April 27, 2007
MacLockPick cracks your files like eggs
Posted Apr. 27, ’07, 9:48 AM PT by Dan Moren
Category | Security
Ever since I was a young tot, I’ve been fascinated with the ins-and-outs of espionage. Later in life, this merged with my interest in technology, enough so that I learned a few simple tricks that could be used to prank friends (spoofing email from our college registrar’s office, for example; or cracking a login password), but I’m a far way from a l33t über hacker.
And while there’s virtually no way I’ll ever get my hands on SubRosaSoft’s new MacLockPick device, it doesn’t mean that I don’t crave a hands-on with the little feller like a junky jonesing for his next hit. This $499 flash drive (discounts are available for bulk purchases and police) is available only to law enforcement personnel and licensed investigators (proof of which is required to buy it—I’m guessing that plastic badge I have won’t cut it). But just pop it into a running or sleeping computer’s USB port and it’ll retrieve oodles of information about your perp. Frankly, the list of stuff it can pick up is terrifying—it’ll make you glad this sucker isn’t available to every Tom, Dan, and Harry who should happen by:
System - The user password of the logged in user. Often this is shared for root access and FileVault encryption.And that’s just what it pulls from the keychain. How does it work? According to the product page:
General - Includes (but is not limited to) passwords for encrypted disk images, wifi base stations, iTunes music store, iChat login, Apple Remote Desktop.
Internet - Includes (but is not limited to) login and password details for web sites, email accounts, some peer to peer networks, online services and stores, auction sites, and .mac accounts.
AppleShare - A list of login and password details for appleshare servers this mac has connected to.
MacLockPick takes advantage of the fact that the default state of the Apple Keychain is open, even if the system has been put to sleep.It also makes use of the openly readable settings files used to keep track of your suspect’s contacts, activities and history. These data sources even include items that your suspect may have previously deleted or has migrated from previous Mac OS X computers.Sounds as though it’s time for a little primer on keeping your keychain secure. Here’s hoping that I never end up on the wrong side of the MacLockPick—not that I have anything to hide. Heh heh. Er, I have to go now.
[via Macworld]
Update: Clarified pricing.
6 Comments
Leave a comment
Recent Entries
Ch-ch-ch-ch-changes afoot at MacUser
The Macalope Weekly: Leopards and monopolies and DRM! Oh, my!
Apple levels DMCA on iPodhash project
iPod touch users get second classed again with the omission of new Maps features
Apple Pro Applications Update 2008-004 makes your day
iTunes v8.0.2 comes riding on the coattails of iPhone firmware v2.2
About MacUser
MacUser is your source for news, info, and opinion about Apple, the Mac, and the iPod. Our dedicated team of bloggers covers everything that is relevant to Mac users — and, okay, some stuff that’s not quite relevant, but is still a lot of fun.
Subscribe/RSS
- Blog Posts
- Blog Comments
- Podcast (RSS) (iTunes)
Tip us off!
- Email: macuser [at] macuser [dot] com
Recent Comments 
- Dan Moren on iPod touch users get second classed again with the omission of new Maps features
- johnnydfred on iPod touch users get second classed again with the omission of new Maps features
- on iPod touch users get second classed again with the omission of new Maps features
- Neurotic Nomad on Apple levels DMCA on iPodhash project
- Dan Moren on iPod touch users get second classed again with the omission of new Maps features
- Me Again on iPod touch users get second classed again with the omission of new Maps features
Categories
- Apple (234)
- Advertising (162)
- Events (235)
- Huh? (182)
- Humor (259)
- News (148)
- People (258)
- Rivals (405)
- Speculation (167)
- Steve Jobs (172)
- Stores (206)
- Apple TV (58)
- Business (451)
- Games (143)
- Geekery (460)
- Hardware (935)
- Accessories (79)
- Intel Macs (162)
- Ihnatko (18)
- Internet (463)
- Legal (244)
- MacUser (94)
- Macalope (8)
- Money (177)
- Music (344)
- Podcasting (100)
- Photography (74)
- Security (246)
- Software (1544)
- Updates (538)
- Tips (352)
- Troubleshooting (189)
- Video (403)
- Windows (219)
- iPhone (199)
- iPod (602)
- iPod Accessories (96)
- iPod Software (61)
- iTunes (128)
- iTunes Store (443)
Archives
- November 2008 (91)
- October 2008 (138)
- September 2008 (151)
- August 2008 (177)
- July 2008 (175)
- June 2008 (171)
- May 2008 (185)
- April 2008 (234)
- March 2008 (217)
- February 2008 (215)
- January 2008 (239)
- December 2007 (169)
- November 2007 (164)
- October 2007 (187)
- September 2007 (167)
- August 2007 (195)
- July 2007 (152)
- June 2007 (223)
- May 2007 (243)
- April 2007 (286)
- March 2007 (288)
- February 2007 (250)
- January 2007 (266)
- December 2006 (244)
- November 2006 (293)
- October 2006 (307)
- September 2006 (250)
- August 2006 (268)
- July 2006 (288)
- June 2006 (293)
- May 2006 (297)
- April 2006 (351)
- March 2006 (366)
- February 2006 (110)
- January 2006 (107)
- December 2005 (23)
Mac Publishing Sites
Links
Now THIS is the kind of security exploit that's a lot more worrisome than the browser-QuickTime-Java one that's been garnering all the recent and unwarranted attention.
If a developer can create a law-enforcement product that can do this, I'm sure the talented hacker community can come up with the same abilities for their own nefarious ends.
Apple, please add this open keychain access to your patch list.
If the keychain is locked with an admin password of the user, how does this thumbdrive get access to the keychain info? I would be very curious to know how?
It's $499 not $399
There's nothing to patch in Keychain Access. The article plainly stated that MacLockPick takes advantage of the DEFAULT (emphasis mine) state of the keychain. To change the default behavior, open Keychain Access, select the keychain login in the upper left pane, in the Edit menu select Change Settings for Keychain "login"..., and in the popup window you can check Lock when sleeping and/or Lock after N minutes of inactivity. This will result in different behavior when waking from sleep, like if you connect to a wireless network that uses encryption you will have to enter your keychain password to reconnect to the network, or if you are on a wired network, the next time you check email you will have to enter your keychain password. Security and convenience are usually trade-offs, and Apple has given you the flexibility to choose which is more important to you.
Agreed. Apple needs to close this door. Fast.
Scary...