Thursday, February 2, 2012

Apple's FileVault 2 Cracked

While we wait for me to write something further about the SSL certificate fiasco of 2011, here's an urgent subject brought to my attention by Sophos:

Note: This crack requires physical access to your Mac. The computer must also have an accessible FireWire port. The computer must also be running at the time the cracker accesses it.

The problem: Apple stores the FileVault 2 password in RAM on your computer. Oops. Major DUH factor Apple.

The workaround: You have to shut down your Mac computer when you're leaving it accessible to others. This wipes the accessible password data from RAM. Simply putting it to sleep doesn't help. Yes, this is a PITA.

The solution: One of the other full disk encryption software systems. Sophos mention their own SafeGuard software of course. Here are some other possibilities to investigate:

• TrueCrypt, open source freeware.

OR, if you're desperate and determined, DESTROY the FireWire ports on your Mac. If FireWire doesn't work, the crack doesn't work.

If you know of other options, please post them in the Comments.

I of course never recommend anything sold by Symantec, thanks to their consistently bad attitude toward Apple, their anti-Apple security FUD attacks and their consistently worst-in-class software. Therefore, I personally recommend that you AVOID using PGP.

1 comment:

  1. From the above link: "California-based forensics software vendor Passware has released the latest version of its toolkit, which the company claims can bypass Apple's FileVault 2 disk encryption "in minutes," as well as volumes encrypted with TrueCrypt."

    So, maybe not with suggesting TrueCrypt as an alternative.