Mac FileVault 2's full disk encryption can be broken in less than 40 minutes

California-based forensics software vendor Passware has released the latest version of its toolkit, which the company claims can bypass Apple's FileVault 2 disk encryption "in minutes," as well as volumes encrypted with TrueCrypt. The software is reportedly able to capture the contents of a computer's memory via FireWire (also known as IEEE 1394 or i.LINK), analyze the memory dump, and extract the encryption keys. Passware claims that the software can recover passwords from decrypted Mac OS X keychain files as well.
Previous and current versions of Passware's software are also able to bypass Microsoft's BitLocker encryption which is built into some editions of Windows.

Although Passware seems to mainly market its software to government and law enforcement agencies and military organizations, anyone with US $795 can purchase an edition of Passware Kit that includes these features. Interestingly, Passware also lists Apple, Microsoft, Intel, and several other major tech companies among its customers.
For those who might find all this concerning, it is important to note a few important caveats.
First, Passware's software requires physical access to a computer with a working FireWire port; a remote internet attacker cannot use it to break into your Mac or PC.
AppleInsider reports that turning off your computer rather than putting it to sleep - and of course ensuring that automatic login is disabled - will prevent passwords from being stored in RAM and thus prevent them from being recoverable.
Furthermore, Passware Kit does not target Sophos SafeGuard full-disk encryption.
The concept and practice of exploiting machines locally via a FireWire port has been around for several years.
In 2008, Sophos reported about Winlockpwn, a utility that can unlock a live Windows system via FireWire. Security experts have postulated that similar exploits might be possible via Thunderbolt ports, which have become a standard feature on recent Macs and will become available on PCs later this year.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.