How To Hack Apple Mac In Less Than 30 Seconds
ubuntu google drive
Previously we have seen security researchers cracked the security system of Windows 10 browser, Adobe Flash, Safari and even Google’s Pixel phone in few seconds. Another similar type of news just popped up this month which allows hackers to guess your credit/debit card PIN in just 6 seconds.
Recently, a security researcher has exploited a flaw in MacOS and used his $300 device and open source software to hack a sleeping Mac. The Swedish security researcher Ulf Frisk had demonstrated a new device that can steal the password from any Mac that’s sleeping or locked.
Frisk on his blog post explained the hardware that he used to hack a Mac costs only $300 to build. This device can be connected to a Mac through Thunderbolt port. The vulnerability that makes this hack possible exposes the Mac to DMA (Direct Memory Access) because it allows Thunderbolt devices to read and write memory.
Mac stores the password in memory in clear text. So, whenever the computer enters the sleep mode, the password resides there. During the rebooting process, there is a time window of a few seconds before the memory containing the password is overwritten with new content.

How To Hack Apple Mac In Less Than 30 Seconds
ubuntu google drive
So, any attacker just needs to connect the hacking device with an another laptop to Mac’s Thunderbolt port and force a reboot. The attack will also need Frisk’s open source PCILeech software. Frisk explains in a blog post:
“Anyone including, but not limited to, your colleagues, the police, the evil maid and the thief will have full access to your data as long as they can gain physical access – unless the mac is completely shut down. If the mac is sleeping it is still vulnerable. Just stroll up to a locked mac, plug in the Thunderbolt device, force a reboot (ctrl+cmd+power) and wait for the password to be displayed in less than 30 seconds!”
Frisk also shared a video that clearly shows how an attacker can use his device to hack Mac in 30 seconds. You can read out Frisk’s blog post for more technical details.
Axact

Axact

Vestibulum bibendum felis sit amet dolor auctor molestie. In dignissim eget nibh id dapibus. Fusce et suscipit orci. Aliquam sit amet urna lorem. Duis eu imperdiet nunc, non imperdiet libero.

Post A Comment:

0 comments: