Go Back   MacRumors Forums > Apple Hardware > Notebooks > MacBook Pro

Reply
 
Thread Tools Search this Thread Display Modes
Old Jan 30, 2013, 09:03 AM   #1
ugotpwned5
macrumors member
 
Join Date: Dec 2007
Power Nap=Security Issue?

Hypothetically speaking, power nap is described by apple as,

"When your compatible Mac goes to sleep in Mountain Lion, Power Nap still gets things done silently

Mail. Receive new messages.
Contacts. Your Contacts update with any changes you may have made on another device.
Calendar. Receive new invitations and calendar updates.
Reminders. Reminders updates with any changes you may have made on another device.
Notes. Notes updates with any changes you may have made on another device.
Documents in your iCloud account. iCloud pushes any edits you made to a document to your Mac notebook.
Photo Stream. Your Photo Stream updates with new photos from your iPhone, iPad, or iPod touch.
Mac App Store updates. Your Mac notebook can download updates from the Mac App Store.
Time Machine backup. Your Mac notebook can back up while it sleeps.
Find My Mac. Locate a lost Mac notebook even when it’s sleeping.
VPN on demand. Corporate email updates securely.
Configuration profile. Macs in managed environments can receive configuration profile updates."


Wouldn't this potentially allow lets say someone able to tap into the flash storage when the system is running such updates? Even with your computer password protected it is allowing changes on the flash storage? Security hole? or am i thinking to much into it?

Discuss!
ugotpwned5 is offline   0 Reply With Quote
Old Jan 30, 2013, 09:46 AM   #2
bogatyr
macrumors 65816
 
Join Date: Mar 2012
Quote:
Originally Posted by ugotpwned5 View Post
Wouldn't this potentially allow lets say someone able to tap into the flash storage when the system is running such updates? Even with your computer password protected it is allowing changes on the flash storage? Security hole? or am i thinking to much into it?

Discuss!
No less secure than when the laptop is on. Many of these also require the laptop be plugged into power while sleeping.

You can browse files on the laptop that is in PowerNap mode - if you have that service turned on (it isn't by default). Using SFTP, I can browse the stuff on my laptop from my phone when it is charging on my desk. I also pull files from one laptop to the other while one is charging in the same manner.
bogatyr is offline   0 Reply With Quote
Old Jan 30, 2013, 10:02 AM   #3
ugotpwned5
Thread Starter
macrumors member
 
Join Date: Dec 2007
Quote:
Originally Posted by bogatyr View Post
No less secure than when the laptop is on. Many of these also require the laptop be plugged into power while sleeping.

You can browse files on the laptop that is in PowerNap mode - if you have that service turned on (it isn't by default). Using SFTP, I can browse the stuff on my laptop from my phone when it is charging on my desk. I also pull files from one laptop to the other while one is charging in the same manner.
I understand the laptop would be less secure while the laptop is on, but most people close their laptop instead of shutting down when they walk away. And if they change power nap to enable on battery or ac adapter, if filevault was enabled, wouldn't it allow access to the system's flash storage without having the filevault key when the system decides to use power nap to carry out its functions? This would allow access to encrypted systems? Can anybody correct me if I am wrong?
ugotpwned5 is offline   0 Reply With Quote
Old Jan 30, 2013, 10:55 AM   #4
Mrbobb
macrumors 601
 
Join Date: Aug 2012
Windows has had this features forever, and never heard of a security prob.

So yes you are thinking too much. Next!
__________________
Solution: FREE, Explanation: Is gonna cost ya.
Mrbobb is offline   0 Reply With Quote
Old Jan 30, 2013, 11:12 AM   #5
calderone
macrumors 68040
 
calderone's Avatar
 
Join Date: Aug 2009
Location: Seattle
Your question is pretty poorly formed.

