David I. Emery wrote on Cryptome that a debugging switch inadvertently left on in the currentrelease of Lion, version 10.7.3, records in clear text the passwordneeded to open the folder encrypted by the older version ofFileVault. Users who are vulnerable are those who upgraded to Lion but areusing the older version of FileVault. The debug switch will recordthe Lion passwords for anyone who has logged in since the upgradeto version 10.7.3, released in early February. |
"This is what the secure FileVault partition was supposed toprotect against after all," Emery said in an interview. Apple has two versions of FileVault. The first version allowed auser to encrypt the contents of the home folder using the AdvancedEncryption Standard (AES) with 128-bit keys. An upgraded product,FileVault 2, which shipped with OS X Lion, encrypts the entirecontent of the hard drive. When someone upgrades to Lion but still uses the first version ofFileVault, the encrypted home folder is migrated, which is nowvulnerable with this security issue.
Emery wrote that the passwordis accessible to anyone with root or administrator access, hewrote. But what is worse is that passwords can also be read anotherway. Emery described that passwords can also be read by "booting themachine into FireWire disk mode and reading it by opening the driveas a disk or by booting the new-with-Lion recovery partition andusing the available superuser shell to mount the main file systempartition and read the file." "This would allow someone to break into encrypted partitions onmachines they did not have any idea of any login passwords for," hewrote. There are a couple ways to mitigate the problem.
Emery wrote thatthe FireWire disk and recovery partition attack can be headed offby using FileVault 2. An attacker would have to know at least onepassword before a file could be accessed on the main partition ofthe disk, he wrote. Also, a firmware password could be set that would be needed inorder to boot the recovery partition, external media or even enterthe FireWire disk mode. Emery cautioned though that Apple "GeniusBar" employees know a standard technique to turn it off. The issue highlights the fragility of technology, Emery said.
"Amistake like this exposes more or less the keys to the kingdom tosomeone with literally no access to a supposedly secured area on amachine, and maybe nothing more than chance physical access to atarget's laptop for a few unguarded minutes," he said. The bug has probably been around since the release of 10.7.3, Emerywrote. Emery said he wasn't the first to find the problem, and thatother people discovered it several weeks before he did and reportedit to Apple. "One wonders why such a debug switch exists in shipped productioncode," Emery wrote. "Clearly it could be invoked covertly inspecific situations.
This seems to be an example of someone turningit on for the entire release by accident." Apple did not have an immediate comment. Send news tips and comments to email@example.com.
The e-commerce company in China offers quality products such as Floor Standing Sign Holders Manufacturer , Magnetic Sign Holders, and more. For more , please visit Magnetic Sign Holders today!
Related Articles -
Floor Standing Sign Holders Manufacturer, Magnetic Sign Holders,