FileVault 2 insecure during sleep state on 2011 Air

Question

Level 1

0 points

FileVault 2 insecure during sleep state on 2011 Air

This security vulnerability in FileVault 2 on Lion that arose back in July 2011

http://www.frameloss.org/2011/09/18/firewire-attacks-against-mac-os-lion-filevau lt-2-encryption/

http://img.frameloss.org/wp-content/uploads/2011/09/Lion-Memory-Acquisition.pdf

was something that was easy to fix on the older Macbook Air simply by changing a couple of settings. Specifically this setting:

sudo pmset -a destroyfvkeyonstandby 1 hibernatemode 25

but on the new 2011 Macbook Air that setting causes a freeze up upon closing the clam shell. In fact any hibernation on the 2011 Macbook Air seems to lead to an unstable state that often fails in this same freeze up. The general 2011 macbook air hibernation freezeup phenomena is documented yet unresolved in different thread:

https://discussions.apple.com/thread/3263450?answerId=16786155022#16786155022

Since you can't hibernate on the 2011 Macbook Air you can't achieve a secure FileVault 2 hibernate/sleep state where the key is stored only on disk and not in RAM. This means on the 2011 macbook air if an attacker gains access to your Air in sleep state he can retreive your crypto key and unlock your whole drive using tools that have been published since July and are linked above. You're only secure if the machine was powered all the way off.

As far as I can tell this is a major unaddressed security vulnerability which almost defeats the purpose of using FileVault 2 in the first place. I hope this problem is not being ignored because of pressure from law enforcement or something silly like that. It's one thing to make your system insecure by default.. but to make it incapable of being secured while at the same time branding it as a security product is just plain false advertising.

here is how to fix it:

If FV2 encryption is turned on then the Air should no longer support sleep it should hibernate instead, remove the FileVault key from RAM, power off the RAM. In other words this command which you already have built into the OS should be made to function the same way it does on the older air and should be default for all FV2 users:

pmset -a destroyfvkeyonstandby 1 hibernatemode 25

Sure it'll slow down wakeup but the SSD helps make that less noticeable and that's what it takes in order to do full disk crypto. You'll still have the fastest secure full-disk crypto laptop if you fix this. As I said earlier this command can be issued on the older Macbook Air and it will lead to a secure system. It needs to be fixed for the new macbook air before filevault can be secure during sleep or hibernation.

I'd love to hear tha tthis is being addressed.

MacBook Air, Mac OS X (10.7.2)

Posted on Nov 20, 2011 2:53 AM

Reply

Answer 1

Jan 12, 2012 2:30 PM in response to triumph1337

Why do you think that this method is safer compared to

pmset -a hibernatemode 0

?

This way, all the content is stored in Ram, nothing gets written to the disk, so the key never leaves the Ram.

Newer research indicates, that you can no longer (since 10.7.2) read the content of the Ram via Firewire unless a user is logged in and the screen is unlocked:

http://ilostmynotes.blogspot.com/2012/01/firewire-and-dma-attacks-on-os-x.html

The advantage of this method would be, that the wake up is faster and a shorter password for login can be used for quick unlock. (A password of a user who is not allowed to decrypt the disk because his password is too weak to withstand automated brute force attacks, but is strong enough against a human in front of the keyboard)

Reply

Answer 2

Dec 12, 2012 11:59 AM in response to triumph1337

Actually, its much more easier to do

sudo pmset -a destroyfvkeyonstandby 1

Why? Because this will only tell OSX to destroy the FileVault key when it goes into standby mode, irrespective of the hibernation mode. Even if the RAM is still powered, the key will be destroyed.

Reply