According to Passware Inc, a computer forensics and password discovery company, all it takes is a common Firewire cable and some software to suck the password out of a locked or sleeping Mac.Passware’s Passware Kit Forensic v11 isn’t cheap at $995.00, but in the right hands, it could be devastating.
It works even if the computer is locked and sleeping by piping out the computer’s temporary RAM, then decoding it to expose passwords in a matter of minutes.
There’s no reason to panic just yet; if you shut down your computer at the end of the day, you have nothing to worry about.
But in large offices containing tons of Macs and frequent visitors, swiping a password would be as easy as sitting down after hours and plugging in a computer for a few minutes.
Using the software, a thief could grab your administrator password, as well as your entire Mac Keychain which contains all your saved passwords you use on the internet.
According to TUAW, the security hole has been present since 2008. Until today, it hasn’t been as easily exploited and manipulated.
In a press release, Passware noted that despite Apple touting the brand new OS X Lion as the most secure Mac OS X ever, the software still works. Even if you enable Lion’s new system-wide FileVault feature, Passware’s software cannot be blocked.
Passware claims that they have alerted Apple to the vulnerability.