It has been a heated topic of debate when it comes on to Apple Products, “Do Macs get viruses? Do Macs need an antivirus? Why you DO need security software for your Mac”. Usually, mac users would state NO in all caps, but the truth is, all software is prone to hacks and viruses. What’s more interesting is that Apple will offer upwards of USD$200,000 for reports of security flaws that can be validated. In a post my Haslam(2016), she stated that “The Mac is generally considered to be safe and secure, and there are a number of reasons why Macs are considered more secure than PCs”
Mac operating system is Unix-based, which offers a number of security features built-in.
Mac’s Password Management System
The name of the native password management system used by Mac is “Keychain”. This system can store all your passwords for applications, namely:
- System Applications
- Credit Cards
- Personal identification numbers (PINs) for bank accounts.
Just to name a few.
Installing applications to crack a native software does not sound safe, nor do I think is it recommended; however, I can only hope for the best and follow through and use a Virtual Machine by way of Parallels Desktop.
I will be attempting to crack this management system using Elcomsoft Password Digger.
Elcomsoft Password Digger is a Windows tool for decrypting the content of system and user keychains pulled from a Mac OS computer. The tool exports the full data set into an XML file or builds a filtered dictionary for using with password recovery tools. The system and all user keychains can be decrypted.
First Finding the KeyChain Files
- Macintosh HD > Library > Keychains, figure 1.0
- Copy Files
- Paste file within the virtual system
- Download Software from Website(https://www.elcomsoft.com/epd.html)
Figure 1.0 Mac’s Keychain location
However this has proven to be unbreakable, the encrypted password for the file can’t be broken with any known attack software, thus I decided to take another approach; one that would require changing the user’s password via recovery mode. Macs have no very shocking weakness and that’s it recovery mode. The following can be achieved by someone not knowing your password but access to the recovery mode settings.
Figure 1.1 Illustrates recovery mode default options
How to enter recovery mode.
- Boot the computer in the recovery mode using Command-R whilst booting
- Choose Utilities > Terminal
- Type resetpassword
- Press Enter
- The Reset Password Utility window will open
- Select the user profile
- Enter new password
- Confirm new password
- Press Save
- Reboot Computer and login with a new password
Following these steps allow you to do both these things, log in as root and configure a new account(Figure 1.2 – 1.3) or log in with an existing username(Figure 1.4). Has discussed earlier the Keychain will be your only issue as resetting the password of the user does not affect or reset the Keychain’s password.
Figure 1.2 root access option
Figure 1.3 Illustrates a new account set up via root
Figure 1.4 Illustrates Keychain authentication for the old user and old password
In conclusion, I am genuinely shocked and I am set up a firmware password immediately. By setup same Mac prompts for a password whenever the system is being started up from another drive, or from OS X Recovery, rather than allowing access by default.
Haslam, K. (2016) Do Macs get viruses?, Available at: http://www.macworld.co.uk/how-to/mac-software/are-macs-safe-virus-hackers-malware-antivirus-ransomware-bounty-3454926/ (Accessed: Aug 23, 2016).