A $300 Device Can Steal Mac FileVault2 Passwords

An anonymous reader writes: Swedish hardware hacker Ulf Frisk has created a device that can extract Mac FileVault2 (Apple's disk encryption utility) passwords from a device's memory before macOS boots and anti-DMA protections kick in. The extracted passwords are in cleartext, and they also double as the macOS logon passwords. The attack requires physical access, but it takes less than 30 seconds to carry out. A special device is needed, which runs custom software (available on GitHub), and uses hardware parts that cost around $300. Apple fixed the attack in macOS 10.12.2. The device is similar to what Samy Kamker created with Poison Tap.

Re:Even worse

[brantondaveperson]

No, this type of attack is very serious. Someone that leaves their laptop unattended for a short period of time can find their password stolen, without them realising anything other than that their laptop was mysteriously rebooted while they were on the loo.

Re:Even worse

[TechyImmigrant]

The bigger issue is that anyone who leaves their laptop unattended for a short period of time can have their laptop stolen, and the thief can actually gain access to it.

Substitute 'thief' with 'police' and you can see why it might be a problem for some people.

Re:

[rmdingler]

Substitute 'thief' with 'police' and you can see why it might be a problem for some people.

"Suppose you were an idiot, and suppose you were a member of Congress; but I repeat myself." - Mark Twain

Re:

[BitterOak]

The bigger issue is that anyone who leaves their laptop unattended for a short period of time can have their laptop stolen, and the thief can actually gain access to it.

Not necessarily a bigger issue. Sometimes having your data exposed can be far more serious than having your hardware stolen.

Re:

[ColdWetDog]

Hardware gone - even the most unsophisticated Luser will suspect something's wrong here.

Silent hack - keep on trucking, I'm cool, my laptop is encrypted.

1 + 1 = 2

Re:

[Ol Olsoc]

Isn't that like saying 2 is greater than 2+1 ?

For extremely large values of 2 it is.

Re:

[apoc.famine]

Isn't that like saying 2 is greater than 2+1 ?

For extremely large values of 2 it is.

That's not mathematically possible. This only works for values of 1 that are less than zero.

Re:

[Ol Olsoc]

Isn't that like saying 2 is greater than 2+1 ?

For extremely large values of 2 it is.

That's not mathematically possible. This only works for values of 1 that are less than zero.

I started to read and thought "No one could take what I said seriously!" Then I continued, and thought "Well played sir, well played".

Re:Even worse

[Flytrap]

The bigger issue is that anyone who leaves their laptop unattended for a short period of time can have their laptop stolen, and the thief can actually gain access to it.

This is not true... as the article clearly states:

Swedish hardware hacker Ulf Frisk has created a device that can extract Mac FileVault2 (Apple's disk encryption utility) passwords from a device's memory before macOS boots and anti-DMA protections kick in.

Therefore simply leaving your laptop unattended is not going to automagically disable the built-in anti-DMA protections that kick in during the boot up process and enable a passerby with PCILeech to steal your password and access your encrypted disk.

To gain access to your MacBook, the attacker needs to have the PCILeech plugged into a Thunderbolt 2 port when the computer is first switched on to perform a cold boot and you need to be running an unpatched pre-16C63a build of macOS and you need to login with your password at that very moment while it is plugged in. The prototype PCILeech is much bulkier than a spy camera and has to be plugged into the computer (and its own power source) while you are logging in in order to extract the password from memory... so it is highly unlikely that you are not going to notice this big external hard disk-like looking device plugged into your computer when you return from a bathroom break.

However, immunity from the PCILeech hack is free and easy... just upgrade to macOS 10.12.2

From the Article:

"The solution Apple decided upon and rolled out is a complete one. At least to the extent that I have been able to confirm," Frisk said. "It is no longer possible to access memory prior to macOS boot. The Mac is now one of the most secure platforms with regards to this specific attack vector."

