toggle

AAPL Stock: 497.67 ( 0 )

MacLockPick utility extracts passwords

updated 11:10 am EDT, Fri April 27, 2007

MacLockPick released


SubRosaSoft.com today released MacLockPick, a new live forensics tool for extracting passwords, internet history, and system settings from Mac OS X systems. The utility is designed for law enforcement professionals to perform live forensics and is based on a USB Flash drive that users insert into a suspects Mac OS X system -- running or sleeping -- to extract data from the Apple Keychain as well as system settings, providing examiners with fast access to critical information with as little interaction or trace as possible. MacLockPick is priced at $500 for licensed investigators, or $450 for State and local law enforcement professionals. Licenses for Federal law enforcement officers as well as purchases of five or more copies are available for $400 each.

The software compiles a database of the suspects information on the Flash drive to allow for easy transportation away from the suspect system, which is accessible via included log readers on other Mac OS X, Linux, and Microsoft Windows systems.

The application works to obtain Apple Keychain passwords including those for the logged in user, general passwords such as encrypted disk images or Wi-Fi base stations, and internet-related passwords including login and password details for websites as well as email accounts.

File and folder details collected include folder dates with a list of all the key user folders along with their creation, last modification, first access, and most recent access dates. Paths to the most recent disk images that were mounted on the subject Mac are also collected, with full paths to recent files viewed in the Preview program and file names for recently viewed QuickTime movies.

MacLockPick extracts the subject's instant messaging default login for iChat as well as a complete buddy list, including buddies who were already deleted. Email information is also collected, including account details with login names and server addresses used alongside Address Book contents -- including contacts that were deleted.

The utility also collects Web history and preferences such as search strings or cached bookmarks, and hardware preferences including iPod serial numbers that were connected to the Mac or Bluetooth devices that were paired with the system.


by MacNN Staff

print
email
(23)

TAGS :

 software, Other Applications

Related Articles

Recent Articles

toggle

Comments

  1. Cubester

    Fresh-Faced Recruit

    Joined: Jun 2001

    0
    04/27, 11:19am | report spam | Reply |

    Big Brother is watchng:

    This is hardly a cheering development. I wonder if some enterprising person will quickly release an effective countermeasure somewhere on the whispernet.

    Privacy advocates...what do you think??

  1. guzzi

    Fresh-Faced Recruit

    Joined: Jun 2006

    0
    04/27, 11:37am | report spam | Reply |

    Only law enforcement?

    How long befrore it's floating around the net?

  1. dynsight

    Fresh-Faced Recruit

    Joined: May 2005

    0
    04/27, 11:42am | report spam | Reply |

    filevault

    I thought that filevault would prevent this. The article makes no mention of it. From what I understood, file vault was impenatrable (although I have never used it).

  1. simdude

    Fresh-Faced Recruit

    Joined: Jun 2004

    0
    04/27, 11:45am | report spam | Reply |

    Interesting

    Well, privacy issues can be debated forever. I'm curious about this from a technical aspect though. How exactly can it extract data from a sleeping machine? It's a USB device that initiates a program as soon as it's inserted? I'm unaware of any way to do this. Any thoughts on how this could actually work?

  1. sammaffei

    Fresh-Faced Recruit

    Joined: Sep 2004

    0
    04/27, 11:46am | report spam | Reply |

    Missing feature...

    Ready-to-print warrant templates.

  1. suhail

    Senior User

    Joined: Nov 1999

    0
    04/27, 12:03pm | report spam | Reply |

    ROOT ACCESS

    I would guess the USB "drive" has a QuickTime auto-launch to run the utility, which uses an OS vulnerability to log in as root.

  1. Cubester

    Fresh-Faced Recruit

    Joined: Jun 2001

    0
    04/27, 12:06pm | report spam | Reply |

    Disable USB?

    I wonder if one can disable USB ports via Terminal or AppleScript? Put a complex password in there for good measure. Of course, any decent hacker can reboot and gain root access.

  1. si_lance

    Dedicated MacNNer

    Joined: Nov 2003

    0
    04/27, 01:12pm | report spam | Reply |

    physical access

    In the hands of a professional, having physical access to a machine will pretty much guarantee that it will be compromised. That being said, this little program will allow common thieves to do such. I hope Apple plugs whatever hole they are using. Sorry SubRosa, bad product idea.

  1. mitchcohen

    Fresh-Faced Recruit

    Joined: Aug 2005

    0
    04/27, 01:27pm | report spam | Reply |

    Requires logged-in user!

    Reading the product page... This requires a user to be logged in to use this product. The investigator manually launches the application on the flash drive (no autolaunch here).

    If your Mac requires your login password at startup, wake-from-sleep, or returning from screensaver your system should (from what they're saying) not be vulnerable to this product if in those states.

    The single most interesting "feature" is that this product can apparently determine the login password of the logged-in user. If that password is available anywhere, this is a security problem Apple should fix. Once the login password is known, then everything else is wide open and this product isn't doing anything unique (other than saving the investigator many manual steps).

    If you don't use Filevault, it's a trivial thing to image your hard drive then (from the image) gain access to most files. Accessing the keychain contents is not possible (or at least not easy) without the login password, but everything else is wide open. The purpose of Filevault is to protect all user items.

    Moral of the story... If you have private data on your computer, the minimum security you should use is to deactivate auto-login, and require password at wake-up/screensaver. Filevault is an excellent bonus but has a slight performance and reliability impact.

  1. mitchcohen

    Fresh-Faced Recruit

    Joined: Aug 2005

    0
    04/27, 01:29pm | report spam | Reply |

    Oh yeah...

    An important addition to my above comment - be sure your computer is in some mode that requires your password upon your return. Not doing so is practically an invitation for others to fiddle with your Mac.

Show More Comments

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

10 Most Read

Recent Reviews

Logitech Cube

The world of mice could often be described charitably as stagnant: it's an endless sea of ergonomic shapes that assume you're sitting ...

NewerTech and Targus USB Hubs For Gifts

A useful holiday present to resolve an ongoing frustration is a multi-port hub. Whether as a stocking stuffer, Chanukah present, or an ...

X-Rite ColorMunki Photo

Color calibration is the art of tweaking your monitor so that the colors represented on screen better match real life and your printer ...

toggle

Most Commented

10 Most Discussed

 

Popular News