A vulnerability in Keychain, the default password manager for Mac OS X makes it possible for attackers to steal passwords stored by users without much interaction. Via terminal commands it appears possible to retrieve passwords stored in the Keychain.
In this case, the password manager would not ask for a password, but a window to show the user which then must click on Allow. Two researchers from Beirut developed an exploit where they retrieve saved passwords, but then simulate the mouse click of the user. This happens in a few milliseconds, so that users do not see through. Once this automated action occurs are stored passwords via SMS sent to the researchers, as it turns out this demonstration video on YouTube.
In order to perform the attack, the code that performs terminal-and-click command simulates still be performed on the user's system. The code that the researchers developed, however, as "wrapper" to be added to innocent files. Once the user opens the file, such as an image, executes the code. According to the researchers security software will not detect the attack, because there is running legitimate code in principle.
Apple
As a solution, Apple should modify the way Keychain handles the terminal assignments and the user just need to ask for a password as it actually supposed to do. The researchers decided to inform Apple, but received no response from the software company. Because of the impact they decided their discovery through CSO disclose. "The vulnerability is very serious. Everyone can thus steal your passwords by just downloading a file that is not evil looks," said Antoine Vincent Jebara.
According to researchers, the attack can be carried out in various ways. So an attacker can a malicious file via e-mail to the user, spread malicious code through a torrent file or add in the event of a man-in-the-middle attack, the malicious code to download user .
No comments:
Post a Comment