Windows Passwords Cracked in Seconds

By Greg McNevin

March 6, 2008: A New Zealand security researcher has released a simple tool that can unlock Windows XP via a Firewire cable and firmware hack.

Discovered by Immunity Inc. consultant Adam Boileau and first showcased at a conference in 2006, the tool exploits a long-standing memory vulnerability, modifying log-in information in a computer’s RAM.

While it requires physical access to the target machine, the hack is as simple as connecting a linux machine up to the target PC via the Firewire port and running a command.

Despite discovering and exposing the flaw several years ago, Boileau has not released the tool until now as he did not want to cause any trouble.

“Microsoft was a little cagey about exactly whether Firewire memory access was a real security issue or not and we didn't want to cause any real trouble,” said Boileau in an interview with ITRadio's Risky Business in New Zealand.

However, as several years have passed and the issue has not been resolved Boileau decided to release the tool publicly.

While Firewire ports are less common in older computers, they are becoming far more widespread, particularly in laptops. As always, the best protection is simply to disable the port when not in use.

Comment on this story