IE 11 is not supported. For an optimal experience visit our site on another browser.

A $995 tool can steal your Mac's passwords in minutes

NBC News Clone summarizes the latest on: 995 Tool Can Steal Your Macs Passwords Minutes Flna121816 - Breaking News | NBC News Clone. This article is rewritten and presented in a simplified tone for a better reader experience.

By Rosa Golijan

Ready to start feeling a bit nervous about your computer's security? No? Too bad, because there is now a handy-dandy $995 tool which can steal your Mac's passwords in minutes — even if the computer is locked, sleeping, or encrypted.

The tool — an app which can run from a USB stick — is called Passware and is intended to be used as a legitimate forensic solution, but can be purchased by anyone with a thousand bucks to spare.

The reason Passware can steal passwords from a locked, sleeping, or encrypted Mac is thanks to a security flaw which — based on an Ars Technica story — has existed for at least three years:

The problem is that certain OS components store a user's password in memory, so anyone with unfettered access to the computer's RAM can simply scan its contents to obtain the password. From a software perspective, this isn't an issue, because the OS makes sure that one process can't access another process' memory.

But wait! That says that passwords can't be accessed via software! So how is an app stealing them? By tricking a computer into dumping the contents of its RAM onto another device via FireWire. Previously this process required a great deal of technical skill and time, but thanks to the Passware kit, things got a lot easier.

Basically, Passware can cajole your computer into revealing all its secrets — including login passwords and the contents of its Keychain App — in mere minutes. All someone needs to do is plug in the USB stick with the app, tap through a few menus, plug in a FireWire cable, and catch the magic happen. It doesn't even matter if you've encrypted your data using Apple's FileVault app or another tool such as TrueCrypt. The vulnerability still exists.

So what can you do to protect yourself? Plenty, actually. According to the makers of the sneaky forensic tool, you just have to modify a habit and tweak a setting:

The security risk is easy to overcome by simply turning off the computer instead of putting it to sleep, and disabling the "Automatic Login" setting. This way, passwords will not be present in memory and cannot be recovered.

Related stories:

Rosa Golijan writes about tech here and there. She's obsessed with Twitter and loves to be liked on FacebookOh, and she can be found on Google+, too.

Rosa Golijan

Stay informed with daily digest and insights from NBC News Clone. We repackage top headlines for our global readers.

×
AdBlock Detected!
Please disable it to support our content.

Related Articles

Donald Trump Presidency Updates - Politics and Government | NBC News Clone | Inflation Rates 2025 Analysis - Business and Economy | NBC News Clone | Latest Vaccine Developments - Health and Medicine | NBC News Clone | Ukraine Russia Conflict Updates - World News | NBC News Clone | Openai Chatgpt News - Technology and Innovation | NBC News Clone | 2024 Paris Games Highlights - Sports and Recreation | NBC News Clone | Extreme Weather Events - Weather and Climate | NBC News Clone | Hollywood Updates - Entertainment and Celebrity | NBC News Clone | Government Transparency - Investigations and Analysis | NBC News Clone | Community Stories - Local News and Communities | NBC News Clone