But are there any proven DMA attacks against wired networking, i.e. Ethernet..?
Hackers can exploit a buffer overflow on the network card's firmware, and use that to take control of the network card, and issue a DMA attack to take control of the entire host computer.
I previously posted a thread about this on qubes-users ("Question on DMA attacks")
... and Marek mentioned WiFi when speaking of DMA attacks.
Is Ethernet also vulnerable...? Or just WiFi..?
I say this because I wanted to build a Tor router that sits between Qubes and my main router... so that even if Qubes gets hacked, they can only see what I'm doing, and not WHO I am. The theory being, that there are no exploits for Tor itself, and only for the Firefox browser. Thus, the IP address is always obscured behind the Tor router.
So my router box is going to have Ethernet only, because if my Qubes is hacked, then it could just use WiFi to scan for nearby routers, including my own WiFi router, and thus identify me.
So, wired networking is a must.
And thus, I wanted to know if Ethernet is vulnerable to DMA attacks, because if it is, then I would have to use Qubes for the Tor box in the middle.. or at least, use some OS that supports VT-D, even if it's not Qubes.
Qubes has high system requirements, thus I'd prefer to have a cheap computer as the Tor router in the middle.. But if there truly are exploits against Ethernet, then I'll just have to use Qubes.
DMA is a privilege given to PCI(e) devices (DMA controllers) - eNIC's run over the PCI(e) bus - a lot of eNICs have DMA controllers. RDMA is a specification that relies solely on DMA.
But DMA is different from a DMA Attack
A DMA attack is when a hacker exploits a software error in the Ethernet firmware, and uses that to take over the device and issue malicious DMA attacks.
So I guess I'm asking whether any such software errors have been found in Ethernet firmware before.
Things like you could get with ordinary software, like buffer overflow, heap overflow etc.
When Qubes is compromised, attacker can:
* Learn something from your timezone and DST mode (which is also partially leaked by your activity over day).
* Learn potentially pretty much from what you type etc.
* Record audio (including your voice) from microphone if connected
* Abuse any wireless capabilities for geolocation. Most usable seems to be WiFi (Google location services) and mobile networks (even if there is no SIM inserted), but others (e.g. Bluetooth) might be also abused.
This list is not complete, but it indicates that compromised Qubes can be easily game over even with your separate Tor setup. This is true especially for laptops, where it might be hard to remove all the bad input devices.
Note that you would also have to manage security of the Tor bridge, including security updates.
2. With typing, you would keep that to a minimum. I'd mostly use it for web lookups. I could also use a special keyboard system that sends all keys in a consistent speed, so it's more like robotic typing than human typing.
3. With audio, you just disconnect the mic, and webcam. Easy.
4. With abusing WiFi, that's why I said I would use a WIRED connection.
The only point I agree with you is the WiFi. That's why I say, use Ethernet.
Removing wireless radio, microphone and camera might be hard on laptops, so it depends on hardware you have. I wanted to note that staying anonymous with whole physical (or even a virtual) machine compromised might be hard, but is depends on your usage, your hardware and on your threat model. BTW, various deanonymization attacks are described on Whonix wiki. Some of them are rather trivial and target on nonskilled users, some are more advanced.
VT-d can do memory insulation, and should assign a memory range (pci-address space of a pci device) exclusively to one VM, so the attacker of that hw can do DMA into that VM, if done properly.
But there is that evil ME in the Northbridge. How does the ME-processor behave regarding VT-d? Can it be assigned exclusively to a honey-pot-vm that runs windows2000?
by having a separate tor gateway, you now have two machines to worry about. depending on your threat model, your probably better off just using whonix in qubes.
> >>
> >> But are there any proven DMA attacks against wired networking, i.e.
> >> Ethernet..?
this is what VT-D is for.
> But if any internal firmware of a network card, say, is compromised
> through some buffer overflow or whatever, it can just go ahead and
> initiate DMA operations at will?
we have to assume yes.
> But if you're not running any (potentially compromised) BIOS ROM or
> compromised driver, is it possible for a rogue Net card to just start
> writing to memory at will without any OS support/setup?
have you seen the exploits of fancy graphics cards? especially nvidia! same bus.
> (I guess a rogue netcard firmware is free to modify any network payload,
> which is powerful as well; but short of that, can it actually compromise a
> system or a VM?)
should just be the vm, unless the exploit can break out of it.
> JJ