This Is How a Sleeping Mac Can Be Hacked in Just a Few Seconds
When users think of malicious viruses and hackings, they automatically thinkĀ of Windows computers. There is little talk about Macs being in danger as well. Therefore, Mac users are led to believe that their computers are invincible. Well, that has been proven to not be the case yet again. Ulf Frisk, a security expert from Sweden, has developed a hacking device that allows him to get access to a Mac in mere second.
Video Demonstration of the Attack
The device, according to Frisk would cost around $300 to make. All you need for the hacking, besides the Mac you want to hack, is the device and another computer. The device needs to be connected to the Mac, via Thunderbolt port, as well as to the other PC. Frisk notes that in order for the hacking to be successful, the Mac needs to be in sleep mode. When the device is connected to the sleeping Mac and the other computer, the Mac needs to be force rebooted. During the reboot, the password to your Mac becomes available for a couple of seconds and if the hacking device is connected, the password will appear on the second computer screen. The hacker can then use that password to gain access to your Mac and browse it as he/she pleases.
The Swedish security expert goes on to say: “Anyone including, but not limited to, your colleagues, the police, the evil maid and the thief will have full access to your data as long as they can gain physical access – unless the mac is completely shut down. If the mac is sleeping it is still vulnerable. Just stroll up to a locked mac, plug in the Thunderbolt device, force a reboot (ctrl+cmd+power) and wait for the password to be displayed in less than 30 seconds!”.
Frisk explains that anyone who has physical access to your computer could perform this hack. However, he notes that computers that are shut down would not be affected. While this is a very flawed way to hack someone, as you would have to have the computer in front of you, it is still rather unsettling that this is even possible. Fortunately, Apple has already fixed this vulnerability with the security update macOS 10.12.2, so the password should no longer be available during those few seconds. This just goes on to show how important it is to keep your computer updated. And while your computer is in little danger to get hacked using this device, as the hacker would have to have access to your Mac physically, Mac users need to be aware of the fact that their computers are not untouchable.