Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

    3) If attacker has physical access to machine, and
       machine is powered on (direct memory access via
       Thunderbolt or Firewire)
This may have changed, but turning on FileVault used to disable DMA in many situations (laptop had been suspended being a key one) until the user logged back in. Not that this isn't a vector, but it's actually a very narrow one; you basically need the person to already be logged in at the time you want to steal the keys.


Hmm, I didn't know that. It seems you may be right:

http://www.frameloss.org/wp-content/uploads/2011/09/Lion-Mem...

Though apparently there was a company offering a commercial solution for getting FileVault passwords using this method so...

http://privacycast.com/filevault-vulnerability-how-to-protec...

There's also a really interesting pdf from Apple containing more details on FileVault 2:

http://training.apple.com/pdf/WP_FileVault2.pdf

which suggests turning on firmware passwords to prevent DMA.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: