Forensics software vendor Passware has released a new version of its Passware Kit Forensic, which the company says is capable of recovering the encryption keys for Apple's (NASDAQ: AAPL) FileVault 2 full disk encryption. This is done by examining a system that is currently logged in and sieving through the system RAM via a FireWire port to recover the password in "no more than" 40 minutes.

The tool is capable of doing the same with Microsoft's (NASDAQ: MSFT) BitLocker and popular open source encryption software TrueCrypt.

The susceptibility of the FireWire port to such an attack has already been known for years now, and has to do with how FireWire is really an extension of the system bus. This means that it is possible to use a FireWire port to read and write directly into system memory--with only the operating system memory obfuscation technology standing in its way.

"Live memory analysis opens up great possibilities to password recovery and decryption. Every user should be aware that even full disk encryption is insecure while the data rests in computer memory," says Passware's president, Dmitry Sumin.

There is no need to panic though. To secure this security vector, Passware suggests turning off the computer instead of putting it to sleep, and the "Automatic Login" setting should also be disabled. Doing so will ensure that passwords are not present in the system memory, which makes retrieval impossible.

Aside from FireWire ports, one related area of concern is that a similar exploit could be conducted via Thunderbolt ports, which are expected to become the de facto standard for Macs as well as PCs. The up and coming high-speed bus may facilitate the recovery of encryption keys in an even shorter amount of time.

For more:
- check out this article at AppleInsider
- check out this article at TechWorld
- check out this article at CNET Reviews

Related Articles:
iPad takes root in the enterprise, but Apple lags on security
Security flaw spills Mac OS X Lion passwords in sleep mode
Apple laptop batteries can be hacked and destroyed