Passware Proves Mac OS Lion Insecure Revealing Login Passwords in Minutes Password extraction possible even if the computer is locked or put to sleep - after a user logs in, password remains in memory
MOUNTAIN VIEW, Calif., July 26, 2011 /PRNewswire/ -- Passware Inc., a provider of password recovery, decryption, and electronic evidence discovery software for computer forensics, law enforcement organizations, government agencies and private investigators, announces that Passware Kit Forensic v11 – a new version of its flagship product – recovers Mac OS user login passwords from computer memory in a matter of minutes.
As Apple's operating system has increased in popularity in recent years, so have security threats for users. Passware President Dmitry Sumin notes, "Long touted as a stable and secure operating system, Mac users are cautioned that the newest operating system has a potential vulnerability that enables password extraction from devices running Mac OS Lion."
The Mac OS vulnerability relates to user login passwords that are stored in the system memory even if the computer is locked or put into a sleep mode. Passware Kit Forensic v11 captures live Mac computer memory over FireWire and analyzes it, extracting these passwords. The process takes a few minutes, regardless of the password strength and use of a FileVault encryption. The vulnerability is present in all modern versions of Mac OS, including Mac OS X 10.6 Snow Leopard and the latest Mac OS X 10.7 Lion, released last week.
Passware previously implemented the same technique to decrypt hard disks encrypted with BitLocker and TrueCrypt (see press release: http://prn.to/pw-bt).
The security risk is easy to overcome by simply turning off the computer instead of putting it to sleep, and disabling the "Automatic Login" setting. This way, passwords will not be present in memory and cannot be recovered.
Sumin continues, "I am a Mac user myself, but it's important to understand the limitations of your computer's security, even if you are not a computer forensics expert. If data stored is confidential, it is important to ensure physical security of the computer. One might also consider using additional encryption software."
Passware Kit Forensic – a Comprehensive Encrypted Evidence Discovery Solution
Passware Kit Forensic provides immediate password recovery for any protected file detected on a PC or over the network while scanning, revealing hidden and protected data files on a suspect's computer. Passware Kit Forensic, complete with FireWire memory imaging module, is the first and only commercial software that decrypts BitLocker and TrueCrypt hard disks, and instantly recovers or bypasses Mac and Windows login passwords of seized computers.
Additional features of Passware Kit Forensic 11 include:
- Recovery of login passwords from Mac OS X users database
- Recovery of passwords for Mac keychain files, which gives access to user information contained in these files: saves passwords (for websites, network shares, wireless networks), private keys, certificates, etc.
Pricing and Availability
Passware Kit Forensic is available directly from Passware and a network of resellers worldwide. The price is $995 with one year of free updates. Additional product information and screen shots are available at http://www.lostpassword.com/kit-forensic.htm.
About Passware Inc.
Founded in 1998, Passware Inc. is the worldwide leading maker of password recovery, decryption, and electronic evidence discovery software. Law enforcement and government agencies, institutions, corporations and private investigators, help desk personnel, and thousands of private consumers rely on Passware software products to ensure data availability in the event of lost passwords. Passware customers include many Fortune 100 companies and various US federal and state agencies, such as IRS, US Army, US Department of Defense (DOD), US Department of Justice, US Department of Homeland Security, US Department of Transportation, US Postal Service, US Secret Service, US Senate, and US Supreme Court.
More information about Passware Inc. is available at http://www.lostpassword.com/. Passware is a privately held corporation with headquarters in Mountain View, Calif. and a software development and engineering office in Moscow, Russia.
SOURCE Passware Inc.