IOMMU and DMA Attacks

Explore the intricacies of Direct Memory Access (DMA) attacks and Input Output Memory Management Unit (IOMMU) in this 34-minute conference talk from NorthSec 2020. Delve into the security implications of DMA technology, which allows peripherals to access RAM without CPU involvement. Gain insights into IOMMU functioning and its integration within Windows, macOS, and Linux operating systems. Examine existing DMA attacks using external peripherals on active computers, with a focus on IOMMU bypassing techniques on macOS up to version 10.12.4. Learn how these attacks can provide access to valid logon sessions even when the computer is locked. Discover the speaker's background in penetration testing and reverse engineering, and get a glimpse into the French RAPID project, DMArvest. Follow the comprehensive roadmap covering topics such as peripheral domains, hypervisors, VBS, Intel IOMMU, Apple IOMMU, custom UEFI protocols, and practical examples using FPGA and Thunderbolt on Windows.

Intro
Welcome
Presentation
Roadmap
Disclaimer
IO MMU
Peripheral Domains
Hypervisor
What is DMA
VBS
Linux IOMMU
Intel IOMMU
Apple IOMMU
Custom UEFI protocol
IO mapping class
IOMU workflow
Password checking patch
Prerequisites
FPGA example
Mac OS
Network packets
MX
MX flag set
DMA access
Apple patch
Conclusion
DMA projects
Thunderbolt on Windows
First schematic
Questions