Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Mac OS X Lion Login Passwords Extracted With Ease

Passware, a provider of password cracking software, today said that the latest edition of its flagship password cracking forensic suite, Passware Kit Forensic v11, can extract Mac OS X Lion user login passwords from system memory in a matter of minutes.

Passware, a provider of password cracking software, today said that the latest edition of its flagship password cracking forensic suite, Passware Kit Forensic v11, can extract Mac OS X Lion user login passwords from system memory in a matter of minutes.

Mac OS Lion PasswordsThe Mac OS vulnerability relates to user login passwords that are stored in the system memory even if the computer is locked or put into a sleep mode. Passware’s software captures live Mac computer memory over FireWire and analyzes it, extracting these passwords, a process that the company says takes just a few minutes–regardless of password strength and use of a FileVault encryption. The vulnerability is present in all modern versions of Mac OS, including Mac OS X 10.6 Snow Leopard and the latest Mac OS X 10.7 Lion, released last week.

As Apple’s operating system has increased in popularity in recent years, so have security threats for users. Passware President Dmitry Sumin notes, “Long touted as a stable and secure operating system, Mac users are cautioned that the newest operating system has a potential vulnerability that enables password extraction from devices running Mac OS Lion.”

While this type of “hack” isn’t necessarily new in theory, it’s the ease of executing it with utilities available to anyone that is the key here–similar to how FireSheep enabled HTTPS session hijacking to the masses.

Want to protect yourself against this vulnerability? Passware says the security risk is easy to overcome by simply turning off the computer instead of putting it to sleep, and disabling the “Automatic Login” setting. This way, passwords will not be present in memory and cannot be recovered.

Secure Development Resource: Designing Security for Newly Networked Devices

Passware previously used the same technique to decrypt hard disks encrypted with BitLocker and TrueCrypt.

“I am a Mac user myself, but it’s important to understand the limitations of your computer’s security, even if you are not a computer forensics expert,” Sumin added. “If data stored is confidential, it is important to ensure physical security of the computer. One might also consider using additional encryption software.”

Passware Kit Forensic provides password recovery for any protected file detected on a PC or over the network while scanning, revealing hidden and protected data files on anyone’s computer.

Advertisement. Scroll to continue reading.

Additional Mac OS related features of Passware Kit Forensic 11 include:

• Recovery of login passwords from Mac OS X users database

• Recovery of passwords for Mac keychain files, which gives access to user information contained in these files: saves passwords (for websites, network shares, wireless networks), private keys, certificates, etc.

Anyone can purchase Passware Kit Forensic directly from Passware or via a network of resellers worldwide for $995 with one year of free updates.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights