This whole thing makes me very suspicious of Apple's and Microsoft's whole disk encryption technologies. I can't help but wonder if back doors have been inserted into the products.
2) If you opt-in to store a recovery key with Apple
3) If attacker has physical access to machine, and machine is powered on (direct memory access via Thunderbolt or Firewire) (Edit: seems like this is not the case, see below)
3) If attacker has physical access to machine, and
machine is powered on (direct memory access via
Thunderbolt or Firewire)
This may have changed, but turning on FileVault used to disable DMA in many situations (laptop had been suspended being a key one) until the user logged back in. Not that this isn't a vector, but it's actually a very narrow one; you basically need the person to already be logged in at the time you want to steal the keys.
Take a look at Alex Ionescu's "Ninja's and Harry Potter" talk from NoSuchCon this year [1].
He specifically mentions he could access the FileVault key of a machine by having physical access, and discovered two secret keys (KPPW and KPST) one of which is enabled when the input buffer is "SpecialisRevelio" [2].
Why not just a backdoor in the OS? I mean...if we're seriously considering that apple would put a backdoor into FileVault, why not just put one in the OS proper?
FileVault could be some hypothetical magic uncrackable encryption with a keyspace bigger than the known universe...and it would never matter if there was a backdoor in the OS.
It seems that only protects against "pre-launch software" and BIOS level stuff. The scenario in question is for a live system where the disk is mounted and decrypted, with the OS running.
Of course there are back doors, like the well known NSAKEY one [1] in Windows. Apple also seem to have backdoors into encryption on both Mac and iOS [2].
If you want your data to be reasonably secure against someone who casually steals it then they're fine but if you want to be secure against government employees, or even well connected corporations, then Apple & Microsoft solutions are not very useful.
Regarding [2], it's not clear yet what Apple does here: it looks like they bruteforce the iPhones when requested by the relevant authorities (possibly using a custom bootrom) and specifically not via a backdoor. If there was a backdoor, presumably Apple wouldn't have a backlog of requests[3]. Though no one really knows, and presumably it's always possible Apple will intentionally compromise their security in future if they get tired of having to bruteforce all these phones.
This reminds me about something one of my teacher (a very stallman-like guy in his views) told us about encase. It's an (apparently) fairly common suite of tools used by law enforcement agencies around the world for forensic analysis. In the description of their decryption module (http://www.guidancesoftware.com/encase-forensic.htm#tab=2) they claim to be able to decrypt quite a few whole-disk encryption schemes. Now it's hard to imagine that they would put an outright lie on their website but there could be several explanations for that. I think the consensus among the students was that they were exaggerating quite a bit, and were only capable to do it upon some specific circumstances (weak passwords, setup errors, various cryptographic edge cases, etc). However the other obvious explanation was that some kind of backdoors were built among those schemes (you can notice the absence of common open source stuff like luks or truecrypt in the list) and that there's accords between some vendors and governmental agencies (via this software) to allow for access into their encryption schemes. I was fairly skeptical back then, but now I'm not so sure... There might be a combination of the two explanations. Someone well-versed into cryptography might be able to tell if some of those products have well-known vulnerabilities.
I have come across COFFEE before, its just a forensic tool. It doesn't do anything more than what 3rd party tools can do. It looks like a toolkit put together for investigators. Do you have any source to support that it can decrypt/bypass Bitlocker encryption? I couldn't find any information online.
1) That's probably a perfectly reasonable option for my grandma. *
2) It provides Apple a fallback when some idiot loses 6 figures worth of IP. “We understand sir, you see, if you had chosen to backup your recovery key with us we would be able to help you”
* or would be, if the NSA wasn't spying on everything.
This is fine, since you have the option to decide. For most people it's okay to store the key on Apples servers. You are still protected if your computer is lost/stolen, for example.
And if you want to be safe from the government, just select "No".
