DMA Attack Lets Hackers Retrieve Mac Encryption Passwords In 30 Seconds

[Lucian Armasu]

Swedish security researcher Ulf Frisk uncovered a flaw in the boot process of Mac computers that allows attackers with physical access to the computers to retrieve the encryption passwords stored in cleartext in memory.

DMA Attack Lets Hackers Retrieve Mac Encryption Passwords In 30 Seconds : Read more

 

[targetdrone]

I wonder if this was similar to the method the FBI used to hacked that Islamic Terrorist's phone that the FBI originally demanded Apple to write a custom OS for because "it was too hard for lazy FBI agents"

 

[jeremy2020]

This article is untrue. It is impossible for Macs to get hacked or get a virus

 

[spdragoo]

I can't tell if he's being serious or sarcastic...

 

[negusp]

Jeremy, you forgot your /s

 

[cmi86]

Hmm so much for mac's are safer because they can't get hacked or get virus's... I tried telling some apple people years ago that with popularity comes attention. Mac OS wasn't inherently any safer than a MS OS it's just that no one cared to hack them because there wasn't any market share. Go figure they didn't listen. I'd have a better chance of winning the lottery 2 times and getting struck by lighting all in one day then I would getting an apple zealot to accept common sense...

 

[Kimonajane]

Well at least they have to have physical access to your computer. Hopefully Apple updates this fast.

 

[Sam Hain]

Jeremy...

Nothing is hack or virus proof. In fact, bad end-user (browsing) habits, poor AV defensive software (or lack of) OR being complacent in the trust of such myths of the likes of the Apple Fortress of Impregnability WILL increase the likelihood of such attacks and the challenge to hackers to conquer it.

Why do you think AV, Mal-Ware, etc. programmers are always having to update their data bases for us end-users/subscribers???

Answer... The black-hats are always trying something new and better, to get in. Encryption hacking/decoding is yet, just another and sometimes more rewarding challenge to them.

 

[Kewlx25]

Bootstrapping is always the hardest part.

 

[none12345]

"Well at least they have to have physical access to your computer. Hopefully Apple updates this fast."

Considering the article said that apple has known about this since at least july....and they still havent fixed it....id say that apple has not(and likely wont) fix this fast.

 

[Kewlx25]

This attack only works because "untrusted" devices can gain access to DMA on boot. The only way to fight this is to have some notion of "trusted" devices, which leaves you with something like Secure Boot.

 

[ASloan]

Did you guys finish the article? "Frisk believes that Macs should now be one of the the most secure platforms against this type of attack." It is inherently important for PC and Apple's teams to respond to all verifiable threats and Apple got on this pretty quickly. I myself do not understand the fanboy thing on either side. I own both and like them each for different things.

 

[spiketheaardvark]

For the common thief this is worthless. I'm sure folks like the NSA are paying attention.

With all talk of USB-C I never considered that it might give unwanted access to memory. But, neither did apple.

 

[wifiburger]

nah don't believe it, macs are super secure