A security blunder in the most recent version of Mac OS X – 10.7.3 – apparently turns on a system-wide debut log file that contains the login passwords of every user who has logged in since the update was applied.
According to Sophos’ Naked Security blog it appears that a debug option was accidentally left enabled in FileVault, resulting in the user’s password being saved in plain text in a log file accessible outside of the encrypted area.
“Anyone with access to the disk can read the file containing the password and use it to log into the encrypted area of the disk, rendering the encryption pointless and permitting access to potentially sensitive documents,” explains Chester Wisniewski.
“This could occur through theft, physical access, or a piece of malware that knows where to look.
“To my knowledge, this only applies to users of Snow Leopard who used the FileVault encryption option for their home directories. It does not impact users of FileVault2 who have turned on Apple’s full disk encryption, nor does it impact users who did not upgrade from Snow Leopard,” Wisniewski said.
Wisniewski says the best course of action is to implement a full disk encryption solution.
“Additionally, vulnerable users who do not encrypt their Time Machine backups risk replicating this log file to their backups, which could mean long-term storage of their unencrypted password.”
Most common failure point in data protection
Wisniewski says this proves a very important point when it comes to encryption. While choosing a secure algorithm is important, it’s rarely the most important factor. How products store, manage and secure keys and passwords is the most common failure point in assuring data protection.
“This incident demonstrates the importance of implementation over technical arguments like key strength and password complexity. That Apple promises AES encryption doesn’t mean anything if it chooses to store your password in an accessible log file.
“Let’s hope Apple is able to fix this problem quickly. However, the possibility that the plain text password has been backed up and the difficulty of ensuring both copies and the original plain text password are securely erased means retrieval could still be possible even after the fix is applied.
“Once Apple users receive and apply the fix, they would be well advised to consider this password compromised, change it and ensure it is not used on any other systems,” Wisniewski said.