Oops! Apple Accidentally Exposes FileVault Passwords

Apple has made an almighty cockup in the security of its FileVault software for encrypted volumes. Upgrading from an older FileVault installation to the latest one, FileVault 2 in Mac OS X 10.7.3 causes the passwords for the encrypted volume to be stored in an area outside it in a log file in plain text! This is because a debug switch has been left on in the shipping version of the software.

This is disturbing and raises several questions: 1) why is there such a switch in shipped production code in the first place – a back door perhaps? Get your tinfoil hat on conspiracy theorists 2) The upgrade was released in early February 2012, yet there have been no patches from Apple and no announcement or recognition of the problem 3) It points to potential quality control issues at Apple that the general public is unaware of. This is very embarrassing for Apple and they would do well to patch it ASAP, now that the problem has been revealed by a third party. Someone at Apple is in a lot of trouble too, no doubt. Note that just using the latest FileVault 2 without upgrading doesn’t show this problem. We recommend reading the whole Cryptome entry to understand this problem fully.

This is worse than it seems, since the log in question can also be read by booting the machine into firewire disk mode and reading it by opening the drive as a disk or by booting the new-with-LION recovery partition and using the available superuser shell to mount the main file system partition and read the file. This would allow someone to break into encrypted partitions on machines they did not have any idea of any login passwords for.


Comments are closed.