Explain how you think someone would gain access to the flash storage during powernap on an encrypted system?
__________________
ACSA, ACMT
calderone is offline   0 Reply With Quote
Old Jan 30, 2013, 11:55 AM   #6
ugotpwned5
Thread Starter
macrumors member
 
Join Date: Dec 2007
Quote:
Originally Posted by calderone View Post
Your question is pretty poorly formed.

Explain how you think someone would gain access to the flash storage during powernap on an encrypted system?
How is it poorly formed? Please do explain.

I don't see how you guys don't understand what I am trying to point out. Let me make an example.

A government worker carries a macbook pro retina 2012-mid with power nap enabled on it and filevault 2 on the storage. He loses the laptop with sensitive data with the lid closed, sleep is enable. The computer is not off.

A hacker takes the computer, exploits the system by doing something during the active (power nap). I am not a hacker by any means so these may not be the right terms, could he interject something in the data by a usb/firewire cable. Like overload a particular kernel or something and inject his own program to steal data.

If the computer was in power nap and carrying out functions, the computer had to have unlocked the filevault to write data to the storage device. Hence the vulnerability of the device.
ugotpwned5 is offline   0 Reply With Quote
Old Jan 30, 2013, 12:18 PM   #7
Weaselboy
Moderator
 
Weaselboy's Avatar
 
Join Date: Jan 2005
Location: California
Quote:
Originally Posted by ugotpwned5 View Post
How is it poorly formed? Please do explain.

I don't see how you guys don't understand what I am trying to point out. Let me make an example.

A government worker carries a macbook pro retina 2012-mid with power nap enabled on it and filevault 2 on the storage. He loses the laptop with sensitive data with the lid closed, sleep is enable. The computer is not off.

A hacker takes the computer, exploits the system by doing something during the active (power nap). I am not a hacker by any means so these may not be the right terms, could he interject something in the data by a usb/firewire cable. Like overload a particular kernel or something and inject his own program to steal data.

If the computer was in power nap and carrying out functions, the computer had to have unlocked the filevault to write data to the storage device. Hence the vulnerability of the device.
Your question is valid and is a legit concern. There are two ways a hacker could try and gain this type of access.

The first would be to try and login remotely over the ethernet connection, assuming the computer is on a network. The only way for this to work would be if the hacker had the login password, so that avenue is blocked.

The second way would be to directly access memory (DMA) either through a Firewire or Thunderbolt port. Prior to Lion 10.7.2, Macs could be hacked using this method. A patch in 10.7.2 blocked DMA access, so this avenue is also blocked.

So at this point there is no known method of getting into a new(er) Filevault2 enabled Mac.

Last edited by Weaselboy; Jan 30, 2013 at 02:30 PM. Reason: Accidentally a word.
Weaselboy is online now   1 Reply With Quote
Old Jan 30, 2013, 02:21 PM   #8
bogatyr
macrumors 65816
 
Join Date: Mar 2012
Quote:
Originally Posted by ugotpwned5 View Post
How is it poorly formed? Please do explain.

I don't see how you guys don't understand what I am trying to point out. Let me make an example.

A government worker carries a macbook pro retina 2012-mid with power nap enabled on it and filevault 2 on the storage. He loses the laptop with sensitive data with the lid closed, sleep is enable. The computer is not off.

A hacker takes the computer, exploits the system by doing something during the active (power nap). I am not a hacker by any means so these may not be the right terms, could he interject something in the data by a usb/firewire cable. Like overload a particular kernel or something and inject his own program to steal data.

If the computer was in power nap and carrying out functions, the computer had to have unlocked the filevault to write data to the storage device. Hence the vulnerability of the device.
Ok... the hacker physically has the computer. It is in sleep mode meaning he could just open the lid and have more access than if it was sleeping (network and at the keyboard). This is a non-issue as no one is going to keep it in sleep mode after stealing it and give themselves less ability to break into it.

