A DMA attack is a type of side channel attack in computer security, in which an attacker can penetrate a computer or other device, exploiting the presence of high-speed expansion ports that allow direct memory access. DMA is included in various connections, as it allows a connected device (such as a camcorder, network card, storage device or other useful accessory or internal PC card) to transfer data between itself and the computer at the maximum possible speed, using the use of direct hardware access to read or write directly to main memory without monitoring or interaction from the operating system.
Legitimate uses of such devices have led to wide adoption of DMA connections and accessories, but an attacker can use the same facility to create an accessory that will connect using the same port, and can then gain direct access to a part or the entire physical memory address space of the computer, bypassing all operating system security mechanisms and any lock screen, to read everything the computer is doing, steal data or cryptographic keys, install or run spyware and other exploits , or modify the system to allow backdoors or other malware.
How we can protect ourselves from the DMA attack
All DMA attacks depend on the attacker having physical access to the computer, so strictly regulating access to server hardware is the best prevention. Additionally, users need to be educated on social engineering techniques. An attacker could use “bait” to trick a user into accepting an infected Firewire hard drive as a prize in a fake contest.
All DMA attacks rely on the use of the computer’s port that allows high-speed access. Physically removing these ports from the computer will prevent external devices from being connected. Also, the drivers for these types of devices must be disabled or remove.
See also:
Cold Boot Attack – A risk to our information
Rootkit – What you should know about it?
