Looks like a standard DMA attack. This problem has been known about forever, though I guess now people will stop thinking of it as an obscure hypothetical attack?
This is interesting, but is certainly not novel. I did a talk (in one of my grad school courses) in 2008 summarizing the Princeton research regarding attacks on encryption keys stored in memory (https://citp.princeton.edu/research/memory/). DMA and Firewire were both attack vectors mentioned in that paper.
Physical Access == Game Over
As the article notes, OS X is only vulnerable to this issue when the machine is unlocked as DMA access via FireWire is disabled while it is locked. If your machine is left unattended and unlocked then anyone with the ability to plug in a FireWire device could already cause you grief.
Shameless startup promotion here: PrivateCore (www.privatecore.com) is working on protecting against DMA and other memory extraction attacks, like non-volatile memory.
Check out the attack device we implemented and how we defend against it: http://www.privatecore.com/dma-attack-video.html
There seems to be two distinct types of attack for that attack vector: (1) bypassing OS logon screen by patching in-memory code (2) stealing password or encryption key for already-mounted encrypted volume
But bypassing or stealing password or key for cold, non-mounted volume is impossible: for example, TrueCrypt volume is mathematically indistinguishable from /dev/urandom output until exact password is provided.
At an old MacHack, someone was going around with a powerbook. They'd plug a cable into your mac, and start drawing things on your screen.
More than a few organizations shove hot glue into USB ports to secure the machine.
It's hard enough to get machines secure from drive-by web browsing attacks. Getting them safe from physical access is substantially, substantially harder.
A previous tool for the same class of exploits (Firewire DMA): http://web.archive.org/web/20100510013948/http://www.storm.n...
Were these kinds of exploits noted when writing the 1394 spec and ignored in favour of the DMA feature?
I just looked up IO MMUs, which can provide protection for this. Sadly, on Wikipedia, it looks like the hardware support for them is blotchy. http://en.wikipedia.org/wiki/IOMMU_hardware_list
Hopefully that'll get better.
The author of the tool commented in this thread on Reddit:
http://www.reddit.com/r/netsec/comments/15ydem/inception_is_...
Previously discussed (though not a very big turnout in the thread):
I am assuming this would not be a vulnerability against a laptop that is turned off, with disk encryption? e.g. I leave my laptop, off, in a hotel room? (I do realize there are other vulns in that scenario, e.g., hotel maid puts in a new BIOS chip that contains a keylogger.)
As the site says, OS X is mostly safe by default. DMA is disabled when a machine is locked or the user is not logged in[1], in OS X 10.7.2+.
[1] https://support.apple.com/kb/HT5002
(missed the note about this on the page the first time through, but I'm leaving this for others who may have missed it)