John E Dunn for Macworld on a new “forensic” piece of software that can crack into Apple’s FileVault 2 encrypted systems:
Put another way, the product cannot extract encryption keys on static data or before the keys have been summoned as part of the logging-in process. As long as the login is not automatic users should be safe.
In the case of FireVault, hackers also need to get to the memory contents through a working FireWire port so remote access is not possible.
I am guessing that a locked screen will still count as “logged in”. So if traveling it might actually be a fantastic idea to actually turn your laptop off so that this software cannot be used to hack into it.
One other interesting thing is that FireWire must be used. I am assuming you could use Thunderbolt to get a FireWire port, but what about on my 2010 MacBook Air that has only USB?
Update: Thomas Brand chimed in to confirm my suspicions about Thunderbolt:
@BenjaminBrooks After looking at the FireWire FileVault 2 exploit it looks like that Thunderbolt would provide the same bus level access.— Thomas Brand (@ThomasBrand) February 3, 2012
@BenjaminBrooks Thunderbolt and FireWire access data directly from the system bus allowing the exploit. USB goes through the CPU.— Thomas Brand (@ThomasBrand) February 3, 2012