Richard Bucker

Apple OSX FileVault - a false sense of security

Posted at — May 20, 2012

The guys at Apple have done a pretty poor job describing the inner workings of FileVault and FileVault2. I’m sure that part of that is for security through obscurity. And the rest might be FUD like federal agency back doors. Recently there was a well publicized DEBUG flag that put the user’s password in the clear on the disk.All of that aside. Back in 2011, ¬†when I was working onsite in Sweden, my laptop decided to stop working. The problem was quite serious and at some point in the diagnostic I was whacking it against a coffee table. On the upside; my client had a contract with Dell who provided many hundreds of identical mini laptops running the latest Ubuntu with a totally encrypted hard drive. The user had to enter a password for the encryption and then a userid and password to win access to the OS. What was interesting about this model was that unless someone entered the HDD password there was no way to get to the data. I’m fairly certain that the password contained some shared info between the CPU, the user and Dell; in some way.The way that Apple is doing things with FileVault2 is almost similar, however, it’s never clear whether the user’s userid and password are sufficient to get past the encryption. In which case not everything is encrypted. This is especially bad if the users' name and picture are displayed in the login screen. A bad guy prone to violence or severe measures can now match a user to his or her hardware definitively.In many ways the original FileVault is better. (1) because only the encrypted data is encrypted. DUH! and therefore the CPU cost to decrypt can be reduced for things like audio and video files. (2) It takes the actual users' credentials in order to access the data which has the downside that the OS could always be compromised.I think I like the Dell approach. It’s overt and so there is mo mistaking that the system is encrypted. The Apple version leaves too many questions for the legitimate user.