Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Hacking Apple Mac encryption password in Just 30 Seconds with PCILeech device

A hacker devised a $300 device, dubbed PCILeech, that could be exploited by an attacker to gain full control of a Mac or MacBook. The Swedish hacker and penetration tester Ulf Frisk has devised a $300 device, dubbed PCILeech, that could be exploited by an attacker to gain full control of a Mac or MacBook. The device is able […]

Hacking Apple Mac encryption password in Just 30 Seconds with PCILeech device

A hacker devised a $300 device, dubbed PCILeech, that could be exploited by an attacker to gain full control of a Mac or MacBook.

The Swedish hacker and penetration tester Ulf Frisk has devised a $300 device, dubbed PCILeech, that could be exploited by an attacker to gain full control of a Mac or MacBook.

The device is able to steal the password from virtually any Mac laptop while it is sleeping or even locked. The process is very fast, in just 30 seconds hackers can unlock any Mac computer and even decrypt the files on its hard drive.

The security expert devised a technique that leverage on two designing flaws he discovered in Apple’s FileVault2 full-disk encryption software.

“macOS FileVault2 let attackers with physical access retrieve the password in clear text by plugging in a $300 Thunderbolt device into a locked or sleeping mac.” wrote the researcher in a blog post. “The password may be used to unlock the mac to access everything on it. To secure your mac just update it with the December 2016 patches.”

“Anyone including, but not limited to, your colleagues, the police, the evil maid and the thief will have full access to your data as long as they can gain physical access – unless the mac is completely shut down. If the mac is sleeping it is still vulnerable.”

The first issue is the lack of protection against Direct Memory Access (DMA) attacks before macOS is started. The expert noticed that the Mac EFI or Extensible Firmware Interface let devices plugged in over Thunderbolt to access memory without enabling DMA protections. This means that Thunderbolt devices have a read and write access to the memory.

The second issue is the storage of password to the FileVault encrypted disk in clear text in memory, even when the computer is in sleep mode or locked.

“The second issue is that the the FileVault password is stored in clear text in memory and that it’s not automatically scrubbed from memory once the disk is unlocked. The password is put in multiple memory locations – which all seems to move around between reboots, but within a fixed memory range.” continues the analysis.

The PCILeech device is able to automate DMA attacks and extract Mac FileVault2 passwords stored in clear text in the device memory.

In the attack scenario, ill-intentioned accesses to a target Mac computer and connects the PCILeech hacking device to the computer via the Thunderbolt port.

Frisk shared a video PoC of the attack that shows how to hack a computer by plugging in a card flashed with a open source PCILeech software tool into the Mac’s Thunderbolt port.

In the video it possible to see that once connected the PCILeech device on the target Mac or MackBook, it is necessary to reboot the system in order to read the Mac password on the other laptop.

The attack takes is just 30 seconds to carry out successfully.

“Just stroll up to a locked Mac, plug in the Thunderbolt device, force a reboot (ctrl+cmd+power) and wait for the password to be displayed in less than 30 seconds!”

The expert reported the results of his research to Apple in August that fixed the issues in Mac OS 10.12.2 released this week.

Don’t waste time, update you MAC asap.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – PCILeech, hacking)