----------

Quote:
Originally Posted by ugotpwned5 View Post
I understand the laptop would be less secure while the laptop is on, but most people close their laptop instead of shutting down when they walk away. And if they change power nap to enable on battery or ac adapter, if filevault was enabled, wouldn't it allow access to the system's flash storage without having the filevault key when the system decides to use power nap to carry out its functions? This would allow access to encrypted systems? Can anybody correct me if I am wrong?
No access is there for the file storage without login credentials. Keep your password secure.
bogatyr is offline   0 Reply With Quote
Old Jan 30, 2013, 02:30 PM   #9
duervo
macrumors 6502a
 
Join Date: Feb 2011
The bigger issue in that example is that the "hacker" has the computer at all! They can do whatever they want with it at that point. Take the drive out, for example. At that point, power-nap being turned on is the least of your worries.

I think you'd have much bigger problems to worry about besides whether or not you left power-nap turned on in that situation.

Any potential legitimate security risk with power-nap will most likely involve people gaining unauthorized remote access to your system while it (power-nap) is turned on and active.
duervo is offline   0 Reply With Quote
Old Jan 30, 2013, 03:23 PM   #10
madsci954
macrumors 68000
 
Join Date: Oct 2011
Location: Ohio
1.) You're thinking too much into it. And

2.) Most thieves are interested in the machine itself then the data that's stored on it.
madsci954 is offline   0 Reply With Quote
Old Jan 30, 2013, 04:22 PM   #11
Arnezie
macrumors 65816
 
Arnezie's Avatar
 
Join Date: Oct 2011
Quote:
Originally Posted by madsci954 View Post
1.) You're thinking too much into it. And

2.) Most thieves are interested in the machine itself then the data that's stored on it.
True , no one wants your 70's porn collection
__________________
15 RETINA 2.6 16GB 256 , iPhone 6 , IPad 2 ATT 64GB
Arnezie is offline   0 Reply With Quote
Old Jan 30, 2013, 07:24 PM   #12
dusk007
macrumors 68030
 
Join Date: Dec 2009
Quote:
Originally Posted by duervo View Post
The bigger issue in that example is that the "hacker" has the computer at all! They can do whatever they want with it at that point. Take the drive out, for example. At that point, power-nap being turned on is the least of your worries.

I think you'd have much bigger problems to worry about besides whether or not you left power-nap turned on in that situation.

Any potential legitimate security risk with power-nap will most likely involve people gaining unauthorized remote access to your system while it (power-nap) is turned on and active.
If he has disk encryption enabled, taking the drive out won't do him any good. Contrary to what spy movies today suggests. Nobody breaks a 256bit AES encrypted file unless they can somehow obtain the password.
Which is actually easier if the system is on. Because all you need is some flaw in the login which gets you access. The password must reside somewhere for powernap to be able to unlock the drive when it wants to do something unless it works entirely in memory. Theoretically it might just work entirely in memory and never wake the drive. This would also conserve power and add security. The stuff in RAM is never encrypted by filevault anyway. Ergo the system is only as secure as the login process.
Which means there is absolutely no difference between it sleeping or being on.

Trying to crack the encryption and attack the AES key directly is absolutely useless. You need to attack the password or somehow get enough access to read out a key from some cache.
__________________
15" MBP 2013 2.3/750M, 16GB/512GB
dusk007 is offline   0 Reply With Quote
Old Jan 30, 2013, 07:27 PM   #13
chrise2
macrumors 6502
 
Join Date: Sep 2012
I've read articles about a similar thing on the Windows side. When Windows disk encryption is used, the drive remains unlocked while in sleep mode. You only need to enter the encryption key when booting or resuming from hibernate. What some companies do is to disable sleep on the laptops and force the user to hibernate or do a full shut down. What most do is to not care as you still need to authenticate to the computer to get in.

But yes, if your computer is connected to a network and running, anything is possible I suppose.
chrise2 is offline   0 Reply With Quote
Old Jan 30, 2013, 07:39 PM   #14
duervo
macrumors 6502a
 
Join Date: Feb 2011
Quote:
Originally Posted by dusk007 View Post
If he has disk encryption enabled, taking the drive out won't do him any good. Contrary to what spy movies today suggests. Nobody breaks a 256bit AES encrypted file unless they can somehow obtain the password.
Which is actually easier if the system is on. Because all you need is some flaw in the login which gets you access. The password must reside somewhere for powernap to be able to unlock the drive when it wants to do something unless it works entirely in memory. Theoretically it might just work entirely in memory and never wake the drive. This would also conserve power and add security. The stuff in RAM is never encrypted by filevault anyway. Ergo the system is only as secure as the login process.
Which means there is absolutely no difference between it sleeping or being on.

Trying to crack the encryption and attack the AES key directly is absolutely useless. You need to attack the password or somehow get enough access to read out a key from some cache.
Well, my point was that somebody being able to physically obtain the system (i.e.: Pick it up and walk away with it) is going to trump any sort of power-nap mode that was enabled and active on the system. Once you have the system in your hands, you can do whatever you want with it. Power-nap isn't going to stop somebody from removing the drive and replacing it with an empty one and carrying on with a fresh install of OS X.

So, their example of a "hacker" stealing a system with power-nap turned on was probably not the best example to give.

With regards to the data on the actual drive, you are correct. Encryption will stop access to the data. Wasn't my point, though.
duervo is offline   0 Reply With Quote
Old Jan 30, 2013, 09:21 PM   #15
calderone
macrumors 68040
 
calderone's Avatar
 
Join Date: Aug 2009
Location: Seattle
Quote:
Originally Posted by ugotpwned5 View Post
I understand the laptop would be less secure while the laptop is on, but most people close their laptop instead of shutting down when they walk away. And if they change power nap to enable on battery or ac adapter, if filevault was enabled, wouldn't it allow access to the system's flash storage without having the filevault key when the system decides to use power nap to carry out its functions? This would allow access to encrypted systems? Can anybody correct me if I am wrong?
The disk is already decrypted anyway....
__________________
ACSA, ACMT
calderone is offline   0 Reply With Quote
Old Jan 31, 2013, 07:11 AM   #16
dusk007
macrumors 68030
 
Join Date: Dec 2009
Quote:
Originally Posted by duervo View Post
Well, my point was that somebody being able to physically obtain the system (i.e.: Pick it up and walk away with it) is going to trump any sort of power-nap mode that was enabled and active on the system. Once you have the system in your hands, you can do whatever you want with it. Power-nap isn't going to stop somebody from removing the drive and replacing it with an empty one and carrying on with a fresh install of OS X.

So, their example of a "hacker" stealing a system with power-nap turned on was probably not the best example to give.

With regards to the data on the actual drive, you are correct. Encryption will stop access to the data. Wasn't my point, though.
The ops concern is justifiable.

For disk encryption to work you need a password to unlock it. Once it is unlocked most processes have file access pretty much all over the place. Now if you lock your notebook a new unlock is require by you typing in the password. If the powernap can wake and actually alter files in the persistent hdd storage, it would need the password saved in some cached form in the RAM. If the login process isn't secure enough to stop you getting access to this saved password, one might find it and use it to read everything.

Having the notebook in hand does not provide more access as the vulnerability might be that powernap can automatically unlock the drive when needed or worse it stays unlocked. Having a locked notebook (you need to type in the password which isn't cached anywhere) in malicious hands is thus theoretically more secure than a potentially semi-unlocked power napping notebook.

