Slashdot Mirror

← Back to Stories (view on slashdot.org)

A $300 Device Can Steal Mac FileVault2 Passwords (bleepingcomputer.com)

Posted by BeauHD on from the 30-seconds-or-less dept.

An anonymous reader writes: Swedish hardware hacker Ulf Frisk has created a device that can extract Mac FileVault2 (Apple's disk encryption utility) passwords from a device's memory before macOS boots and anti-DMA protections kick in. The extracted passwords are in cleartext, and they also double as the macOS logon passwords. The attack requires physical access, but it takes less than 30 seconds to carry out. A special device is needed, which runs custom software (available on GitHub), and uses hardware parts that cost around $300. Apple fixed the attack in macOS 10.12.2. The device is similar to what Samy Kamker created with Poison Tap.

3 of 88 comments (clear)

  1. Re:Even worse by brantondaveperson · · Score: 4, Interesting

    No, this type of attack is very serious. Someone that leaves their laptop unattended for a short period of time can find their password stolen, without them realising anything other than that their laptop was mysteriously rebooted while they were on the loo.

  2. Re:Even worse by AHuxley · · Score: 3, Interesting

    Think of having an Apple device taken by the security services at an airport. The laptop is turned on behind a secure counter with an extra hidden device plugged in.
    The top of the laptop can be seen, the rest is partial hidden. The user hears a boot sequence twice but is not asked to log in.
    A power on test with boot screen is all that is asked for.
    Your devices password, MAC and other details are now known to the security services on entry to a nation.
    The hotel is listed. Could the password be the same at work or home, back in the users own nation?
    The cost of getting into an Apple device is now very low and can be done while powering up a laptop and keeping a user distracted for a short time by a second person.
    On return the user is sure they never had the laptop out of their sight and it was never accessed by office staff, hotel staff or any strangers. They keep on using the same laptop, OS and password.

    --
    Domestic spying is now "Benign Information Gathering"
  3. Re:From the article by Skuld-Chan · · Score: 3, Interesting

    Apple doesn't release security fixes for major bugs on previous OS's for the most part. As an exception and a lesson on how Apple deals with security issues - check out the history of the rootpipe exploit.

    And yes - they did eventually fix that on previous versions of the OS after security experts shamed them publicly - almost a year later. Rootpipe was one of the worst security vulnerabilities - privilege escalation - and you can see how seriously they took it.