Filevaulted Lion NOT secure - passwords can be extracted via Firewire

Discussion in 'Mac OS X Lion (10.7)' started by Bigmacduck, Jul 26, 2011.

  1. Bigmacduck macrumors regular

    Joined:
    Feb 15, 2009
    #1
  2. Quad5Ny macrumors 6502a

    Quad5Ny

    Joined:
    Sep 13, 2009
    Location:
    New York, USA
    #2
    That's not supriseing since FireWire can give DMA.

    Windows BitLocker has the same vulnerability. One of Microsofts solutions is to disable a driver that allows this. - http://support.microsoft.com/kb/2516445

    Another type of physical attack is freezing the RAM and transplanting it into another computer where a cracking program dumps it's content and searches for the key.

    Nothing is as secure as company's would have you think. :p
     
  3. ideal.dreams macrumors 68020

    ideal.dreams

    Joined:
    Jul 19, 2010
    Location:
    OH
    #3
    But unless someone has an additional 1,000 dollars they want to spend to get that kit, I'm not too worried.
     
  4. Tutorer macrumors member

    Joined:
    Jun 9, 2011
    #4
    If I understand this correctly the described attack cannot succeed if users shut down their computers instead of just putting them to sleep or locking the screen.

    So it should become best practice to shut down your computers if you care about this security aspect.
     
  5. crashmaster1 macrumors newbie

    Joined:
    Sep 12, 2008
    #5
    So suppose I kept records of all my transactions to my Swiss bank accounts (LOL... I wish) on my Mac's drive, encrypted with Filevault2, with a good 30-40 character password, how secure is my information?

    Just curious..

    crash
     
  6. mrapplegate macrumors 68030

    Joined:
    Feb 26, 2011
    Location:
    Cincinnati, OH
    #6
    I think we have a winner. I noted that when I read the article. Don't panic when you read about exploits.
     
  7. mrapplegate macrumors 68030

    Joined:
    Feb 26, 2011
    Location:
    Cincinnati, OH
    #7
    Very secure. Pretty secure. I have no idea. Is your password written on a piece of paper taped to your monitor?
    Just follow common security "best practices" and you will be fine and so will your Swiss investments. :D
     
  8. QuarterSwede macrumors G3

    QuarterSwede

    Joined:
    Oct 1, 2005
    Location:
    Colorado Springs, CO
    #8
  9. crashmaster1 macrumors newbie

    Joined:
    Sep 12, 2008
    #9
    LOL... thanks. I keep all my passwords in the safest place - my head. The only reason I'm asking is my neighborhood had a rash of break-ins. I live outside the city and everyone used to keep their doors open, leave tools out in the garage, etc. but no more. Five people were burglarized around me - I was the one lucky person not hit by the thieves, and just want to feel my information on my Mac is somewhat secure.

    crash
     
  10. mrapplegate macrumors 68030

    Joined:
    Feb 26, 2011
    Location:
    Cincinnati, OH
    #10
    Your data is safe. Good luck with the other problems. Hope the police can help get your neighborhood back in order.
     
  11. crashmaster1 macrumors newbie

    Joined:
    Sep 12, 2008
    #11
    Thanks! I built this house out here trying to get away from all of that. At least no-one got hurt during the break-ins - the burglars broke in at night while people were sleeping and grabbing whatever they could carry. The best part is three county sheriffs share a house right down the road from me...

    crash

    PS: Sorry for getting off-topic...
     
  12. nonameowns macrumors regular

    Joined:
    Apr 24, 2010
    #12
    So? Setup a Fireware password and you will be fine. :D
     
  13. nonameowns macrumors regular

    Joined:
    Apr 24, 2010
    #13
    only alien technology would be able to crack your password :D
    https://www.grc.com/haystack.htm

    as long your password have upper and lower cases letter, numbers, and special characters, you're set.
     
  14. JRoDDz macrumors 68000

    JRoDDz

    Joined:
    Jul 2, 2009
    Location:
    NYC
    #14
    God forbid they hack into my computer! They would have to see boring family photos, boring school documents, and outdated music. But if that's your cup of tea.. have at it!
     
  15. Bigmacduck thread starter macrumors regular

    Joined:
    Feb 15, 2009
    #15
    How can one set a separate password for Firewire?
     
  16. mrapplegate macrumors 68030

    Joined:
    Feb 26, 2011
    Location:
    Cincinnati, OH
    #16
    You can't. Perhaps the poster was thinking firmware password which still would not work. Like the article says just turn your computer off.
     
