Apple's Safe-Sleep and privacy

Safe-Sleep is a technology from Apple — similar to the hibernation in Windows systems — that allows Mac OS X to save the contents of the entire RAM into the filesystem when the computer is put to sleep. This helps the system surviving a complete power loss, for example, like when replacing batteries on the fly.

The entire contents of the RAM are stored in /private/var/vm/sleepimage completely un-encrypted, even if the user explicitly configured FileVault or an encrypted swap. A possible reasoning for this is that sleepimage is a per-system, and not a per-user, file and thus completely unrelated to FileVault and I guess that encryption is not possible since the firmware needs access to some contents of this file.

While Safe-Sleep could seem like a nice feature for Mac OS X, for me it constitutes a big threat to my privacy. In fact, I’ve seen my log-in password stored in plain text in /private/var/vm/sleepimage a couple of time which, of course, scares me.

To disable Safe-Sleep, run the following command:

sudo pmset -a hibernatemode 0

If you ever want to re-enable Safe-Sleep, run the following command:

sudo pmset -a hibernatemode 3

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s