∞ Lion FireWire security issue misleading

Passware, a computer forensics and password discovery company, on Tuesday said it discovered a way to get passwords from a Mac running OS X Lion. However, it may not be as dire as it seems.

[ad#Google Adsense 300×250 in story]While the implication is that you can plug in the Passware Kit Forensic into someone’s Mac and walk away with their passwords, Lion and security experts I’ve spoken with said it’s not quite that easy.

Here’s the bad news — if you leave your computer unattended, with no screen lock, and you are logged in, yes this software could most likely steal your passwords. If you do that, you probably won’t have a computer when you get back, so passwords are the least of your worries.

Here’s the good news — If you are running with password protected login and screen lock enabled (the default settings in Lion), then it is unlikely that this software can access your passwords. FireWire is secure until you enter your password, I’ve been told.

I was contacted this morning by Dmitry Sumin, president of Passware, who says the software can still get the passwords.

“This is not true,” said Sumin. “Even if you have a login password enabled, automatic login disabled and your computer is locked the software is capable of extracting your password. That is the problem unique to Mac OS X. Windows does not store login passwords unencrypted in memory.”

The other issue is with Apple’s FileVault security and privacy application. Passware says that it can grab passwords regardless of whether a user has FileVault enabled or not. Apparently, this too isn’t accurate. I’ve been told that if FileVault is turned on, it also turns on screen lock which means that when your machine is unattended the screen lock runs, and you’re protected.

Update 2: 10:09 am PT July 27 — Added quote from Passware President.

Update: 6:45 am PT July 27 — Clarified the conditions under which the hack will work.