Jump to content
Enpass Discussion Forum

Enpass affected by iPhone hack?


Fabian1

Recommended Posts

Maybe you read the headlines: There was a massive iPhone hack. A Google team has found that thousands of iPhones were hacked - just by visiting a infected website. This allowed the attackers comprehensive access to the data in the iPhone:

WhatsApp, Signal, SMS, gps-location, photos, contacts and - yes - even the keychain with the passwords should have been open.

An incredible Bug!

My question: Was Enpass also affected?

Could attackers - even theoretically - read the passwords from the Enpass database?

As far as I know, Enpass uses the iOS keychain to store the masterpassword, if you use biometric unlock.

Who knows more?

Edited by Fabian1
correction
Link to comment
Share on other sites

I dont think Enpass was targeted, there where easier, standardized targets with APi's like you mentioned. They also stole oath tokens meaning that no matter how you store your password, the resulting granting "ticket" for e.g Google or Microsoft Live was passed on.

But of course Enpass wouldnt sustain a root-level threat like that if being targeted. The security of an individual app cant hold up if security of underlying operating system is broken.

 

Link to comment
Share on other sites

Hi @Fabian1,

13 hours ago, Ivarson said:

Enpass wouldnt sustain a root-level threat like that if being targeted. The security of an individual app cant hold up if security of underlying operating system is broken. 

As stated by @Ivarson, Absolute security of an app is dependent on the OS itself. If integrity of operating system is broken and a adversary is able to run arbitrary code with root privileges, there is little Enpass can do to protect itself. However I would like to summarize, how Enpass stores its data and what happens if your use PIN or bio-metrics to unlock Enpass.

All of your data is stored in a database encrypted using your master password. None of your sensitive data is decrypted and stored in any of temporary file, except when you need to export an attachment to external app. Access/oauth tokens to cloud services are also stored inside this encrypted database. So, a stolen Enpass database file is as secure as its master password.

If you are using PIN to unlock Enpass or using bio-metrics on devices without secure enclave, master password is stored in the keychain in obfuscated (non-encrypted) form. In this case your master password can be obtained from keychain dump and adversary will be able to unlock your vault easily.

If you are using bio-metrics to unlock Enpass on devices with (A7 and above chip), your master password is stored as encrypted data in keychain with a key stored in Secure Enclave of device. Modern iOS devices (iPhone 5s above) have Secure Enclave and encryption keys are stored in separate execution unit with its own processor and ram. As per Apple 

Quote

The Secure Enclave provides all cryptographic operations for Data Protection, key management and maintains the integrity of Data Protection even if the kernel has been compromised.

It requires a very sophisticated attack to break into Secure Enclave. I have found no reference if the attack in question can lead to compromising of Secure Enclave too. So, your master password and hence all Enpass data is secure if Secure Enclave is resistant to the attack.

Cheers:)

 

Link to comment
Share on other sites

Dear Vinod,

Thank you very much for the very precise answer.  That was exactly what I wanted to know.

1. PIN use (or old iPhone) = security risk, if the iOS keychain is broken

2. Biometric-Unlock + Secure Enclave = may still be considered secure, no indication of compromise of the Secure Enclave

3. Enter password yourself = currently best security. Or is there any evidence, that the current hack could read/log all keystrokes on the iPhone? Do you store the clear text masterpassword in process memory of the kernel?

Thx again & kind regard

Fabian

Link to comment
Share on other sites

13 hours ago, Fabian1 said:

3. Enter password yourself = currently best security. Or is there any evidence, that the current hack could read/log all keystrokes on the iPhone?

Evidence is not required in this case. Keylogging, memory reading, screenshots and video recording are very much possible for a process with root privileges.

13 hours ago, Fabian1 said:

Do you store the clear text masterpassword in process memory of the kernel? 

Enpass throws master password after using it but how does UI TextField handles memory internally, is outside of Enpass scope. This is an area we are dependent upon iOS security architecture. In future, we plan to use custom UI elements for text entry of master password as well just like we do it in Desktop versions.

Link to comment
Share on other sites

  • 2 years later...

. Just a small piece of information though. The first thing you need to do in order to define whether your server was hacked is to track back the IP adress. If you find out that the IP address is external then I'm pretty sure that your server was hacked. You can choose to forget about it or hire a hacker iphone to get back into your server. A hacker isn't expensive to hire unlike most people assume. You can always negotiate the price with him before sealing the contract though.

Edited by Maricores
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...