Re:

[Anonymous Coward]

To gain access to your MacBook, ... you need to login with your password at that very moment while it is plugged in.

First, the term "while" implies a continuous passage of time. You can't have something done "at that very moment" "while" something is taking place. That doesn't make any sense.

Second, that statement is totally false anyway (just watch the #@$!@ video) and since it's basically the basis of your entire post, I'd suggest deleting it and pretending it didn't get posted at all if that were actually an option. But it's not. So here we are attempting yet again to undo the damage of bad info getting posted on

Re:

[BronsCon]

The term "while" as several meanings. One of them (noun) indicates the passage of time, e.g. "it's been a while" or "this is going to take a while", another (conjunction) is synonymous with "whereas", while yet another (conjunction) is "at the same time as". There are three more definitions for that word, one noun, one adverb, and one verb; I'll leave it to you to locate a dictionary and learn them.

Re:

[BronsCon]

You need to work on your reading comprehension, because "at that very moment, ,b>at the same time as it is plugged in", while redundant, makes perfect sense.

Re:

[BronsCon]

HTML fail... "at that very moment, at the same time as it is plugged in"

Re:

[BronsCon]

moment noun: a very brief period of time.

Just how long does it take you to type in your password?

These aren't my definitions, nor are they loose; these are established dictionary definitions, my friend.

I see why you post anonymously.

Regardless, the MAIN issue is that the entire rest of the OPs post was wrong too because it was based on that false statement

I never claimed otherwise, I'm merely attempting to correct your understanding of the English language.

Re:

[BronsCon]

So which moment is he referring to?

You started by attacking his (correct) usage of the word "while". Now, you're attacking his usage of the word "moment". Which is it? Yes, he used one of them incorrectly; I stepped in because you attacked the correct usage, rather than the incorrect one. I also pointed out (separate from the context of the sentence in which "moment" was used incorrectly) that, while redundant, a sentence using both "moment" and "while" can make sense. Note that i did not claim that it made sense in this specific instance, j

Okay,

[garote]

Better hurry this along you guys, I'm almost out of popcorn...

Re:

[BronsCon]

I don't think there's anything left to hurry along; I've already run out of popcorn.

Re:

[twdorris]

Why is this post marked informative? It's wrong; and it's wrong in a critical way as far as I can tell. The video shows the password extract being done immediately on reboot, NOT after the user types in his password. The password was entered later just to demonstrate that the correct password was extracted.

So pretty much, yeah, the OP was actually correct his in concern. Walk away from the laptop, someone swoops in, reboots, grabs your password and the deed is done.

Re:

[BronsCon]

The real concern here is that the password is stored in plaintext, or in such a way that it can be reversed to plaintext, in the first place. Sure, they've patched this particular means of accessing that plaintext, but you can still super-cool the RAM (on machines where the RAM is still removable) and transfer it to another machine for analysis, read the plaintext (or reversibly encrypted value) from wherever it is ultimately stored, and, I'm sure, a number of other exploits, some of which may be as covert

Re:

[Ol Olsoc]

So armies of perps will be rolling around waiting for unattended laptops? so they can install this device and reboot? The likelyhood of anyone outside of an active Law enforcement investigation is pretty slim. In fact, I always liken these attacks that require actual physical access to the computer as mostly clickbait.

Re:

[brantondaveperson]

The likelyhood of anyone outside of an active Law enforcement investigation is pretty slim

Perhaps, perhaps not. What about those card-skimmer devices that people attach to ATMs? They require physical access, and are exploiting a security flaw in a sense, and - for a while at least - were quite widespread. It's also a big deal if a laptop is used to store actually sensitive data, and you thought you were safe because of disk encryption, or whatever, but it turned out that all the bad guys need to do is wait for you to leave your laptop unattended for five minutes.

