Extracting All Your Secrets: Vulnerabilities in Android Password Managers

PRESENTATION SLIDES (PDF)

There are different policies for the generation of secure passwords. However, one of the biggest challenges is to memorize all these complex passwords. Password manager applications are a promising way of storing all sensitive passwords cryptographically secure. Accessing these passwords is only possible if the user enters the correct master password, which is the only password that he needs to remember. At first, the requirements for a password manager application seem simple: Storing the passwords of a user in a secure and confidential way. On the other hand, the stakes are high. If the protection breaks, the attacker gets access to all of the user’s passwords. We therefore investigated what the reality looks like for mobile password manger applications on Android. Applications vendors advertise their password manager applications as “bank-level” or “military-grade” secure. However, can users be really sure that their secrets are stored in a secure way? Or can they be accessed by an attacker?

In order to answer these questions, we performed a security analysis on 15 of the most popular Android password manager applications (based on download count). The overall results were extremely worrying and revealed that allegedly secure password manager applications do not provide enough protection mechanisms for the stored passwords and credentials.  In this talk we will present the results of our analysis, including findings on well-known apps such as LastPass, Dashlane, Keeper and 1Password. In many apps, serious implementation flaws resulted in severe security vulnerabilities. Some applications stored the master password chosen by the user in plaintext or implemented hard-coded crypto keys in the program code. As a consequence, the crypto algorithm can easily be circumvented and all data becomes available to the attacker. In other cases, we could simply access all “securely protected passwords/credentials” with the help of an additional app. Once installed on the device, it extracts all passwords/credentials in plaintext and sends them to the attacker. In yet another case, we could use a so-called data residue attack to access the master key of an application. In most of the cases, no root permissions were required for a successful attack that gave us access to sensitive information such as the aforementioned master password. Furthermore, many of the apps completely ignore the problem of clipboard sniffing, meaning that there is no cleanup of the clipboard after credentials have been copied into it.

While this shows that even the most basic functions of a password manager are often vulnerable, these apps also provide additional features which can, again, impact security. We found that, for example, auto-fill functions for applications could be abused to steal the stored secrets from the password manager application using “hidden phishing” attacks. For a better support of auto-filling password forms in web pages, some of the applications provide their own web browsers. These browsers are an additional source of vulnerabilities, such as privacy leakage. In the talk, we will even show some cases of remote password stealing that were possible due to flaws in these integrated browsers.

In summary, we will show the most common implementation pitfalls and design failures as well as how we exploited them in the aforementioned Android password managers. We will show that a faulty concept will break the confidentiality even without root privileges. Furthermore, we explain countermeasures and best practice approaches to avoid these vulnerabilities.

CONFERENCE
Location: Track 1 Date: April 14, 2017 Time: 11:45 am - 12:45 pm Stephan Huber Steven Arzt Siegfried Rasthofer