FileVault 2.0 Security Flaw Discovered by PassWare
One of the many welcomed features in OS X Lion was the replacement of Apple’s first generation FileVault file encryption technology, which ended up bringing new ways of encryption. It lets you encrypt your entire drive with a master password to protect files, key-chain passwords, and more. Furthermore, FileVault 2 lets you separate a partition to store the FileVault login information as well.
A new report from Passware (a password recovery company), claims that the company can decrypt Apple’s FileVault 2 in under 40 minutes. This leaves a lot of users concerned because FileVault contains much of the user’s private information. To accomplish this, PassWare decrypts FileVault by going in through the system’s firewire connection and using live-memory analysis to extract the encryption key from the FileVault partition. From there, they claimed they can uncover keychain files and login passwords, which can be used to unlock the whole HDD/SSD.
The password recovery company makes PassWare Kit Forensic 11.3 available to do this but the software is set at a price point of $995 and aimed primarily for law enforcement. Hopefully Apple will release a solution to the issue in the future now that the bug has been outed.