Jump to content
NickG

Full Disc Encryption - Hack

Recommended Posts

I have recently Full Disc Encrypted the majority of my Drives Including the Startup Drive.

 

I have all Disc passwords in Keychain.

 

This allows for automatic mounting of the Discs without entering the Disc Encryption Password all the time.

 

This is convenient but presumably security is only as good as your Login Password?

 

When I restart my iMac I am presented with some Login choices:- Admin Account 1, Admin Account 2, User Account 1 & Disc Login.

 

If I select my Admin Account the system will continue to start up. If I select Disc Login I have to enter the secure password for the Encrypted Start up Disc.

 

So, once more the Security of the system is related to my Account Login Password.

 

Is a very secure Account Login Password sufficient or perhaps it is best practise NOT to include the Startup Disc in Keychain so presumably that would mean you could only continue to login after entering the Startup Disc Password?

 

Finally I recently watched a Hack which enabled access to any Mac including Mountain Lion by booting into single User Mode & using some simple Terminal commands. The hack allows you to setup a new Admin Account. Effectively your system is Hacked! I tried it on an old Laptop running Lion & it is very quick & simple!

 

My question is, despite Full Disc Encryption, does this Terminal hack allow the setup of a new Admin Account thus completely by passing the security of The Full Disc Encryption?

 

I hope I have explained myself ok.

 

 

Thanks for any assistance.

 

 

 

Kind regards.

 

 

 

Nick

 

 

 

 

 

 

Share this post


Link to post
Share on other sites

Nick,

I am in no way an expert in this area and I would need to do some more research, but on the "hack" my guess is that that new Admin account would still not have the 'full disk encryption' password in it's startup keychain, so it should be prompted for that before it could access the disk and start up? No?

Share this post


Link to post
Share on other sites

Hi & thanks for your reply.

 

I remember considering the scenario you have mentioned a little while ago but confess to had forgotten about it.

 

It is an interesting and logical thought but I think because the "Hack" creates another Admin Account, that will give you access to Keychain & with that access they are in?

 

I am sure folk will be wondering why I don`t just try it.

 

Well my iMac is my work machine & it is critical I do not lose access to it. I feel quite nervous in jumping into Terminal & hacking around there!

 

As I said earlier, I have tried the hack on an old Macbook running Lion; frighteningly simple! But I don`t feel like trying the process on my main work machine!

 

An easy way to defeat the "Hacker" would be to remove the Encrypted Disc Password from Keychain. Then the Hacker would have to know the password to access 1Password (where my passwords are all held), assuming that also is not in Keychain!!

 

Security is becoming a much more important subject these days as people become more aware of all aspects of different attack on their Digital lives & the theft of their data on a daily basis.

 

With Governments wilfully stealing Data with the compliance of corporations like Google etc. & without the permission of the owner will mean that we will see an explosion in solutions to counter this attack.

 

Full Disc encryption is just one aspect of securing your data but I am not sure if it is actually that secure.

 

Recently we saw very wide loopholes in Apple`s 2 Factor Authentication in iCloud. Rather worrying, & I feel certain there are loopholes in this case.

 

Other ways to keep your Data private include VPN, & Encrypted E-Mail both of which can be implemented very easily.

 

But I am off topic!

 

 

Thanks again for the reply. Food for thought & I am still eating!

 

 

Regards.

 

 

Nick

Share this post


Link to post
Share on other sites

The thing I have always thought was that if someone has physical access to your machine they CAN get your info

Share this post


Link to post
Share on other sites

Ok. Some thoughts.

 

If you have an unencrypted Ext. HD. stolen, say Time Machine then all your data is available to the thief by simply connecting it to a Mac.

 

If however the HD was Encrypted & the thief only had the HD then the data is secure, unless the password is broken. That is why it is important to use a very secure password.

 

Now, let's say your computer is stolen on it's own. If the Boot Drive is NOT encrypted but is password protected, then by restarting in Single User Mode & inputting a few basic commands in Terminal, an Admin Account can be set up giving access to all data.

 

Now assuming the boot Drive is Encrypted and the Password is NOT stored in Keychain then when the computer is booted by the thief it will ask for a Password to allow the Boot to continue. BUT, if the Boot Drive Password was saved in Keychain the computer will continue to Boot offering Login Accounts to the user. All ok so far, but if the thief Restarts in Single User Mode will the system allow him to setup a new Admin Account & therefore allow access to all data? It may be that because the Boot drive is encrypted & the password is not in Keychain that no progress will occur until that Password is entered successfully?

 

Although I haven't tried this it does seem likely, maintaining security.

 

What we do know for certain is that if any drive, including Boot drives are NOT encrypted, your data is insecure. BTW, the process of hacking into my Lion unencrypted Macbook took me, first time try, less than 5 mins. It is also possible to leave the attacked computer in a state so that the owner will not be able to identify that a Hack has been successfully completed.

 

If anyone has experience of Hacking an encrypted Boot Disc with password NOT in Keychain please let me know.

 

 

 

Regards.

 

 

Nick

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing

    No registered users viewing this page.

  • Who's Online (See full list)

    There are no registered users currently online

×