Re:

[Stewie241]

In some respects yes, in others, not so much. Think about a corporate setting where within the context of an office people might leave their machines accessible on a regular basis. They go off to lunch, leave their laptop at their desk. Anybody can now go and grab their laptop, do a hard reboot and extract the passwords. Conveniently, a lot of people probably have filevault passwords that are the same as their network passwords. Now you have another user's network passwords and can do a whole bunch of

Re:

[Ol Olsoc]

How on earth is it okay, in 2016, to store plaintext passwords for a file encryption tool?

Now that's a different question, and you are correct - it isn't okay. And it isn't actually okay to have it accessible before the thing finishes booting. My entire argument isn't that it is not a bad thing, just that it isn't a likely thing. And in any even, the issue has been repaired with an update, so only un-updated machines will be at risk. I kinda doubt many of those were encrypted anyhow. Fortunately, I've never had a reason to not update a Mac.

Wont' actually work will it?

[goombah99]

So when my computer boots I type in my passowrd then someone sneaks up and inserts this device while I'm standing there?

Re:

[gravewax]

or when you put it to sleep instead of shutdown and left it unattended for 30 seconds getting a coffee or taking a bathroom break. all they need is about 30 seconds of you being away from your machine and it not being completely shutdown.

Re:

[Bongo]

Exposing my own naïveté, I have to say I'm always flabbergasted when the real hacks are easier and quicker than the stuff they claim to do in TV shows.

Re:Even worse

[AHuxley]

Think of having an Apple device taken by the security services at an airport. The laptop is turned on behind a secure counter with an extra hidden device plugged in.
The top of the laptop can be seen, the rest is partial hidden. The user hears a boot sequence twice but is not asked to log in.
A power on test with boot screen is all that is asked for.
Your devices password, MAC and other details are now known to the security services on entry to a nation.
The hotel is listed. Could the password be the same at work or home, back in the users own nation?
The cost of getting into an Apple device is now very low and can be done while powering up a laptop and keeping a user distracted for a short time by a second person.
On return the user is sure they never had the laptop out of their sight and it was never accessed by office staff, hotel staff or any strangers. They keep on using the same laptop, OS and password.

Re:Even worse

[Ol Olsoc]

Think of having an Apple device taken by the security services at an airport. The laptop is turned on behind a secure counter with an extra hidden device plugged in.

Think of doing the system update.

Re:

[guruevi]

The 'hack' requires the device to be plugged in while the user types in the password. It's an advanced type of key logger but requires a huge chunk of hardware to be attached.

Re:

[gravewax]

The 'hack' requires the device to be plugged in while the user types in the password. It's an advanced type of key logger but requires a huge chunk of hardware to be attached.

NO it doesn't and isn't a key logger. The attack requires you to have simply left your machine either turned on or asleep, someone walks up to it and plugs this into the thunderbolt port and then reboots. They now have the credentials and can remove the device and walk away leaving you none the wiser except that your machine rebooted (not exactly an uncommon occurance).

Re:

[guruevi]

The only way to reboot a locked macOS is to physically turn it off, this pretty much un-powers the memory and removes any trace of a password in there.

From what I understand, it can read the credentials in between the EFI unlocking the disk and the OS loading the VT-d protection, so either you have turned your machine to sleep in between those moments or you have a method of reloading the OS (soft reboot) without the memory in RAM decaying.

Re:

[damacus]

You missed the part in the video and article where he uses a key combo, cmd-ctrl-power to make the machine reboot without having to be authenticated.

Re:

[gravewax]

oh really? perhaps you should actually watch the video or read the article.

Re:

[BronsCon]

A plaintext password still exists in case the reader fails (and there are many reasons that it would).

Re:

[Ol Olsoc]

A plaintext password still exists in case the reader fails (and there are many reasons that it would).

Yup, I use fingerprint ID, and it pops up the password screen upon reboot.

Now wating for someone to start on about how someone can cut off my fingers and access my phone with it.

Re:

[BronsCon]

Haha, well, I don't think you'll be disappointed... sadly.

$300...Really???

[tomservo84]

So I can go and buy a device for which the way in has already been fixed? Sounds pretty awesome to me. I know not everyone will be updated immediately, but it seems like Mac folks usually do keep up with them.

Re:

[Anonymous Coward]

It's even more awesome! I would have to download Flash to watch the demo video!
The horror... the horror... the horror...

Re:

[93 Escort Wagon]

Yeah, I was gonna mention this requires additional hardware.

Not only do you need to buy this $300 Thunderbolt box... you also need an unpatched Mac. And have you priced those things?

Re:$300...Really???

[guruevi]

The $300 device can also do the following:

Retrieve memory from the target system at >150MB/s.
Write data to the target system memory.
4GB memory can be accessed in native DMA mode.
ALL memory can be accessed if kernel module (KMD) is loaded.
Execute kernel code on the target system.
Spawn system shell [Windows].
Spawn any executable [Windows].
Load unsigned drivers [Windows].
Pull files [Linux, FreeBSD, Windows, macOS].
Push files [Linux, Windows, macOS].
Patch / Unlock (remove password requirement) [Windows, macOS].

All of the above does not work in latest macOS and Linux, works in pretty much any older Linux or Windows version, protection feature set for Windows only available in Windows Enterprise.

Re:

[Anonymous Coward]

Ask how long he's been selling those boxes quietly for 3k or more. Now that the vulnerability is patched go ahead and give it away publicly while selling a new and improved box.

Cleartext

[dohzer]

I find that when I extract passwords, I prefer to have them in cleartext than not in cleartext.

Re:

[radicimo]

I find that when I extract passwords, I prefer to have them in cleartext than not in cleartext.

Not exactly cleartext (but close):

The password, when entered, is stored in memory as unicode. Every 2nd byte will be zero if a password consisting only of ascii characters is used. Enter a "random" phrase, not naturally occurring in memory, at the password prompt. In this example the phrase eerrbbnn is used. In memory this is stored as 6500650072007200620062006e006e

Setting aside the device, just finding the exploit, cleartext or not, is an accomplishment. I'm not entirely sure all the steps one would take, but guessing it would involve starting with the supposition that a vulnerability like this might exist. Then writing a software tool to dump DMA memory very early in the boot process from EFI, prior to the OS, or perhaps concocting a remote EFI debugger. Does such a thing exist? If you have a memory dump, should be possible to perfo

Re:

[radicimo]

The Def Con talk is quite informative regarding tools and methods ... OS X starts around 30:00 mark.

https://www.youtube.com/watch?... [youtube.com]

He accesses memory of a running system kernel using a variation of the pcileech and then uses Volatility to examine the dump. I guess the key is that "the FileVault password is stored in clear text in memory and that it's not automatically scrubbed from memory once the disk is unlocked." No need to do anything prior to OS load, except set a boot flag, and he's leveraging an e

From the article

[berj]

December 13th: Apple released macOS 10.12.2 which contains the security update. At least for some hardware - like my MacBook Air.

Conclusion
The solution Apple decided upon and rolled out is a complete one. At least to the extent that I have been able to confirm. It is no longer possible to access memory prior to macOS boot. The mac is now one of the most secure platforms with regards to this specific attack vector.

So, it seems that this door has been closed as of 10.12.2

Remains to be seen if those machines that don't support 10.12 Sierra will get patches for their latest supported macOS version, of course.

Re:

[DaphneDiane]

Are there any thunderbolt equipped Macs that don't support 10.12.2?

Re:

[DaphneDiane]

Haven't booted my 17" in a while, but knew it ran at least El Captain. Thought it was 2010 and newer [apple.com] for Sierra. Just noticed when searching that I better bring my system in for the recall [apple.com].

Re:

[ameline]

I updated my 17 inch late 2011 macbook pro with 10.12.2, and it updated the firmware as part of that upgrade.

So it looks likely that they plugged the hole.

Re:

[Just Some Guy]

My early 2011 15" MBP runs Sierra like a champ.