  17. Quad5Ny, Jul 27, 2011
    Last edited: Jul 27, 2011

    Quad5Ny macrumors 6502a

    Quad5Ny

    Joined:
    Sep 13, 2009
    Location:
    New York, USA
    #17
    Guys this hack only works if the hacker has physical access to your computer, your computer is on/in standby (Suspend to RAM mode) and has a FireWire port (you also need the hacking software).

    Your HD's encryption key is stored in the computers RAM while it's powered on. And because the FW spec has Direct Memory Access a clever person can use FW to access the memory contents and extract the key.

    If you have a FW port, the way to protect yourself is to turn your computer off if your not in front of it or when you go to bed. When not powered, the data in RAM fades in 10-90 seconds (that's why it's called volatile memory).

    This has nothing to do with your password. Although if your password is very simple it can still be hacked with brute force.
     
  18. Schtibbie macrumors 6502

    Joined:
    Jan 13, 2007
    #18
    So, pretty much the scenario most folks will find themselves in when their computer gets stolen from their house while they're at work. I'm really going to close all apps and SHUT DOWN every single day? So, what exactly is the point of Lion's new Filevault 2 (which encrypts the entire hard drive), if physical access to my computer results in the bad guy having all my info? Before you answer: "if they have physical access, it's all over," remember that I'm asking WHAT IS THE POINT of an encrypted hard drive in this case?
     
  19. Lennyvalentin macrumors 6502a

    Lennyvalentin

    Joined:
    Apr 25, 2011
    #19
    You already answered your own question... If badguys have access to your stuff, then it's over. What you're asking is like, WHAT IS THE POINT of locking your car if thieves get hold of your keychain.

    Anyway, this is all rather technical stuff. Only a very select few would know enough about computers to know about this hack and try to use it. Your encrypted drive's going to be safe against at least 99.99% of all burglars even if you leave it in standby mode.

    Or you could fill your firewire port with epoxy, that's also an option if you're extremely paranoid (and don't intend to use it). :D
     
  20. xraydoc macrumors 604

    xraydoc

    Joined:
    Oct 9, 2005
    Location:
    192.168.1.1
    #20
    This is actually about a year old. Any computer with a FireWire port is susceptible. Windows, Linux, Mac.

    If you absolutely need to secure yourself to this exploit, use a computer without a FireWire port (i.e., MacBook Air) or take a drill to the FireWire port and physically disable it.

    Though if you're that paranoid, even with a damaged FW port, someone could drop your computer in liquid nitrogen, disassemble the machine and tap in to the FW or RAM traces on the motherboard and extract the keys from RAM before the signal faded.

    Then again, unless the NSA is after the contents of your laptop, I suspect there's not too much to worry about.
     
  21. Lennyvalentin macrumors 6502a

    Lennyvalentin

    Joined:
    Apr 25, 2011
    #21
    Actually, the issue is far older than that; it's been well known for a long time that the DMA mechanism built into many internal buses and external interfaces are susceptible to exploits like this. Recent CPUs contain a hardware virtualization feature that can if not stop the problem entirely so at least limit the scope of it.

    However one workaround - other than wrecking the port itself - is to disable the interface in your operating system. Windows can do this in the device manager (I don't know OSX well enough to tell how/if it can be done there); if the firewire port is disabled I'm pretty sure that would prevent the exploit from working although I haven't tested my hypothesis of course...

    Assuming you've set the computer to demand a password upon waking up from sleep, an attacker wouldn't be able to enable the port either. Only way to be mostly safe though is to stick the computer in a bigass ol' safe though, preferably a bank safe deposit box... :p Overkill, yes. But it works - most of the time!
     
  22. Quad5Ny macrumors 6502a

    Quad5Ny

    Joined:
    Sep 13, 2009
    Location:
    New York, USA
    #22
    Schtibbie, In order to have a live operating system you need Read/Write access to the HD at all times. Because of this the encryption key needs to be stored in RAM while powered on/locked/in standby.

    Watch this video, I'm sure you'll find it interesting - http://www.youtube.com/watch?v=JDaicPIgn9U

    AFAIK most thief's want to sell the computer ASAP, they very rarely hold onto it. Besides during this time the laptop battery will most likely die and if it's a desktop they will have to unplug it.
     
  23. Mr. Retrofire macrumors 601

    Mr. Retrofire

    Joined:
    Mar 2, 2010
    Location:
    www.emiliana.cl/en
    #23
    Apple fixed this security problem in OS X Lion v10.7.2:
    http://support.apple.com/kb/HT5002

    More about DMA --> http://en.wikipedia.org/wiki/Direct_memory_access
     

Share This Page