Forensics vendor warns Mac OS X FileVault vulnerable to decryption
Passware, a vendor of forensics tools for recovering data for law enforcement, has issued a warning that its forensics tools can bypass the security of FileVault disk encryption in Mac OS X if the computer is left powered on, recovering decryption keys from memory.
While catering to law enforcement, the company issued a warning to home users "of the vulnerabilities of Mac encryption solutions and advises users to shut down their computers especially when working with confidential data."
When a system using full disk encryption is powered on, even if the disk is later left encrypted its contents can reportedly be recovered by analyzing the data stored in memory, which Passware notes includes the keys to decrypt FileVault.
The company says its process for decrypting a FileVault disk "takes no more than 40 minutes – regardless of the length or complexity of the password."
Passware's president Dmitry Sumin stated in a release that "live memory analysis opens up great possibilities to password recovery and decryption. Every user should be aware that even full disk encryption is insecure while the data rests in computer memory."
The company earlier explained that the security risk is easy to overcome by simply turning off the computer instead of putting it to sleep, and disabling the "Automatic Login" setting. This way, passwords will not be present in memory and cannot be recovered.
Sumin wrote last summer, "I am a Mac user myself, but it's important to understand the limitations of your computer's security, even if you are not a computer forensics expert. If data stored is confidential, it is important to ensure physical security of the computer. One might also consider using additional encryption software."
Obtaining Mac passwords costs more
In addition to Mac OS X Lion's FileVault, the company says its forensics tools can decrypt Microsoft's Windows 7 BitLocker and the cross platform TrueCrypt full disk encryption solution, indicating that the problem isn't unique to Apple.
The company, based in Moscow Russia with offices in Mountain View, California, sells its Passware Kit Forensic for $995 with a year's worth of updates. It says the product can recover hashed passwords with Rainbow Tables, extract passwords from the Mac Keychain, and build a password list from words detected in computer memory to perform a Dictionary attack.
The company describes the product as being "the first and only commercial software that decrypts BitLocker and TrueCrypt hard disks, and instantly recovers or bypasses Mac and Windows login passwords of seized computers."
The company also sells a $39 tool to "quickly and easily reset Windows login passwords in a matter of minutes," as well as a $79 package that "recovers passwords for Microsoft Office files, Acrobat documents, email accounts, network connections, Zip and Rar archives and local Windows Administrator" accounts on workstations and servers running Windows 7/vista/SP/2000/NT.
Comments
One more reason for me not to use file vault.
QUOTE=astrubhar;2035896]This is a no-brainer. The OS needs to store the decryption key in memory or it wouldn't work. You should set a password that locks the keychain when you lock or sleep the Mac. What good is encryption if you're logged in and have full access to the drive anyways?[/QUOTE]
Good to know that commercial software is already available. Not to mention what non-commercial probably already exists...
One more reason for me not to use file vault.
By all means make it easier for people who steal your laptop!
Everyone in security knows there is no absolute secure. All you can do is slow someone down enough so they lose interest and go elsewhere.
Also it would be a great idea for those that are really into security to change their admin/root password to something ultra hard to guess and figure out and put that password some place safe and forget about it.
Apple will get this and patch the issue. Another thing is this has to be performed at the unit level. Assuming using an external boot drive to be able to use this software on said machine. As a systems admin I can easily and quickly change the admin root password on a Mac, say someone gets terminated and leaves and their machine is locked, it's good to know and probably a really good tool to have in a tech's software toolbox, I know I wouldn't mind could come in handy some day.
But... I'm a little lost on the ease of recovering keychain passwords! Is this just an issue given the same issue above (no login password on sleep), or is it more universal?
Shutting down does provide better security for sure, but I thought the keychain should be secure from this type of attack.
I understand the issue with full disk encryption (if you expect security and don't need a password when you restore from sleep mode...)
But... I'm a little lost on the ease of recovering keychain passwords! Is this just an issue given the same issue above (no login password on sleep), or is it more universal?
Shutting down does provide better security for sure, but I thought the keychain should be secure from this type of attack.
The point is not your encryption is 'unlocked' while you are logged into your account. It obviously is. No, the point is that one can glean the password from the content of the memory and then later decrypt the harddrive after it had been shut down. So, somebody plugs in a FW or TB device for some short time into your computer while it is running/sleeping and later when you have shut down your computer and think everything is save steal your computer. And this applies not only to the HDD encryption password but to other passwords held in memory.
(That at least is the logical conclusion from all I have read so far but then not everything I have read necessarily is correct ...).
Apple will get this and patch the issue.
There is no fix/patch for this. It is fundamental to how disk encryption works. The best they can do with the current state of affairs to somehow obfuscate the key while in memory and/or writing the keys to pseudo-random memory addresses.
Just a company trying to hawk its products.
Why is this news? Is this not an unavoidable issue for any encryption software? If you have direct access to the machine's physical memory whilst the encryption software is operating then the game is over. The movie studios invested millions in a secure encryption system for BluRay, and it's still vulnerable to the keys being recovered from memory using software tools. It's in the nature of encryption.
Just a company trying to hawk its products.
Yes, captain obvious. It was pretty clearly reported to be a vendor selling a product.
But a lot of people don't know how FDE works, so its useful to read that and the workaround, and that tools exist to recover data but are expensive.
On the other hand, what's the point of your comment? To impress us with your knowledge?
Good to know that commercial software is already available. Not to mention what non-commercial probably already exists...
One more reason for me not to use file vault.
Maybe you'd better not carry house keys around with you, someone might rob you and break into your house.
One more reason not to use locks on your doors.
Good to know that commercial software is already available. Not to mention what non-commercial probably already exists...
One more reason for me not to use file vault.
The vulnerability is not a reason to not use File Vault. The fact is that encryption software that is decrypting on the fly is going have the key in memory. I think the same thing applies to PGP whole drive encryption though it wasn't cited. Same thing with Bitlocker, same thing with Truecrypt (a fine free product!!).
The lesson is that you need to shut down the computer so there's nothing in memory if you want it to be secure. That's it. If you shut down, they can't extract the key. IF you use a weak key, you'll still be vulnerable to a dictionary attacks and so forth.
There is no fix/patch for this. It is fundamental to how disk encryption works. The best they can do with the current state of affairs to somehow obfuscate the key while in memory and/or writing the keys to pseudo-random memory addresses.
Obfuscating the key would only work so long as nobody figures out how it was obfuscated. I don't know but would expect that File Vault already does. As for pseudo-random memory addresses, I don't think that would help much either since checking all of the addressable memory space is a much easier problem to solve than a brute force attack.
This attack on the encryption key isn't a new one. All that's new is the attention to the Mac.
Good to know that commercial software is already available. Not to mention what non-commercial probably already exists...
One more reason for me not to use file vault.
Physical control of the machine has ALWAYS meant it was fully owned. This doesn't change that, it only makes the complete owning a little faster.
The company also sells a $39 tool to "quickly and easily reset Windows login passwords in a matter of minutes," ...
By the way if you need this, you can also do it for free - Google "pnordahl" who created a boot CD image that lets you change or reset a password on a Windows machine.
Why is this news? Is this not an unavoidable issue for any encryption software? If you have direct access to the machine's physical memory whilst the encryption software is operating then the game is over. The movie studios invested millions in a secure encryption system for BluRay, and it's still vulnerable to the keys being recovered from memory using software tools. It's in the nature of encryption.
Just a company trying to hawk its products.
I don't think it is. He didn't mention PGP. Further, most of the government cases involving getting courts to force users to enter their password involve PGP. More vendors also leave a back door.