If you aren’t using FileVault on your Mac, it’s time to change that right now. There’s a stunningly simple way to create a back door into your Mac using just the tools included with macOS, but all it takes to defeat the threat is FileVault.
FileVault is Apple’s full disk encryption feature that’s built into macOS. With it enabled, the entire contents of your SSD or hard drive is encrypted and accessible only when you log in to your user account. Booting your Mac into Safe Mode leaves your drive encrypted and accessible only after entering your passcode.
Apple uses XTS-AES-128 encryption with a 256-bit key to keep your data locked down and private. That’s great for keeping prying eyes out of your drive if your computer is lost or stolen.
The Simple Back Door Hack into Your Mac
FileVault also protects you from the simple back door hack Tokyoneon details at the Wonder How To website. Setting up the back door requires hands on access to your Mac, and some quick command line work.
Setting up the back door starts with booting into Single User Mode. After that, you use Netcat and Cron along with a couple simple scripts to create an always accessible back door into the computer. Anyone with basic command line skills can set up the back door in a matter of minutes, and you’d be none the wiser.
Once the back door is in place, the attacker can remotely access your computer with full command line access to your files. They can also remotely run other apps and create new scripts without you knowing.
All of this is possible if FileVault is disabled. Since the boot process into Single User Mode requires your password to decrypt your Mac’s drive, would be hackers are stopped dead in their tracks; no way to get to the command line, and no way to set up their back door and other scripts.
How to Enable FileVault on Your Mac
Enabling FileVault is pretty simple and the added protection you get is worth the couple minutes it takes to set up. Here’s how to enable FileVault on your Mac:
- Go to Apple menu > System Preferences
- Click Security & Privacy
- Select the FileVault tab
- Click Turn On FileVault
FileVault will encrypt your drive in the background so you can keep using your Mac. FileVault works transparently, which means you don’t have to do anything differently once it’s enabled.
With FileVault enabled, the files on your Mac have an extra layer of protection—and you’re protecting yourself from anyone trying to sneak a back door into your Mac using Tokyoneon’s simple technique.
I have an iMac running OS 10.13.4 on an SSD(APFS) and an internal HD(Mac OS Extended) with 2 partitions, one is a CCC back-up of the SSD, and the other holds my iTunes library. Externally I have a Drobo with 3 partitions. One is for Time Machine; another holds a second System back-up of the SSD, and the third holds a back-up of my iTunes Library. My question is “how many of these ‘disks’ will be encrypted when FileVault is activated? If my System back-ups on the HD and the Drobo are not encrypted, can these still be hacked with the ‘backdoor’?
Obviously, the hacker may have to wait a long and uncertain time before the system crashes and is restored from the hacked back-up!
Am I worrying unnecessarily?
Regards
John
This hack can also be prevented by having a firmware password set on your Mac. Once a firmware password set, a user can’t boot into single-user mode until the firmware password is disabled…and doing so requires knowing the firmware password.
Maybe things have changed, but every time we’ve set up File Vault, it’s resulted in extra boot time, more sluggish performance, and a hassle with passwords and backups. I’ve avoided it for years.
So, please explain how it currently works. If there are obvious downsides in regular use, etc.
Also, if one’s laptop has been in the shop, would a complete reformat and setting the device as new eliminate any prospect of this hack still being there?
I had a feeling that FileVault was now one of the questions in the new Mac setup assistant steps but maybe I’m mistaken, or maybe it’s only on laptops?
But no, it can’t be turned on at the factory and, as unfortunately a client of mine who has forgotten her password found out this week, it needs to be paired with a backup regime.
I believe there is a final step in the process of turning on FileVault that is not being mentioned and that would preclude it being on by default.
Thanks, Jeff.
While I turn on FileVault on my (and my wife’s) Macs as the 3rd thing I do at setup (1. turn on the firewall, 2. run software update) I would say that most people, especially non-technical folks, do not.
Therefore, since I know that all Apple executives read TMO … Hey Craig F., how about making it so that you have to turn FileVault off if you don’t want it in macOS Even Higher Sierra (that is your marketing name for the next version, right?)???
Old UNIX Guy