Friday, March 9, 2012

Disable FireWire completely on Mac

using inception, its super easy to dump a Mac's ram through the DMA feature of FireWire. This includes plaintext login passwords. I tried it, i saw my password, i wept.

Next step? obliterate firewire.

First step, move the firewire kext folder to you home directory for a backup:

sudo mv /System/Library/Extensions/IOFireWireFamily.kext ~

then make a placeholder directory for kicks and fun

sudo mkdir /System/Library/Extensions/IOFireWireFamily.kext/

then boot the mac using a system disk to set an openfirmware password.

once you set the password, the attack kind of stops working.


No comments:

Post a Comment