14 DAY TRIAL // Juuso Salonen, a software developer from Helsinki, Finland, has written a comprehensive proof-of-concept regarding a design compromise in Apple’s keychain implementation that sacrifices security over usability. He says Cupertino knows about it.
Because OS X automatically unlocks your keychain for your convenience, “the root user is able to read all keychain secrets of logged-in users, unless they take extra steps to protect themselves,” writes Salonen.
The developer is certain Apple is aware of the security implications. He therefore believes the Mac maker “made the bargain intentionally.”
“In OS X, your keychain contains your saved passwords,” Salonen begins to explain.
“This includes all your email accounts in Mail, passwords stored in Safari, and credentials for accessing known Wi-Fi networks. Because it contains valuable secrets, the keychain is encrypted. It can only be opened with your login password.”
However, Salonen cautions that there’s a catch.
“When you log in to OS X, the operating system automatically unlocks your keychain for your convenience. This means that you don’t have to enter your login password every time you want to use your stored passwords,” he reveals.
That’s why, he says, keychain dialogs are shown like the first dialog instead of the second one (screenshot above).
According to Salonen, “this means that it has to be somehow possible to read your keychain passwords even without asking for your login password every time. That’s what ‘unlocking’ means here.”
His post explains in great detail what the situation is all about. Basically, the culprit is this: “Root can read plaintext keychain passwords of logged-in users in OS X.”
The open source proof-of-concept confirms that this compromise can be exploited, “because this is an intentional design decision instead of a security bug.”