Security Experts:

Mac OS X Lion Login Passwords Extracted With Ease

Passware, a provider of password cracking software, today said that the latest edition of its flagship password cracking forensic suite, Passware Kit Forensic v11, can extract Mac OS X Lion user login passwords from system memory in a matter of minutes.

Mac OS Lion PasswordsThe Mac OS vulnerability relates to user login passwords that are stored in the system memory even if the computer is locked or put into a sleep mode. Passware's software captures live Mac computer memory over FireWire and analyzes it, extracting these passwords, a process that the company says takes just a few minutes--regardless of password strength and use of a FileVault encryption. The vulnerability is present in all modern versions of Mac OS, including Mac OS X 10.6 Snow Leopard and the latest Mac OS X 10.7 Lion, released last week.

As Apple's operating system has increased in popularity in recent years, so have security threats for users. Passware President Dmitry Sumin notes, "Long touted as a stable and secure operating system, Mac users are cautioned that the newest operating system has a potential vulnerability that enables password extraction from devices running Mac OS Lion."

While this type of "hack" isn't necessarily new in theory, it's the ease of executing it with utilities available to anyone that is the key here--similar to how FireSheep enabled HTTPS session hijacking to the masses.

Want to protect yourself against this vulnerability? Passware says the security risk is easy to overcome by simply turning off the computer instead of putting it to sleep, and disabling the "Automatic Login" setting. This way, passwords will not be present in memory and cannot be recovered.

Secure Development Resource: Designing Security for Newly Networked Devices

Passware previously used the same technique to decrypt hard disks encrypted with BitLocker and TrueCrypt.

"I am a Mac user myself, but it's important to understand the limitations of your computer's security, even if you are not a computer forensics expert," Sumin added. "If data stored is confidential, it is important to ensure physical security of the computer. One might also consider using additional encryption software."

Passware Kit Forensic provides password recovery for any protected file detected on a PC or over the network while scanning, revealing hidden and protected data files on anyone's computer.

Additional Mac OS related features of Passware Kit Forensic 11 include:

• Recovery of login passwords from Mac OS X users database

• Recovery of passwords for Mac keychain files, which gives access to user information contained in these files: saves passwords (for websites, network shares, wireless networks), private keys, certificates, etc.

Anyone can purchase Passware Kit Forensic directly from Passware or via a network of resellers worldwide for $995 with one year of free updates.

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.