While actually
picking locks is no
large task these days,
cracking into one's highly encrypted
information in OS X could prove problematic if the culprit had something to hide. SubRosaSoft's USB key purportedly allows "law enforcement professionals to perform live forensics on Mac
OS X systems," and once the software on the included drive is ran, it automatically extracts data from the Apple Keychain and system settings to "provide the examiner fast access to the suspect's critical information with as little interaction or trace as possible." The program then compiles the details into a database and stores it back on the drive's internal memory, which can supposedly be read back on Windows, Linux, or OS X machines at base. Before the devious ones in the crowd get too excited, though, we should probably warn you that interested consumers will be forced to "provide proof that they are a licensed law enforcement professional," and even then, it will run you anywhere between $399.95 to $499.95 depending on your exact profession. But hey, we're sure you know a private investigator or
police officer who can hook you up, right?
[Via
DragonSteelMods]
posted Apr 30th 2007 2:04AM
System must be in a logged-in state: "MacLockPick takes advantage of the fact that the default state of the Apple Keychain is open, even if the system has been put to sleep." http://tinyurl.com/yuhx9j
Sounds like OS X should refuse to mount any USB / Firewire / CD or DVD media when it's in sleep/lock mode (or at least have an option to do so). That way nothing plugged-in would have any effect unless the user entered their password first.
Realistically, logging-out is probably a better idea than leaving your machine logged-in and sleeping if you have confidential information on it.
Will this program work if FileVault is turned on? If so, then I can realistically see people buying it just because they forgot their FileVault password :)
Boom, baby.
This thing is a gimmick to get unsavvy investigators to cough up the money for something they don't need. It's like a jump drive with U3 that copies things over once it is plugged in. Whoop de doo. Seems like it would be easier to just go to the suspect, demand the password, and if he refuses, charge him with obstruction of justice. Problem solved.
Except for the fact that he doesn't have to SAY anything, including his password, that could incriminate himself. That's what we call the 5th amendment. I see you haven't thought your cunning plan all the way through.
Except for the fact that currently US law enforcement is happily running over the 5th amendment like an SUV over a gum wrapper.
The government will just torture a suspect until he gives up the password. Welcome to 21st Century Amerikkka.
The "investigator" actually has to open maclockpick.app (or whatever) in the finder in order to nab all the juicy stuff. Kind of inelegant, since the largest point of this seems to be to covertly pull information from a computer without actually taking the whole system (and thus the hard drive).
With regards to filevault: encrypting your home directory is useless if you set your computer to auto-login or not require a password to wake from sleep. Furthermore, I believe that system logs are not encrypted by default in filevault, so activity can still be gleaned from those.
Some bozo is actually going to buy this thing and never use it. Unless the cops bust into a suspects house WHILE he's using his computer and the guy doesn't close it up in time to put it to sleep they get nothing.
-or-
Apple can issue a software update to disbale the thing in the next 2 days.
" and once the software on the included drive is ran, " is RUN
Who is your editor anyway?
that's why you never leave your computer logged on, or without password request to wake from sleep/screenSaver.
It's also intelligent to et your main keychain so it locks when sleeping and after some time not in use. You can also change it's password from the user password
That's why you store sensitive information in an encrypted disk image and — if you're a sane person — don't store the password to that image in your login Keychain.
I have seperate encrypted disk images for certain types of data: one for all my serials and registration codes, one for my banking information, one for my private email/chat logs, ...
word!
Oh yeah, right, this is for cops. Why would a legitimate "law enforcement professional" need "fast access to the suspect's critical information with as little interaction or trace as possible"?
My sentiments exactly. We'll see "law enforcement professional"s breaking into Macs left and right and blaming Apple for making OS X sooooooo easy to break into.
@Dan - Apple should release an update and disable this thing.
Legitimacy will not even be an issue when it comes to the "law enforcement professional"s who will get their hands on these things. Remember the general rule: If it can be made, it can be copied.
I can't wait until TrueCrypt gets ported to OSX (or at least Java). It has plausible denyability, is open source, is free, and in my opinion, is the most trustworthy option out there.
haha this cracked me up.
If we want to get into your system we will. That being said, we need a warrant for it. If there is no warrant, there is no accessing a system. If we do get a warrant for your computer... we will get the data we a searching for.
no technician in their right mind would just sneak that into a system, even if does have desired results (which I doubt it does), it would completely ruin an investigation.
A bit OT, but if Engadget people are reading this: peppering your posts with links to search your own site about completely random words (police officer --> http://www.engadget.com/search/?q=police) buys you nothing, and costs about half your readers a wasted mouse-over. Seriously, track those links and see how often they're clicked, compared to how often people click a real (off-site or previous-post) link. I bet you a dollar that 100% of the search query links for generic terms like "police" are clicks from people who didn't look where the link pointed before clicking.
Please stop.
Unless there is something special about the drive itself, the actual program will be available on torrent sites and the average joe with have access in no time.
Pointless....but I guess they did help apple out with security, no?
"...once the software on the included drive is ran..."?
Is ran? Don't you mean, "is run"?
Hmm, I never thought of Mac users as criminals.
Now Windows users, on the other hand...
-he who stacks pork
But Macs are impenetrable, right?
Right guys?
Guess I won't be using the Keychain then. And believe me, any "critical" data will be locked up in an AES-256 encrypted .dmg file. Losers.
If Apple patches this backdoor, SubRosaSoft will go out of business. Haha.
As DigitalForensicGradStudent mentions, you need a warrant. Once you have the warrant you get the computer and run SERIOUS forensic software on the hard drive. What a joke!