OS X Lion is being hailed by many as the most secure operating system yet, not just from Apple, but in total. In particular, its FileVault encryption rewrite is being widely hailed as one of the most secure, low-overhead ways yet to keep your data safe.
But behind all the talk, there’s a huge security hole in OS X Lion that has been present at least since Snow Leopard. Any Mac with a Firewire port is vulnerable to it, and it’s so easy to exploit that any hacker with physical access to your computer can get your password within minutes.
According to Passware, Inc, a provider of password recovery and decryption tools, it is possible to extract any Mac’s administrator password using the Firewire port, even if that Mac is in sleep mode.
All it takes is the right hardware: the Passware Kit Forensic v11, which plugs into a Mac’s FireWire port and slurps down the Mac’s computer memory, then analyzes it and extracts system passwords. According to Passware, this works regardless of password strength, encryption or the use of FileVault.
The good news is that it’s an easy thing to secure your Mac, once you know about the vulnerability Just turn off the “Automatic Login” setting and shut down your computer totally instead of putting it into sleep.
Even so, this is a long-standing issue that Apple should have been aware of. A Mac’s administrator password has been recoverable from RAM since at least 2008.
What makes this extra damning is that according to Passware, this is a security vulnerability unique to OS X. Asked if all computer operating systems were vulnerable to pulling an admin password from user memory, Passware president Dmitry Sumin told us that in Windows 7, at least, this hole had been closed.
Passware has alerted Apple of the vulnerability and are waiting for a response. Let’s hope that this is a security hole that Apple can patch sooner rather than later. It’s a distressing thing when the newest OS X is less secure than Windows, even in part.