

If someone is trusted to get access to the actual device then it's pretty much game over. Do you check the keyboard cables for key-capture hardware? Do you check for all the other nefarious devices? Do you check your OS has not been tampered with?