Forensics can now easily gain a FileVault encryption key, takes 40 minutes regardless of password length

Question

LostAccount Author

Level 2

192 points

Forensics can now easily gain a FileVault encryption key, takes 40 minutes regardless of password length

I found this PDF online. This is very scary. Passware appears to claim to be able to do this.

Here are some relevant links (Feb 2012)

http://www.lostpassword.com/pdf/pr-120201.pdf

http://reviews.cnet.com/8301-13727_7-57369983-263/filevault-2-easily-decrypted-w arns-passware/

This basically means the computer forensics can now easily gain a FileVault encryption key from the target computer's memory.

This too is very alarming:

Passware has been actively tackling various encryption technologies such as BitLocker, TrueCrypt, and FileVault, and says its latest Passware Kit Forensic 11.3 software can extract encryption keys for all of these technologies. In addition to extracting FileVault keys, Passware can also extract passwords from encrypted keychain files and recover log-in passwords for user accounts.

Anyone care to comment?

iMac, Mac OS X (10.7.4), iMac 2006 10.6.8, Mac mini 10.7.4

Posted on Jul 14, 2012 10:36 AM

Reply

Answer 1

ds store

Level 7

30,855 points

Jul 14, 2012 10:52 AM in response to LostAccount

I always recommend if you have data you wish no one to see, is to keep it off the machine, any machine.

Cellebrite's new generation mobile forensic solution, UFED Touch Ultimate, enables the most technologically advanced extraction, decoding, analysis and reporting of mobile data. It performs physical, logical, file system and password extraction of all data (even if deleted) from the widest range of devices including legacy and feature phones, smartphones, portable GPS devices, tablets and phones manufactured with Chinese chipsets.

http://www.cellebrite.com/mobile-forensics-products/forensics-products/ufed-touc h-ultimate.html

I'll add your links to my paranoid section here:

https://discussions.apple.com/docs/DOC-3191

http://www.whatsmyip.org/more-info-about-you/

https://www.youtube.com/watch?v=esA9RFO1Pcw

http://blogs.computerworld.com/18190/apple_android_location_tracking

https://www.nytimes.com/2011/03/26/business/media/26privacy.html?_r=2

http://www.thenewspaper.com/news/34/3458.asp

http://www.wired.com/threatlevel/2011/10/datong-surveillance/

http://www.wired.com/dangerroom/2009/10/exclusive-us-spies-buy-stake-in-twitter- blog-monitoring-firm/

http://www.engadget.com/2011/12/01/carrier-iq-what-it-is-what-it-isnt-and-what-y ou-need-to/

http://tech.slashdot.org/story/12/06/29/1425210/cisco-pushing-cloud-connect-rout er-firmware-allows-web-history-tracking

https://www.zdnet.com/blog/btl/google-offers-street-view-opt-out-for-wi-fi-mappi ng-unethical-snooping-yet-we-must-opt-out/63456

Reply

Answer 2

LostAccount Author

Level 2

192 points

Jul 14, 2012 11:46 PM in response to ds store

Thanks for your user tips. although you have quite a few points, you deserve a few more for the links and thank you for your terrific user tips.

At the end of the day, I suppose that although our macs are quite secure they are not as secure as I once thought — particularly file vault 1 and 2.

Thanks again.

Reply

Answer 3

Barney-15E

Level 10

123,332 points

Jul 15, 2012 12:22 PM in response to LostAccount

Shutdown your computer before leaving it. The passwords are gleaned from active memory.

Having designed the latest features of Passware Kit Forensic for computer forensics, Passware alerts home users of the vulnerabilities of Mac encryption solutions and advises users to shut down their computers especially when working with confidential data.

Reply