Security Fail: Apple iOS Password Managers

  /     /     /  
Publicated : 22/11/2024   Category : security


Security Fail: Apple iOS Password Managers


Claims of military-grade encryption on smartphones are vastly overstated by almost every maker of Apple iOS password safes, say researchers at Black Hat Europe.



Anonymous: 10 Facts About The Hacktivist Group (click image for larger view and for slideshow)
To riff on the old Steve Martin joke about cats: Do you have a password manager on your mobile device? Do you trust it?
If so, that trust may be misplaced. Speaking Friday at Black Hat Europe in Amsterdam, two
security researchers from Elcomsoft
detailed a study theyd conducted of 13 Apple iOS password managers (a.k.a. password keepers, wallets, or safes). Only one of the tested products, however, had properly implemented
strong crypto
.
Most people who develop password keepers, I believe theyre very good programmers, but they need to study security, said Elcomsofts
Dmitry Sklyarov
.
The sole exception they found in testing a sample of popular apps was Strip Lite, a free password manager from Zetetic. Strip Lite computes an encryption key using 4,000 iterations of PBKDF2-SHA1, together with a per-database salt (random bits). All this makes it very difficult to crack the password it generates, which means that the app does a good job of securing passwords.
[ The mobile ecosystem has a lot of growing up to do. Read more at
Mobiles Cryptography Conundrums
. ]
Elcomsofts Andrey Belenko also said that a $10 product they tested called mSecure seems not bad, in part because of its use of Blowfish encryption.
The researchers studied a total of seven free applications and six paid ones. On the free front, Sklyarov dubbed three of the apps--iSecure Lite Password Manager, Secret Folder Lite, and Ultimate Password Manager Free--as the unsafe triplets. All three use the exact same underlying software code but have a different name and graphical user interface, and all store their master passwords in unencrypted form on the device, which makes retrieving the password a trivial matter. Other free applications studied were Keeper Password & Data Vault (from Callpod), My Eyes Only--Secure Password Manager (Software Ops), Password Safe--iPassSafe free version (from Netanel Software), and Zetetics Strip Lite.
For paid applications, the researchers Googled top password keepers for iOS and picked six that looked popular: 1Password Pro (Agilebits, $15), DataVault Password Manager (Ascendo, $10),
LastPass for Premium Customers
($1/month), mSecure Password Manager (mSeven Software, $10), SafeWallet--Password Manager (SBSH Mobile Software, $4), and SplashID Safe for iPhone (SplashData, $10).
The researchers began their testing project after a British law enforcement agency asked Elcomsoft how hard it would be to crack a SplashID database password, which the agency had encountered during an investigation. SplashID Safe for iPhone appears to be one of the three most popular password safes for the iPhone, with about a half million users.
On the positive side, the researchers found that SplashID Safe uses Blowfish, for which password experts have spent less time developing cracking tools. On the negative side, SplashID Safe uses a hard-coded key to encrypt a users master password, thus making that master password instantly recoverable to anyone who can access the device and get past the iOS passcode entry requirement (if its been enabled). In other words, the software may store passwords, but it effectively fails to secure them.
Based on their research, in fact, the researchers said that the single best way to secure passwords or any other data on an iOS device is to enable the iOS security feature that requires a passcode to be entered to unlock the device. Always use a passcode for iOS devices, and use something more complex than the standard four-digit passcode, because ... a four-digit passcode can be brute-forced in less than two hours for any device before the iPhone 4S, said Belenko.
The security situation improved with the iPhone 4S, the iPad 2, and the
new iPad
, because all password-cracking attempts must be done on the device itself. This greatly slows attackers because there are no publicly available exploits that can be utilized to recover the passcode, according to Belenko. (For older devices, the iOS passcode hash can be recovered, transferred to another computer, and then subjected to a brute-force attack.) Of course, do not jailbreak the device, because youre making the ecosystem more open, but youre also making it more open for bad guys, he said.
That iOS security technique aside, why did so many password safe apps fail at security? For starters, many of the tested products use AES encryption, and password researchers have created AES-cracking tools optimized for the ultra-fast
graphics processing unit (GPU)
now built into most computers. Combined with the poor crypto implementations seen in almost every tested product, the use of GPUs allows attackers to--in many cases--test millions of possible passwords per second, and for some password managers up to 20 million passwords per second. For comparisons sake, when attempting to crack passwords for Microsoft Office 2007 documents, attackers can currently test only about 5,000 passwords per second.
Belenko said that he himself had been using 1Password Pro, which may be the most-installed password manager for Apple iOS. But he ceased using it after testing the applications cryptography. When we recovered my master password in five seconds? That was a moment, he said.
Meanwhile, some password managers encrypt passwords by using the cryptographic hash function MD5. Callpods Keeper Password & Data Vault, for example, claims to have military-grade encryption--thanks to MD5--which it says means that you can trust that no one else will have access to your most important information. Except that MD5 must be used properly, since researchers have devoted extensive resources to defeating it. MD5 is like a platform for testing skills on GPU acceleration, said Sklyarov.
For Keeper Password, however, GPU cracking isnt even required, since the product fails to salt its MD5 passwords. That means that an attacker could simply reference
rainbow tables
--lists of the password equivalent for any given hexadecimal hash--which are freely available on the Internet. Type the hexadecimal hash in Google, and in many cases you will find the password value in less than a second, said Skylarov.
The same weak crypto that makes it easy to test millions of possible passwords per second also means that users would need relatively long passwords--typically, 14 characters or more in length--if they want to make their password uncrackable by an attacker in less than 24 hours. Of course, almost no one will use a password of that length, given the usability challenge of reliably entering so many characters via a touch screen. As a result, most real-world password safe master passwords are relatively easy to crack.
In response to a question from the
Black Hat
audience about whether these password manager cryptography problems had been shared--per
responsible disclosure guidelines
--with the relevant developers, the Elcomsoft researchers said theyd declined to notify vendors. We dont think this will provide any benefit because this isnt a bug, this is architecture, said Belenko.
In other words, the applications dont have code-level errors that can be patched. Rather, most of their developers appear to have failed to understand how to properly implement cryptographic features. Its very bad for the industry: security that doesnt provide security isnt a very good thing, Belenko said. If you dont really need the password manager, wed probably recommend that you dont use it.
InformationWeek is conducting a survey to determine the types of measures and policies IT is taking to ensure the security of the full range of mobile assets on cellular, Wi-Fi, and other wireless technologies. Upon completion of our survey, you will be eligible to enter a drawing to receive an 32-GB Apple iPod Touch. Take our
Mobile Security Survey
now. Survey ends March 16.

Last News

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Security Fail: Apple iOS Password Managers