Mac OS X Lion reveals passwords in sleep mode?

Password recovery firm Passware says that Mac passwords can be obtained over Firewire on computers that have enabled automatic login.

Passware says "automatic login" should not be enabled.
Passware says "automatic login" should not be enabled. Screenshot by Don Reisinger/CNET

Mac OS X Lion users might want to disable the operating system's "automatic login" feature, a password recovery firm has warned.

According to Passware, the latest version of Mac OS X has a "vulnerability" that allows login passwords to be exposed while the Mac is locked or in sleep mode. In order to access those passwords, users will need to connect to the Mac's FireWire port, since it allows for communication by direct memory access, the firm said.

Mac OS X Snow Leopard, the previous version of Apple's operating system, is also affected, Passware says.

Lion was released last week in Apple's App Store . According to the company, it delivers 250 new features. The operating system retails for $29.99.

Passware, which offers its password recovery software to law enforcement agencies, says that its latest release, the Passware Kit Forensic v11, addresses the apparent Mac OS X vulnerability. When users employ the $995 software, they'll be able to recover login passwords, as well as passwords saved in the Mac keychain, such as those for Web sites, wireless networks, and more.

Luckily for Mac users, the issue can be solved quite quickly by disabling the automatic login setting in the operating system. Passware president Dmitry Sumin told CNET in an e-mailed statement today that users must also turn off their computers. Upon doing so, the platform will no longer save passwords in memory, thus making them unrecoverable. According to Sumin, users can also disable the FireWire port to safeguard themselves from the vulnerability.

Disabling automatic login is a good security tip in general, regardless of whether passwords can be recovered when the Mac is sleeping. By allowing for automatic login, Mac users are basically letting anyone who starts up their computers have full access to their machines. Disabling the feature requires Mac users to choose their profile and input a password to log on to the computer.

This isn't the first time that Passware has used this technique to access seemingly secured data. According to the company, it was able to use the same technique to decrypt hard drives encrypted with Windows' BitLocker and TrueCrypt.

Apple did not immediately respond to CNET's request for comment.

Update at 7:15 a.m. PT to include comments from Passware president Dmitry Sumin.

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments