Security News > 2020 > January > Devices Still Vulnerable to DMA Attacks Despite Protections
Many devices, including ones often found in enterprise environments, are likely still vulnerable to direct memory access attacks, despite the fact that hardware and software vendors have implemented protections that should prevent such attacks, firmware security company Eclypsium said on Thursday.
Eclypsium recently conducted tests on a couple of devices - a Dell XPS 13 7390 2-in-1 released in October 2019 and an HP ProBook 640 G4 - in an effort to show that the presence of built-in protections may not be enough to prevent DMA attacks against machines often found in enterprise environments.
In the case of the HP laptop, Eclypsium conducted a successful open-chassis pre-boot DMA attack using PCILeech, despite the presence of protections such as HP Sure Start, which should protect the BIOS, and Intel's Vt-d implementation of IOMMU. This computer was not vulnerable to closed-chassis attacks.
The tech giant has updated Sure Start to provide protection against open-chassis DMA attacks - closed-chassis attacks were covered by a previous Sure Start update - and the researchers have confirmed that their attack does not work on devices running the latest Sure Start and BIOS versions.
"There are different types of DMA attacks and some are more close to being solved than others as more and more vendors have been adding protections for DMA attacks," explained Mickey Shkatov, principal researcher at Eclypsium.