A $300 Device Can Steal Mac FileVault2 Passwords

An anonymous reader writes: Swedish hardware hacker Ulf Frisk has created a device that can extract Mac FileVault2 (Apple's disk encryption utility) passwords from a device's memory before macOS boots and anti-DMA protections kick in. The extracted passwords are in cleartext, and they also double as the macOS logon passwords. The attack requires physical access, but it takes less than 30 seconds to carry out. A special device is needed, which runs custom software (available on GitHub), and uses hardware parts that cost around $300. Apple fixed the attack in macOS 10.12.2. The device is similar to what Samy Kamker created with Poison Tap.

Re:$300...Really???

[guruevi]

The $300 device can also do the following:

Retrieve memory from the target system at >150MB/s.
Write data to the target system memory.
4GB memory can be accessed in native DMA mode.
ALL memory can be accessed if kernel module (KMD) is loaded.
Execute kernel code on the target system.
Spawn system shell [Windows].
Spawn any executable [Windows].
Load unsigned drivers [Windows].
Pull files [Linux, FreeBSD, Windows, macOS].
Push files [Linux, Windows, macOS].
Patch / Unlock (remove password requirement) [Windows, macOS].

All of the above does not work in latest macOS and Linux, works in pretty much any older Linux or Windows version, protection feature set for Windows only available in Windows Enterprise.

From the article

[berj]

December 13th: Apple released macOS 10.12.2 which contains the security update. At least for some hardware - like my MacBook Air.

Conclusion
The solution Apple decided upon and rolled out is a complete one. At least to the extent that I have been able to confirm. It is no longer possible to access memory prior to macOS boot. The mac is now one of the most secure platforms with regards to this specific attack vector.

So, it seems that this door has been closed as of 10.12.2

Remains to be seen if those machines that don't support 10.12 Sierra will get patches for their latest supported macOS version, of course.

Re:How was that fixed?

[guruevi]

The 'hack' is prevented by enabling VT-d (basically virtualization of the PCIe devices) which prevents PCIe devices to have direct access to the hypervisor's memory.

Re:Even worse

[Flytrap]

The bigger issue is that anyone who leaves their laptop unattended for a short period of time can have their laptop stolen, and the thief can actually gain access to it.

This is not true... as the article clearly states:

Swedish hardware hacker Ulf Frisk has created a device that can extract Mac FileVault2 (Apple's disk encryption utility) passwords from a device's memory before macOS boots and anti-DMA protections kick in.

Therefore simply leaving your laptop unattended is not going to automagically disable the built-in anti-DMA protections that kick in during the boot up process and enable a passerby with PCILeech to steal your password and access your encrypted disk.

To gain access to your MacBook, the attacker needs to have the PCILeech plugged into a Thunderbolt 2 port when the computer is first switched on to perform a cold boot and you need to be running an unpatched pre-16C63a build of macOS and you need to login with your password at that very moment while it is plugged in. The prototype PCILeech is much bulkier than a spy camera and has to be plugged into the computer (and its own power source) while you are logging in in order to extract the password from memory... so it is highly unlikely that you are not going to notice this big external hard disk-like looking device plugged into your computer when you return from a bathroom break.

However, immunity from the PCILeech hack is free and easy... just upgrade to macOS 10.12.2

From the Article:

"The solution Apple decided upon and rolled out is a complete one. At least to the extent that I have been able to confirm," Frisk said. "It is no longer possible to access memory prior to macOS boot. The Mac is now one of the most secure platforms with regards to this specific attack vector."