Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Saturday December 17 2016, @10:36AM   Printer-friendly
from the they-said-it-couldn't-be-done dept.

Swedish hardware hacker Ulf Frisk has published today instructions on how to build and use a $300 device that can retrieve login passwords for Macs protected by Apple's FileVault2 disk encryption system.

Frisk's invention is named PCILeech, a device he created for carrying out Direct Memory Access (DMA) attacks, which allows an attacker to read the memory of 64bit-based operating systems such as Linux, FreeBSD, macOS and Windows.

PCILeech, which only runs on Windows 7 and Windows 10 PCs, uses custom software, which users can download from GitHub. The device also runs on a custom hardware rig, and the same GitHub repo provides the list of needed components.

Frisk says he discovered this summer two design flaws in how Apple implemented FileVault2 Mac disk encryption. The researcher says he integrated these two bugs in version 1.3 of PCILeech, capable of extracting Mac passwords in cleartext.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Saturday December 17 2016, @04:56PM

    by Anonymous Coward on Saturday December 17 2016, @04:56PM (#442462)

    Who cares about macs? I mean this seems much larger...