I think the ops worry is definitely justified. I don't really know enough about filevault 2 and power nap to say anything definite. In theory at least there is more potential for security breaches. Especially how Apple works with a TPM or how they secure the keys in use.
An encrypted drive isn't secure if you can access the drives key which must be accessible for the system when it is on and reside somewhere in RAM or a TPM. As far as I know Apple doesn't use a TPM chip. Maybe something equivalent or maybe nothing.
Generally I think if there isn't clear documentation of the system they use it is most likely not all that secure. iphones are fairly secure today but the Macs do lag behind Bitlocker and such.
Authentication is everything. The encryption algorithm are rarely an issue. They only matter for performance really. Password security matters too but I assume that much everyone knows.
__________________
15" MBP 2013 2.3/750M, 16GB/512GB
dusk007 is offline   0 Reply With Quote
Old Jan 31, 2013, 07:29 AM   #17
bogatyr
macrumors 65816
 
Join Date: Mar 2012
Quote:
Originally Posted by dusk007 View Post
If he has disk encryption enabled, taking the drive out won't do him any good. Contrary to what spy movies today suggests. Nobody breaks a 256bit AES encrypted file unless they can somehow obtain the password.
Which is actually easier if the system is on. Because all you need is some flaw in the login which gets you access. The password must reside somewhere for powernap to be able to unlock the drive when it wants to do something unless it works entirely in memory. Theoretically it might just work entirely in memory and never wake the drive. This would also conserve power and add security. The stuff in RAM is never encrypted by filevault anyway. Ergo the system is only as secure as the login process.
Which means there is absolutely no difference between it sleeping or being on.

Trying to crack the encryption and attack the AES key directly is absolutely useless. You need to attack the password or somehow get enough access to read out a key from some cache.
The password is in RAM already when in sleep mode - with or without power nap. The only way to steal this would be the DMA attack which Apple blocked in 10.7.2 for FireWire/TB attacks.
bogatyr is offline   1 Reply With Quote
Old Jan 31, 2013, 08:32 AM   #18
GermanyChris
Banned
 
Join Date: Jul 2011
Location: Here
Quote:
Originally Posted by dusk007 View Post
If he has disk encryption enabled, taking the drive out won't do him any good. Contrary to what spy movies today suggests. Nobody breaks a 256bit AES encrypted file unless they can somehow obtain the password.
Which is actually easier if the system is on. Because all you need is some flaw in the login which gets you access. The password must reside somewhere for powernap to be able to unlock the drive when it wants to do something unless it works entirely in memory. Theoretically it might just work entirely in memory and never wake the drive. This would also conserve power and add security. The stuff in RAM is never encrypted by filevault anyway. Ergo the system is only as secure as the login process.
Which means there is absolutely no difference between it sleeping or being on.

Trying to crack the encryption and attack the AES key directly is absolutely useless. You need to attack the password or somehow get enough access to read out a key from some cache.
Being that we are into the 350 billion guesses a second range now (for NTLM), I'd say thats not the case so much anymore. The linked article is in essence a super computer at home, folks who are into this stuff will leverage 4 to 6 GPU's. NSA broke it in 2009. Throw 6x680's and their combined 9,216 cores at a laptop in my possession it'll be broken before you know it..You'd really have to have something on the computer for someone to want to leverage thousands in SW & HW to break your system. the end state is never give someone access to your computer.

http://arstechnica.com/security/2012...rd-in-6-hours/
GermanyChris is offline   0 Reply With Quote
Old Jan 31, 2013, 10:43 AM   #19
dusk007
macrumors 68030
 
Join Date: Dec 2009
Quote:
Originally Posted by bogatyr View Post
The password is in RAM already when in sleep mode - with or without power nap. The only way to steal this would be the DMA attack which Apple blocked in 10.7.2 for FireWire/TB attacks.
Depends on the implementation but not necessarily. The key could be deleted. The HDD locked down until the login procedure recovers the key from a TPM.
If it is yeah, that might be a problem. I would argue a DMA access is always blocked if they can but there might always be flaws. Side channel attacks or forced memory dumps. If you have the machine a lot is theoretically possible.
Not saying there is a whole but there might be and the ops asked whether there could be an issue.

