Security researchers have unveiled a hardware-based hacking tool which can take over a ‘locked’ Windows PC by connecting directly to the machine’s Firewire port.
The tool, called Winlockpwn, bypasses Windows’s authentication system and lets an attacker take over a “locked” Windows machine without even stealing its password.
With Winlockpwn, the attacker connects a Linux machine to the Firewire port on the target machine. He can then get full read-and-write access to memory and the tool deactivates Windows’s password protection that resides in local memory.
Thankfully, some endpoint security solutions such as Centennial DeviceWall offer protection against such attacks by blocking potentially dangerous communication devices such as Firewire ports, which have little if any legitimate business use.
Hundreds of patient records have been put at risk following the theft of computer equipment from a medical center in Shropshire, UK. The stolen laptop has since been disconnected from the country’s National Health Service (NHS) network, and staff claim the hard disk was protected by encryption software.
However, there is no word on whether a memory stick that was also stolen was similarly protected. The USB stick contained details of 238 patients - including names, date of births, and addresses as well as the details of their speech and language therapy treatment.
The PC and memory stick were stolen while the owner was in an adjacent room in the medical center, highlighting just how easy computer theft is. And it seems that while the NHS Trust concerned has implemented security for laptops, removable media still pose a major risk to patient information.
