Passware Proves Mac OS Lion Insecure

by Fred Showker

PasswarePassware, Inc., a provider of password recovery, decryption, and electronic evidence discovery software for computer forensics, law enforcement organizations, government agencies and private investigators, announces that Passware Kit Forensic v11 - a new version of its flagship product - recovers Mac OS user login passwords from computer memory in a matter of minutes.

As Apple's operating system has increased in popularity in recent years, so have security threats for users. Passware President Dmitry Sumin notes,

Quoting  begins Long touted as a stable and secure operating system, Mac users are cautioned that the newest operating system has a potential vulnerability that enables password extraction from devices running Mac OS Lion. Quoting  ends

The Mac OS vulnerability relates to user login passwords that are stored in the system memory even if the computer is locked or put into a sleep mode. Passware Kit Forensic v11 captures live Mac computer memory over FireWire and analyzes it, extracting these passwords. The process takes a few minutes, regardless of the password strength and use of a FileVault encryption. The vulnerability is present in all modern versions of Mac OS, including Mac OS X 10.6 Snow Leopard and the latest Mac OS X 10.7 Lion.

Passware previously implemented the same technique to decrypt hard disks encrypted with BitLocker and TrueCrypt.

The security risk is easy to overcome by simply turning off the computer instead of putting it to sleep, and disabling the "Automatic Login" setting. This way, passwords will not be present in memory and cannot be recovered.

Sumin continues,

Quoting  begins I am a Mac user myself, but it's important to understand the limitations of your computer's security, even if you are not a computer forensics expert. If data stored is confidential, it is important to ensure physical security of the computer. One might also consider using additional encryption software. Quoting  ends

Passware Kit Forensic

Passware Kit Forensic provides immediate password recovery for any protected file detected on a PC or over the network while scanning, revealing hidden and protected data files on a suspect's computer. Passware Kit Forensic, complete with FireWire memory imaging module, is the first and only commercial software that decrypts BitLocker and TrueCrypt hard disks, and instantly recovers or bypasses Mac and Windows login passwords of seized computers.

Additional features of Passware Kit Forensic 11 include:

  • Recovery of login passwords from Mac OS X users database
  • Recovery of passwords for Mac keychain files, which gives access to user information contained in these files: saves passwords (for websites, network shares, wireless networks), private keys, certificates, etc.

GO Passware Kit Forensic
GO Passware previously implemented the same technique to decrypt hard disks encrypted with BitLocker and TrueCrypt

Founded in 1998, Passware Inc. is the worldwide leading maker of password recovery, decryption, and electronic evidence discovery software. Law enforcement and government agencies, institutions, corporations and private investigators, help desk personnel, and thousands of private consumers rely on Passware software products to ensure data availability in the event of lost passwords. Passware customers include many Fortune 100 companies and various US federal and state agencies, such as IRS, US Army, US Department of Defense (DOD), US Department of Justice, US Department of Homeland Security, US Department of Transportation, US Postal Service, US Secret Service, US Senate, and US Supreme Court. Passware is a privately held corporation with headquarters in Mountain View, Calif. and a software development and engineering office in Moscow, Russia.

And, thanks for reading

Fred Showker

Don't forget ... we encourage you to share your discoveries with other readers. Just send and email, contribute your own article, join the Design Cafe forums, or follow DTG on Facebook!

30th Anniversary for DTG Magazine