Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Mac OS X Lion Login Passwords Extracted With Ease

Passware, a provider of password cracking software, today said that the latest edition of its flagship password cracking forensic suite, Passware Kit Forensic v11, can extract Mac OS X Lion user login passwords from system memory in a matter of minutes.

Passware, a provider of password cracking software, today said that the latest edition of its flagship password cracking forensic suite, Passware Kit Forensic v11, can extract Mac OS X Lion user login passwords from system memory in a matter of minutes.

Mac OS Lion PasswordsThe Mac OS vulnerability relates to user login passwords that are stored in the system memory even if the computer is locked or put into a sleep mode. Passware’s software captures live Mac computer memory over FireWire and analyzes it, extracting these passwords, a process that the company says takes just a few minutes–regardless of password strength and use of a FileVault encryption. The vulnerability is present in all modern versions of Mac OS, including Mac OS X 10.6 Snow Leopard and the latest Mac OS X 10.7 Lion, released last week.

As Apple’s operating system has increased in popularity in recent years, so have security threats for users. Passware President Dmitry Sumin notes, “Long touted as a stable and secure operating system, Mac users are cautioned that the newest operating system has a potential vulnerability that enables password extraction from devices running Mac OS Lion.”

While this type of “hack” isn’t necessarily new in theory, it’s the ease of executing it with utilities available to anyone that is the key here–similar to how FireSheep enabled HTTPS session hijacking to the masses.

Want to protect yourself against this vulnerability? Passware says the security risk is easy to overcome by simply turning off the computer instead of putting it to sleep, and disabling the “Automatic Login” setting. This way, passwords will not be present in memory and cannot be recovered.

Secure Development Resource: Designing Security for Newly Networked Devices

Passware previously used the same technique to decrypt hard disks encrypted with BitLocker and TrueCrypt.

“I am a Mac user myself, but it’s important to understand the limitations of your computer’s security, even if you are not a computer forensics expert,” Sumin added. “If data stored is confidential, it is important to ensure physical security of the computer. One might also consider using additional encryption software.”

Passware Kit Forensic provides password recovery for any protected file detected on a PC or over the network while scanning, revealing hidden and protected data files on anyone’s computer.

Additional Mac OS related features of Passware Kit Forensic 11 include:

• Recovery of login passwords from Mac OS X users database

• Recovery of passwords for Mac keychain files, which gives access to user information contained in these files: saves passwords (for websites, network shares, wireless networks), private keys, certificates, etc.

Anyone can purchase Passware Kit Forensic directly from Passware or via a network of resellers worldwide for $995 with one year of free updates.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Computer maker Lenovo has started pushing security patches to address three vulnerabilities impacting the UEFI firmware of more than 110 laptop models.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Google’s Threat Analysis Group (TAG) has shared technical details on an Internet Explorer zero-day vulnerability exploited in attacks by North Korean hacking group APT37.

Application Security

Big-game malware hunters at Volexity are shining the spotlight on a sophisticated Chinese APT caught recently exploiting a Sophos firewall zero-day to plant backdoors...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that...