“According to Passware, the latest version of Mac OS X has a ‘vulnerability’ that allows login passwords to be exposed while the Mac is locked or in sleep mode. In order to access those passwords, users will need to connect to the Mac’s FireWire port, since it allows for communication by direct memory access, the firm said,” Don Reisinger reports for CNET. “Mac OS X Snow Leopard, the previous version of Apple’s operating system, is also affected, Passware says.”
“Passware, which offers its password recovery software to law enforcement agencies, says that its latest release, the Passware Kit Forensic v11, addresses the apparent Mac OS X vulnerability,” Reisinger reports. “When users employ the $995 software, they’ll be able to recover login passwords, as well as passwords saved in the Mac keychain, such as those for Web sites, wireless networks, and more.”
Advertisement: Limited Time: Students, Parents and Faculty save up to $200 on a new Mac.
“Luckily for Mac users, the issue can be solved quite quickly by disabling the automatic login setting in the operating system. Passware president Dmitry Sumin told CNET in an e-mailed statement today that users must also turn off their computers. Upon doing so, the platform will no longer save passwords in memory, thus making them unrecoverable,” Reisinger reports. “According to Sumin, users can also disable the FireWire port to safeguard themselves from the vulnerability.”
Reisinger reports, “This isn’t the first time that Passware has used this technique to access seemingly secured data. According to the company, it was able to use the same technique to decrypt hard drives encrypted with Windows’ BitLocker and TrueCrypt.”
Full article here.
This requires physical access to the computer. Anyone with the right knowledge can can access to anything if they have access to the physical machine. These tips, and any changes that people think should be made, are fruitless.
+1
And in other news, if you leave your keys in your car, someone could potentially steal it.
Not entirely fruitless. If your computer is seized in a raid, forensics could gain access to data that otherwise would’ve been secured.
I always thought Automatic Login was a bad idea. It’s an open gate to your files.
Mario, Sorry to burst you bubble, but if authorities have physical access to your drive NOTHING on it is secured. It only limitation is how bad they want it.
(by disassembling the drive, and reading directly off the disk surface, you can even read data that has been erased and over written several times with random garbage a truly secure wipe can take up to 27 passes of re-writing the surface with random bits)
Unless it’s PGP encrypted. Then it’s a bit more of a challenge!
As one of those “people” who seizes your computer when you’ve been a naughty boy/girl, I can tell you that gaining access to your HD is only as difficult as getting a signature on a search warrant. Passwords are for “casual” protection. When we have your machine, and you’ve got bad things on it, there hasn’t been (so far in 17 years) that’s stopped us from seeing it.
Uh… I don’t think I believe that. For instance, how do you get into an AES-128 Encrypted sparsebundle?
I agree, this is bologna. You can do the same to Windows boxes if you have physical access to the box, plenty of tools to do it. Physical access is king. This announcement is stupid at best. In addition, the “trick” to fix it is to disable auto login. ok, well anyone that say uses a laptop out in public at all, and does not enforce login at start up and lock the machine when away is asking for it. Thats basic security setup for any box that might have any real danger of physical access or loss. Home users should be unaffected, especially if autologin is enabled.
If you use auto login, you can’t be all that concerned about security.
+1
With Lion, not only do I have auto logon disabled, I’m also using the new FileVault to encrypt the entire hard drive. Even though my laptop hardly ever leaves my house.
Paranoid? Me? Nahhh! 😉
“Luckily for Mac users, the issue can be solved quite quickly by disabling the automatic login setting in the operating system.”
Right there shows it’s not really a Software issue… it’s an IDIOT issue.
Granted i assume Apple will patch this “hole” anyway.
I talk in my sleep sometimes and reveal more stuff than just passwords.
Physical access is of course required for the Passware Kit software exploits. That and the Mac must still be turned on having been left running.
Smart folks who may have content such as company confidential information they wish to safeguard would be wise to turn off their computers before going through airport security in case the folks at Homeland Security want to seize your computer to allow them to peruse it’s data in a leisurely fashion.
This method described does seem to be along the lines of freezing memory chips with liquid N2 to preserve the content when powered off.
I’m not sure, but I think HS personnel may require you to turn on a laptop for them to review. If you refuse to do so, your computer can be seized.
Last time i took a laptop through airport security they did.
Instead of powering the Mac down… turn to actual security…
As the article said, turn off auto login….
Let me see if I got the scenario correctly. In order to retrieve the password from the sleeping Mac, it must have auto login enabled.
Well, rather than using a $1000 software to gain access to this Mac, all I have to do is power it off and re-boot. Autologin will get me right into the computer, wherein I can obtain any and all information I want (for which I’d presumably need the password).
The vulnerability seems quite academic here…
LOL!!
Dang… how did they overlook *that* one?
I have my grandkids computer on auto-login.
Of course they are not admins.
Now I wonder if it leaves the network vulnerable
How I understand this is that you could have a similar login, maybe guest, for convience, yet the FireWire port allows access to all accounts, even admin.
Do I get a cookie? (Not from you, MDN….)
>Dang… how did they overlook *that* one?<
Typical government efficiency. This is how the budget (or lack of one) works, too.
Some people would rather attack apple than see the error in their ways.
The software is needed to retrieve the account password to unlock the keychain.
With that account password you could access the password to tax returns or accessing VPN’s where sensitive data is stored.
The primary value of a computer is not always what is easily viewed on the device but may be the information gained from the networks that it connects to.
“You are getting sleepy… Very sleepy!”
Firewire ??????? what’s that ? isn’t that one of those archaic ideas ? like Windows ?
No. It is an interface standard that ships on ALL current Macs (except MacBook Air).