[Cryptography] Security weakness in iCloud keychain

Jerry Leichter leichter at lrw.com
Wed May 2 22:48:29 EDT 2018 

> I have a “sacrificial iPod” that I don’t use for anything mission-critical in order that I can update it and evaluate the latest Apple software without having to worry about bugs and backwards-incompatibility (which are serious issues in the Apple ecosystem nowadays).  I also have about a dozen other Apple devices.  All of them are logged into iCloud...
> 
> None of these devices have iCloud Keychain enabled except the iPod.  Nonetheless, the latest iOS update (11.3) includes a new password manager feature, and that drew my attention to the fact that somehow ALL of the passwords on ALL of my machines were resident on the iPod, and accessible in plain text with nothing more than the iPod’s PIN code (which is only four digits because it’s supposed to be a non-mission-critical machine).
The only way they would get into iCloud that I know is if, at some point, they were uploaded from some other device.  While it's possible there's a bug that causes uploading even when you don't explicitly enable it, it's also possible that at some point in the past you had it turned on.

> When I discovered this, I disabled iCloud Keychain on the iPod, whereupon it asked me if I wanted to delete all my passwords from the iPod.  Of course I said yes.  Nonetheless, the passwords are still there, and now I don’t know of any way to get rid of them except to manually delete them one by one.  And there are a LOT of passwords.  And not all of them are mine.  It seems to have grabbed every password that anyone who has ever had an account on any of my machines has ever had.
That's really bizarre.

I actually *do* have iCloud synchronization for passwords turned on, but I get something very different - and consistent with the documentation:  The only passwords on the device are the ones saved for specific web sites.  I have tons of others, and they don't show up.

> 
> This leaves me wondering:
> 
> 1.  How did these passwords get there?  It must have been through iCloud Keychain, but that feature is definitely disabled on all my other machines.
> 2.  Does the fact that I can access stored passwords in plain text without the password that secures my active keychain belie Apple’s claim that these passwords are encrypted and can’t be read by Apple?  I can’t think of any way that Apple could transfer my passwords to my iPod and make them readable without my knowledge if Apple cannot read them.
Apple has a whole document describing this.  What it comes down to is that when the passwords are on one of your devices, they are encrypted using a key derived from the device password and a long device-unique value; that value cannot be exported from the device.  When stored in Apple's servers, they are stored encrypted with a key derived from the iCloud password and a unique value stored in the server, which cannot be exported from the server.  (Both the server and each device have an internal key manager implemented in hardware designed to keep the unique key within them secure.)  So *at the moment you are uploading or downloading a password*, Apple does indeed have access to it; but "at rest", it doesn't.

> 3.  Is this behavior known?  I can’t find anything written about it on the web.  But it feels to me like this should be a major scandal.  I had no idea that this iPod had such a huge vulnerability, so I hadn't taken any measures to secure it.  If it had fallen into the wrong hands it could have been a total catastrophe.
New to me.  It seems to me that something odd happened during the history of your devices.  Definitely a bug, but what *kind* of bug, and who it might affect, isn't clear.  Apple accepts reports of security bugs.  There's a description at https://support.apple.com/en-us/HT201220 - read past the stuff at the top about *getting* security patches.
                                                        -- Jerry

More information about the cryptography mailing list