Re:

[DarkVader]

As others have noted, you have no issue. The 2011 runs it just fine. I've got a 2011 17 running Sierra, it's actually the machine I used for the beta versions of it. I'm typing this on a 2011 15 running Sierra.

Re:From the article

[Skuld-Chan]

Apple doesn't release security fixes for major bugs on previous OS's for the most part. As an exception and a lesson on how Apple deals with security issues - check out the history of the rootpipe exploit.

And yes - they did eventually fix that on previous versions of the OS after security experts shamed them publicly - almost a year later. Rootpipe was one of the worst security vulnerabilities - privilege escalation - and you can see how seriously they took it.

typo

[Behrooz Amoozad]

s/kamker/kamkar/

Re:

[AHuxley]

AC its interesting.
The amount of crypto that the gov can just 'read' or OS that get gov/mil malware loggers installed by the "owner" totally bypassing any 3rd party security.
Its telling that security services globally are happy to see a computer boot up a few times rather than request a user log in.
The user walks away feeling that their existing long password is still ok.
Would the average user change their password?
Are people confident that all wireless systems became active well after log in on all

How was that fixed?

[manu0601]

How was that fixed?

I guess they cannot close thunderbolt DMA access without redering it unusable to boot. Hence I suspect they just randomized the location where the password is fetched in memory. And of course they probably made sure it is erased after use. Anyone has a clue?

Re:How was that fixed?

[guruevi]

The 'hack' is prevented by enabling VT-d (basically virtualization of the PCIe devices) which prevents PCIe devices to have direct access to the hypervisor's memory.

Re:

[manu0601]

I do not get it. Wasn't that supposed to happen before system boot? There is an hypervisor at work in UEFI environment?

Re:

[guruevi]

All a hypervisor is is a program telling the processor it's a hypervisor and then it can do whatever (given off course the OS has given it such privileges to the CPU). The EFI can simply say to the CPU "hey, I'm a hypervisor, block all access to the/this memory from any attached devices" until a 'fuller' OS comes along and then it just hands whatever credentials over.

VT-d is an extension to the x86 CPU instruction set specifically for these kinds of purposes since these days everything is virtualized and th

looks like completely different attacks

[beckett]

The device is similar to what Samy Kamker created with Poison Tap.

how is this device similar to Poison Tap? Poison Tap used USB to mimic a network device and conduct a MITM attack harvesting cookies etc. from the outgoing network traffic on a powered computer with a web browser. Frisk's exploit uses a thunderbolt connection to dump a booting mac's memory before OSX is started.

Re:

[Ed Tice]

They both involve plugging something into the computer. This is the new /. Your administrative assistant probably knows more about the exploit than the current overlords.

$330

[Anonymous Coward]

You'll also need the $30 dongle from Apple to plug the device into the computer. This will also make the theft more conspicuous.

I've heard that with a skilled operator

[Chrisq]

I've heard that with a skilled operator a $3 device" [screwfix.com] can be almost 100% effective.

Disable unused ports...?

[geekmux]

Since the hardware side of this hack requires a Thunderbolt port, don't suppose there's a chance of just disabling that port altogether, is there?

Just curious if the obvious answer is obvious, since many of us have found a use for Apple hardware, but have found little use for expensive proprietary bullshit.

Re:

[amalcolm]

Fill them with epoxy

Re:

[geekmux]

Fill them with epoxy

Apple is already working on that by designing hardware completely devoid of any external connections in order to sell iVulcan, the data melding tech that will only cost you $599 more (dongles not included)

Frisk created a hacking device?!

[Gornkleschnitzer]

That must have taken a lot of determination.

Disclosure process

[TehHustler]

Bit confused about the disclosure timeline on this one - issue found, then presented at a conference to the public with videos recorded etc, THEN apple notified and they say "don't tell anyone yet!!!!" - but everyone had already been told at DEF CON. How does that work?