• update

    The text box issue is fixed. You can now post just a title in replies again. Thank you Manny! Working on the rest. Thank you for your patience.

Computers and Technology

Home Computers and Technology

macOS FileVault2 Password Retrieval

  • LiberalArkie (3905 posts)
    Profile photo of LiberalArkie Donor

    macOS FileVault2 Password Retrieval

    Thursday, December 15, 2016

    macOS FileVault2 let attackers with physical access retrieve the password in clear text by plugging in a $300 Thunderbolt device into a locked or sleeping mac. The password may be used to unlock the mac to access everything on it. To secure your mac just update it with the December 2016 patches.

    Anyone including, but not limited to, your colleagues, the police, the evil maid and the thief will have full access to your data as long as they can gain physical access – unless the mac is completely shut down. If the mac is sleeping it is still vulnerable.

    Just stroll up to a locked mac, plug in the Thunderbolt device, force a reboot (ctrl+cmd+power) and wait for the password to be displayed in less than 30 seconds! Check out the demo video below:

    Snip

    End of July: Issue found.
    August 5th: PCILeech presented and released at DEF CON 24.
    August 15th: Apple notified.
    August 16th: Apple confirmed issue and asked to hold off disclosure.
    December 13th: Apple released macOS 10.12.2 which contains the security update. At least for some hardware – like my MacBook Air.

    Conclusion
    The solution Apple decided upon and rolled out is a complete one. At least to the extent that I have been able to confirm. It is no longer possible to access memory prior to macOS boot. The mac is now one of the most secure platforms with regards to this specific attack vector.

    http://blog.frizk.net/2016/12/filevault-password-retrieval.html

    Sherman A1, NV Wino like this

You must be logged in to reply to this topic.

  • Mnpaul (1121 posts)
    Profile photo of Mnpaul Donor

    1. I saw something similar for the PC

    a USB device that tricks the computer into thinking it is a local LAN port, allowing full access.

    If you don't stand for something, you will fall for anything - Hamilton
Share