• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • FileVault 2.0 Security Flaw Discovered by PassWare


    One of the many welcomed features in OS X Lion was the replacement of Apple’s first generation FileVault file encryption technology, which ended up bringing new ways of encryption. It lets you encrypt your entire drive with a master password to protect files, key-chain passwords, and more. Furthermore, FileVault 2 lets you separate a partition to store the FileVault login information as well.

    A new report from Passware (a password recovery company), claims that the company can decrypt Apple’s FileVault 2 in under 40 minutes. This leaves a lot of users concerned because FileVault contains much of the user’s private information. To accomplish this, PassWare decrypts FileVault by going in through the system’s firewire connection and using live-memory analysis to extract the encryption key from the FileVault partition. From there, they claimed they can uncover keychain files and login passwords, which can be used to unlock the whole HDD/SSD.

    The password recovery company makes PassWare Kit Forensic 11.3 available to do this but the software is set at a price point of $995 and aimed primarily for law enforcement. Hopefully Apple will release a solution to the issue in the future now that the bug has been outed.

    Source: CNET, PassWare (PDF)
    This article was originally published in forum thread: FileVault 2.0 Security Flaw Discovered by PassWare started by Akshay Masand View original post
    Comments 5 Comments
    1. Cer0's Avatar
      Cer0 -
      Wow, just today I finally enabled FileVault too after some going back and forth looking up stuff on it. I started the encryption before I left for work today.

      But then again FileVault still protects from the everyday theft if someone was to take your machine. Most theives wouldn't go this far to dig up your stuff all they care about is the hardware.
    1. dennder's Avatar
      dennder -
      Not again... stop, no i mean it !!STOP!! posting complete BS.
      Firewire "injection" and memory stealing is working on ANY system, be it Windows or Linux alike. And yields same results. Article headline is completely misleading. I was hoping to read some real thing...

      Fulldrive encryption is used for leaving OFFLINE computer data safe. Should anyone gain physical access to your computer while it is online, there are numerous ways to get to you data. The most easier will be, when user do use encryption, but does not use "require password" after sleep or screensaver, just take it and copy all you want...

    1. fbiryujin's Avatar
      fbiryujin -
      Quote Originally Posted by dennder View Post
      Not again... stop, no i mean it !!STOP!! posting complete BS.
      Firewire "injection" and memory stealing is working on ANY system, be it Windows or Linux alike. And yields same results. Article headline is completely misleading. I was hoping to read some real thing...

      Fulldrive encryption is used for leaving OFFLINE computer data safe. Should anyone gain physical access to your computer while it is online, there are numerous ways to get to you data. The most easier will be, when user do use encryption, but does not use "require password" after sleep or screensaver, just take it and copy all you want...

      If you turn your Mac OFF not hibernate, not sleep, not just closing the lid, but Apple Logo > Shut Down then you will be immune to this.
    1. dennder's Avatar
      dennder -
      Quote Originally Posted by fbiryujin View Post
      If you turn your Mac OFF not hibernate, not sleep, not just closing the lid, but Apple Logo > Shut Down then you will be immune to this.
      My post is about completely misleading information. As if this "security flaw" was in FileVault 2.0 and nowhere else... And as if this flaw was so dangerous, that users should eventually avoid this feature. Even the highlighted part clearly states both Truecrypt and Bitlocker alongside the FileVault.
      IDK, but in my opinion, author who posts such news should at the very least get some information about what is he posting about, otherwise it is not professional in any way possible.

      P.S. Who told you i have a Mac?
    1. fbiryujin's Avatar
      fbiryujin -
      Quote Originally Posted by dennder View Post
      My post is about completely misleading information. As if this "security flaw" was in FileVault 2.0 and nowhere else... And as if this flaw was so dangerous, that users should eventually avoid this feature. Even the highlighted part clearly states both Truecrypt and Bitlocker alongside the FileVault.
      IDK, but in my opinion, author who posts such news should at the very least get some information about what is he posting about, otherwise it is not professional in any way possible.

      P.S. Who told you i have a Mac?
      I actually did not mean to click "reply with quote" I thought I had replied to the thread in general. Sorry about that. This misleading info crops up from time to time whenever some security researcher needs a few hits on his website. Be it FileVault 2, Bitlocker, or some other tool they mention.