Quote:
Being that we are into the 350 billion guesses a second range now (for NTLM), I'd say thats not the case so much anymore. The linked article is in essence a super computer at home, folks who are into this stuff will leverage 4 to 6 GPU's. NSA broke it in 2009. Throw 6x680's and their combined 9,216 cores at a laptop in my possession it'll be broken before you know it..You'd really have to have something on the computer for someone to want to leverage thousands in SW & HW to break your system. the end state is never give someone access to your computer.

http://arstechnica.com/security/2012...rd-in-6-hours/
It is one thing to generate loads of hashes of passwords and quite another to decrypt something with a 256bit key. Rainbow tables of MD5 hashes on password are all over the web. They are already computed for quite a bit of length.
If you use a 6 letter password you might as well not encrypt anything. A 256bit symmetric encryption is quite a different story. If the password is secure, as in long enough and random enough so it won't fall victim to a dictionary attack, you don't even get close to being able to crack 128bit AES with all the computing ressources of the world at your disposal.
Addtionally you usually face the problem that the encryption is actually done with a very random secure hash of the original password. The authentication of the password is done by a not one hash but usually thousands or inside a TPM so as to make this process take quite long. Usually so long that it doesn't annoy the user but long enough so that it isn't so simply for an attacker. A TPM may even limit the tries you can have at it guessing the password. After which you would be left with having to break the actual encryption which uses the hash of the password as key. You simply won't brake that.

You need quite a few cycles to compute the encryption of a block and than you still need to figure out if the key you used gave you the actual original message. That takes quite a bit longer than computing a hash and comparing it. Even if you can somehow reduce the key size with some brake. For AES 128 there is one of complexity with only gets rid of one bit. Quite pathetic.

Just assuming you can actually test accurately 350 billion password per second as the article does with hashes.
With AES 128 to be finished with one year time you need 3*10^20 of these systems. I don't even now what that number is called. Talking about a 256 bit key isn't even necessary.
Say you are done on average when you tried 50% that really only saves you one bit. And then with the 127bit hack 7.7*10^18
You need secure passwords and secure authentification but nobody will brake 256 bit encryption not with all the GPUs in the world hacking at it. Somebody would need to find some huge flaw in AES and this is one of the most thoroughly tested algorithm. They even found some ways but only ones that work on more primitive variations which aren't actually used in the field.
__________________
15" MBP 2013 2.3/750M, 16GB/512GB
dusk007 is offline   0 Reply With Quote
Old Jan 31, 2013, 11:57 AM   #20
bogatyr
macrumors 65816
 
Join Date: Mar 2012
Quote:
Originally Posted by dusk007 View Post
Depends on the implementation but not necessarily. The key could be deleted. The HDD locked down until the login procedure recovers the key from a TPM.
If it is yeah, that might be a problem. I would argue a DMA access is always blocked if they can but there might always be flaws. Side channel attacks or forced memory dumps. If you have the machine a lot is theoretically possible.
Not saying there is a whole but there might be and the ops asked whether there could be an issue.
We are speaking about FV2 - since this is a MacBook with PowerNap enabled. It is in the RAM when the laptop is sleeping - not perhaps. This was a problem when DMA was accessible while in sleep mode via FireWire and Thunderbolt, this problem was fixed in 10.7.2.

So again, as DMA is blocked from 10.7.2 on, where is the security hole in allowing PowerNap?
bogatyr is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Hardware > Notebooks > MacBook Pro

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Power Nap Badrottie OS X Mavericks (10.9) 1 Apr 20, 2014 01:47 PM
Why Power Nap? Letsjet OS X 10.8 Mountain Lion 14 Jun 21, 2013 06:03 AM
How will we get power nap in GM Nathan576 OS X 10.8 Mountain Lion 6 Jul 25, 2012 12:24 AM
Power Nap? Afbar1114 MacBook Pro 1 Jul 9, 2012 11:54 PM
Power Nap? Jack25 MacBook Pro 7 Jun 12, 2012 07:01 PM

Forum Jump

All times are GMT -5. The time now is 10:24 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC