Hacked in 30 seconds: Thunderbolt flaw in Mac computers can disclose passwords that fast

Apple MacBook 13-inch Touch Pad
Bill Roberson/Digital Trends
If you run any type of Thunderbolt device on your Mac, you’ll want to upgrade to MacOS 10.12.2 in short order. The latest update fixes a vulnerability in FileVault 2 — Apple’s second-generation full disk encryption platform — that allowed the disclosure of your system password by simply plugging in a $300 Thunderbolt device.

This device was able to gain access even when the Mac was asleep, researchers said. The hack works by forcing the computer into a reboot (ctrl+cmd+power), plugging in the special Thunderbolt device, and waiting about 30 seconds for the password to appear.

Security researcher Ulf Frisk says the issue is the result of two problems, one being the fact that Macs do not protect themselves from Direct Memory Access (DMA) attacks before the computer is started. The other is that the FileVault password is stored in clear text in memory and not automatically scrubbed once the disk is unlocked.

The password is put in multiple locations, and does apparently change location after reboots. However, it’s in a specific memory range making it fairly easy to scan for and eventually find. Frisk notified Apple of the vulnerability in August, and agreed to withhold it pending a fix, he wrote in a blog post.

“Anyone, including but not limited to your colleagues, the police, the evil maid, and the thief will have full access to your data as long as they can gain physical access – unless the Mac is completely shut down,” Frisk pointed out.

Mac OS 10.12.2 was released last week and fixed a variety of issues including a more reliable auto unlock, graphics, and System Integrity Protection (SIP) issues on some 2016 MacBook Pros, along with a host of other stability improvements.

The Thunderbolt vulnerability was only one of the many security updates in this release: if you’re interested you can learn more about those updates from Apple’s website.


I tried an LTE laptop for a month, and I wasn’t really convinced

LTE laptops offer up plenty of benefits and are becoming more common. After spending one month with one in my daily life in New York City, I really wondered if it is something that consumers really need in their lives.

5 reasons your Macbook keeps restarting and how to fix the issue

It can be frustrating when your Apple MacBook keeps restarting, but this serious problem can be fixed! We'll go over the common causes for this issue, what you can do to fix them, and why it's okay to take your Mac to a pro!

With 20,000 sites swallowed up, a botnet is eating WordPress alive

A botnet of infected WordPress sites has been attacking other WordPress sites, generating up to five million malicious logins on certain WordPress backends within the last thirty days.
Smart Home

Man claims hacker talked to him through his Nest security camera

An Arizona man claims a white hat hacker was able to communicate with him through a hacked Nest Cam IQ internet-connected security camera and warn him about a vulnerability in the device.

These are the 5 best free antivirus apps to protect your MacBook

Malware protection is more important than ever, even if you eschew Windows in favor of Apple's desktop platform. Thankfully, protecting your machine is as easy as choosing from the best free antivirus apps for Mac suites.

Snatch Apple’s 2017 15-inch MacBook Pro for up to $1,200 off at B&H

The latest deal at B&H is offering up 2017 15-inch Apple MacBook Pros, in space gray and silver, with Intel Core i7 quad-core CPUs, 16GB of RAM, and AMD Radeon Pro 560 GPUs with up to 2TB of SSD storage.

Microsoft’s Chromium Edge browser may be adding your Chrome extensions

Fans sticking to Google Chrome because due to its vast extension library might be able to switch over to Microsoft's latest iteration of Edge, as a project manager confirms that the company has its eyes on Chrome extensions.

Apple Mac users should take a bite out of these awesome games

Contrary to popular belief, there exists a bevy of popular A-list games compatible for Mac computers. Take a look at our picks for the best Mac games available for Apple fans.
Emerging Tech

An A.I. cracks the internet’s squiggly letter bot test in 0.5 seconds

How do you prove that you’re a human when communicating on the internet? The answer used to be by solving a CAPTCHA puzzle. But maybe not for too much longer. Here is the reason why.

Qualcomm’s dual-screen PC concept looks like two connected Surface Go tablets

In Qualcomm's video teaser, we got a glimpse of the company's vision for how a dual-screen ARM PC should work. The internet reacted to Qualcomm's video, calling the device in question merely a mashup of two Surface Go tablets.

Check out the best Green Monday deals for those last-minute gifts

Black Friday and Cyber Monday have come and gone, but that doesn't mean you've missed your chance of finding a great deal. We're talking about Green Monday, of course, and it falls on December 10.

Hololens 2 could give the Always Connected PC a new, ‘aggressive’ form

Microsoft is said to be leaning on Qualcomm to power its Hololens 2 headset. Instead of Intel CPUs, the next Hololens could use a Snapdragon 850 processor, allowing it to benefit from the always-connected features.

Chrome’s dark mode may cast its shadow over Macs by early 2019

By early 2019 Google may release a version of Chrome for Mac users that offers a Dark Mode feature to match MacOS Mojave's recent darkening.

These laptop bags will keep your notebook secure wherever you go

Choosing the right laptop bag is no easy feat -- after all, no one likes to second-guess themselves. Here are some of the best laptop bags on the market, from backpacks to sleeves, so you can get it right the first time around.