Ready to start feeling a bit nervous about your computer's security? No? Too bad, because there is now a handy-dandy $995 tool which can steal your Mac's passwords in minutes — even if the computer is locked, sleeping, or encrypted.
The tool — an app which can run from a USB stick — is called Passware and is intended to be used as a legitimate forensic solution, but can be purchased by anyone with a thousand bucks to spare.
The reason Passware can steal passwords from a locked, sleeping, or encrypted Mac is thanks to a security flaw which — based on an Ars Technica story — has existed for at least three years:
The problem is that certain OS components store a user's password in memory, so anyone with unfettered access to the computer's RAM can simply scan its contents to obtain the password. From a software perspective, this isn't an issue, because the OS makes sure that one process can't access another process' memory.
But wait! That says that passwords can't be accessed via software! So how is an app stealing them? By tricking a computer into dumping the contents of its RAM onto another device via FireWire. Previously this process required a great deal of technical skill and time, but thanks to the Passware kit, things got a lot easier.
Basically, Passware can cajole your computer into revealing all its secrets — including login passwords and the contents of its Keychain App — in mere minutes. All someone needs to do is plug in the USB stick with the app, tap through a few menus, plug in a FireWire cable, and catch the magic happen. It doesn't even matter if you've encrypted your data using Apple's FileVault app or another tool such as TrueCrypt. The vulnerability still exists.
So what can you do to protect yourself? Plenty, actually. According to the makers of the sneaky forensic tool, you just have to modify a habit and tweak a setting:
The security risk is easy to overcome by simply turning off the computer instead of putting it to sleep, and disabling the "Automatic Login" setting. This way, passwords will not be present in memory and cannot be recovered.
Related stories:
Rosa Golijan writes about tech here and there. She's obsessed with Twitter and loves to be liked on Facebook. Oh, and she can be found on Google+, too.
No comments:
Post a Comment