We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Passwords in Mac OS X can be pilfered with new tool

The tool capitalizes on a long-known issue in how FireWire can be used to read a computer's memory

A company that makes password recovery tools has released one that can snatch passwords from a locked or sleeping Macintosh running Mac OS X Lion by plugging another computer into the Mac's FireWire port. The attack technique is several years old and the only way to defend against it is to turn the Mac off.

Passware, which has engineering facilities in Moscow and headquarters in Mountain View, California, said its Passware Kit Forensic v11 analyzes a Mac's live memory via FireWire. FireWire is a fast serial interface developed in the 1980s by Apple. It is also known by Sony as i.LINK and was standardized as IEEE 1394.

If a computer is turned on and has been logged into at least once, Passware's software can extract passwords in a few minutes, even if the computer is locked or sleeping. It can even extract passwords in the Mac's keychain password store -- regardless of password strength and even if FileVault encryption is used, the company said in a news release.

The issue affects all "modern" Mac OS versions, including Snow Leopard and the latest one, Lion.

Apple officials contacted in London did not have an immediate comment.

Passware said there's an easy defense: turn off the computer, which erases the passwords from the computer's memory. Passware also suggested disabling the feature that automatically logs in a user when the computer is turned on, a basic security step.

The FireWire password issue has been for some time. In 2008, Uwe Hermann -- a Debian developer -- compiled a list of research papers from over the years summarizing issues with FireWire. Hermann wrote that if you can gain access to a computer with a FireWire port, it is possible to read or write data in the computer's RAM.

Other defenses against the attack include simply not having a computer with a FireWire port or plugging an existing one up. If a computer has a PCMCIA or PCI card slot, however, it could still be vulnerable if a FireWire-enabled card is inserted, Hermann wrote. Another precautionary measure is to try and ensure no one gets access to your computer.

Passware's Kit Forensic costs $995 with one year of free updates.

Send news tips and comments to [email protected]


IDG UK Sites

Best Black Friday 2014 tech deals UK: Latest bargains on phones, tablets, laptops and more this...

IDG UK Sites

Tech trends 2015: 3D printing grows up

IDG UK Sites

10 mind-blowing Oculus Rift experiments that reveal VR's practical potential

IDG UK Sites

Black Friday 2014 UK: Apple deals, Amazon deals & other Black Friday tech offers