FileVault 2 is a feature of Mac OS X 10.7 Lion that provides a way to encrypt a full disk drive so that it can only be used by those who know a password ... until now, that is. Passware, a company that makes forensic software used to recover lost passwords or open encrypted files to police and others, has announced that their Passware Kit Forensic 11.4 software (US$995) can extract the keys to FileVault 2 in an average of 40 minutes.

Password was able to recover data from FileVault 2 encrypted drives regardless of the length and complexity of passwords. Fortunately for Mac users, however, not only does the cracking require a relatively expensive piece of software, but it also requires that certain conditions be in place for the software to be able to extract the FileVault keys.

The Mac must be powered on and logged in; in other words, the FileVault keys must be in memory for Passware Kit Forensic to extract them. Passware can't extract encryption keys on static data, nor can it determine what the keys are before they've been requested as part of the log-in process.

That means that as long as you turn off automatic login, you should be safe. To turn off automatic login on your FileVault 2-encrypted Mac, go to System Preferences > Users & Groups > Login Options and make sure that "Off" is selected from the drop-down. The other tip to keep you safe? Turn off your laptop while traveling so that the Passware software cannot be used to hack into it.

There's one other good piece of news; hackers need to get to the contents of memory through a working FireWire or Thunderbolt port, so the Passware process does not work via remote access. Likewise, those older MacBook Airs that only have USB ports are safe from this method -- commenter Thomas Brand on the Brooks Review notes that "Thunderbolt and FireWire access data directly from the system bus allowing the exploit. USB goes through the CPU."

Yes, FileVault 2 encryption is vulnerable. But with a few easy, common-sense steps, mobile Mac users can keep their data safe anyway.

Apple FileVault 2 encryption cracked, but don't panic originally appeared on TUAW - The Unofficial Apple Weblog on Fri, 03 Feb 2012 15:30:00 EST. Please see our terms for use of feeds.