Swedish scientist Ulf Frisk created a gadget for $ 300, which can steal passwords from any Mac. Just
connect your gadget to the computer via Thunderbolt port, restart, and after 30 seconds, the password will be displayed.
The problem lay in the lack of protection from the Direct Memory Access type attacks (DMA). The scheme works is simple: the password is stored in a FileVault in a tabular format and a few seconds are not cleared from memory after the device is reset. Therefore gadget for $ 300 could easily intercept it.
In the last update macOS Sierra 10.12.2 fixed this vulnerability. Now the password is not stored after the restart and it can not be stolen.
No comments :
Post a Comment