Security researchers have unveiled a hardware-based hacking tool which can take over a ‘locked’ Windows PC by connecting directly to the machine’s Firewire port.
The tool, called Winlockpwn, bypasses Windows’s authentication system and lets an attacker take over a “locked” Windows machine without even stealing its password.
With Winlockpwn, the attacker connects a Linux machine to the Firewire port on the target machine. He can then get full read-and-write access to memory and the tool deactivates Windows’s password protection that resides in local memory.
Thankfully, some endpoint security solutions such as Centennial DeviceWall offer protection against such attacks by blocking potentially dangerous communication devices such as Firewire ports, which have little if any legitimate business use.
