Passwords in Mac OS X can be pilfered with new tool

The tool capitalizes on a long-known issue in how FireWire can be used to read a computer's memory

A company that makes password recovery tools has released one that can snatch passwords from a locked or sleeping Macintosh running Mac OS X Lion by plugging another computer into the Mac's FireWire port. The attack technique is several years old and the only way to defend against it is to turn the Mac off.

Passware, which has engineering facilities in Moscow and headquarters in Mountain View, California, said its Passware Kit Forensic v11 analyzes a Mac's live memory via FireWire. FireWire is a fast serial interface developed in the 1980s by Apple. It is also known by Sony as i.LINK and was standardized as IEEE 1394.

If a computer is turned on and has been logged into at least once, Passware's software can extract passwords in a few minutes, even if the computer is locked or sleeping. It can even extract passwords in the Mac's keychain password store -- regardless of password strength and even if FileVault encryption is used, the company said in a news release.

The issue affects all "modern" Mac OS versions, including Snow Leopard and the latest one, Lion.

Apple officials contacted in London did not have an immediate comment.

Passware said there's an easy defense: turn off the computer, which erases the passwords from the computer's memory. Passware also suggested disabling the feature that automatically logs in a user when the computer is turned on, a basic security step.

The FireWire password issue has been for some time. In 2008, Uwe Hermann -- a Debian developer -- compiled a list of research papers from over the years summarizing issues with FireWire. Hermann wrote that if you can gain access to a computer with a FireWire port, it is possible to read or write data in the computer's RAM.

Other defenses against the attack include simply not having a computer with a FireWire port or plugging an existing one up. If a computer has a PCMCIA or PCI card slot, however, it could still be vulnerable if a FireWire-enabled card is inserted, Hermann wrote. Another precautionary measure is to try and ensure no one gets access to your computer.

Passware's Kit Forensic costs $995 with one year of free updates.

Send news tips and comments to jeremy_kirk@idg.com

Tags AppleMac OSsecurityAccess control and authenticationsoftwaredata protectionExploits / vulnerabilitiesoperating systems

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?