是否有可能执行“粉碎攻击”。在Windows CE设备上? [英] Is it possible to perform a "Shatter Attack" on a Windows CE device?
问题描述
..还是有某种内置机制可以阻止这种攻击?
粉碎攻击定义:
http://en.wikipedia.org/wiki/Shatter_attack
感谢您的任何想法。
我是没有安全专家,但我会给你我的看法。 Windows CE是一个单用户操作系统,用户启动的所有进程都以相同的权限级别运行。 虽然应用程序之间存在权限边界,并且根据您所讨论的
Windows CE版本,在应用程序和内核之间,普通设备不会阻止随机EXE文件的启动,因此所涉及的工作创建基于Windows CE的粉碎攻击将是一个巨大的浪费时间。
既然你必须能够运行一个EXE来进行粉碎攻击,那么为什么还要为了消息循环而烦恼呢?只需让EXE做任何想做的事情。
在CE5及更早版本中,由每个设备供应商定制的操作系统*可以*仅运行内核代码感觉到的已签名的EXE安全群组。如果这样做了,我不会看到粉碎攻击是如何起作用的,因为试图这样做的EXE不会被授权
。 CE6稍微退出了这种认证,尽管你可以实现自己的加载器来做类似的事情。 如果没有外国EXE可以运行,就不会有破坏性的攻击。</ p>
所以,从我的角度来看,这个特殊的*攻击不是一个值得关注的问题,因为它对黑客来说要么更难实施比其他攻击向量,或者它是不可能的,因为只有签名的EXE才能运行。
Paul T。
.. or is there some sort of built in mechanism that would stop such an attack?
Shatter attack definition:
http://en.wikipedia.org/wiki/Shatter_attack
Thanks for any thoughts.
I'm no security expert, but I'll give you my take. Windows CE is a single-user operating system where all processes launched by a user run at the same privilege level. While there is a privilege border between applications and, depending on the Windows CE version you're talking about, between applications and the kernel, the average device does not prevent random EXE files from being launched, so the effort involved in creating a Windows CE-based shatter attack would be a huge waste of time. Since you have to be able to run an EXE to perpetrate a shatter attack, why bother fooling around with the message loop; just have the EXE do whatever it wants to do.
In CE5 and earlier, the OS, as customized by each device vendor, *could* run only signed EXEs that the kernel code feels are safe. If that were done, I don't see how the shatter attack would work, since the EXE that attempted to do it would not be authorized. CE6 stepped back from that sort of certification a bit, although you could probably implement your own loader to do something similar. If no foreign EXE can run, no shatter attack.
So, from my point of view, this *particular* attack is not one to be concerned about because it's either way harder for the hacker to implement than other attack vectors, or it's impossible because only signed EXEs can run at all.
Paul T.
这篇关于是否有可能执行“粉碎攻击”。在Windows CE设备上?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
