Defending against 1Password harvesters
by Jeffrey Goldberg on
We have some bad news and good news today about the state of Mac security. The bad news is that there’s a new malware variant out for the Mac, a trojan called DevilRobberV3, that tries to collect various pieces of data, including your 1Password data file. The good news is that your 1Password data is very well encrypted, but we still want to take this opportunity to review a few details of what’s going on.
We don’t think this poses any real danger to 1Password users. But because our knowledge of DevilRobberV3 is still fairly limited, I want to revisit some of our long-standing recommendations for ensuring your 1Password data stays safe.
At this time, we know little about DevilRobberV3 beyond what has been reported by F-Secure. It is a trojan that can be installed when someone tries to download and install a pirated version of Pixalmator from websites that offer stolen software. The fake Pixalmator installer instead installs DevilRobber3, which mostly just gathers system information and sends it off to the malware’s creators.
The main business of DevilRobber3 is that it steals time on an infected computer to engage in creating bitcoins, a type of virtual currency used by some internet services. But what matters to us here is the system information that is also gathered, and that list can vary depending on variant of DevilRobber3. So far, here is a rough list of information that might be collected if DevilRobber3 gets onto a Mac: OS X Keychain; Safari browsing history; number of files with “truecrypt” in the name, “pthc”, and “vidalia”; shell command history; bitcoin wallet contents; 1Password file contents; system log file; external IP address of the infected machine; downstream and upstream bit rate of the infected network; malware’s port mapping attempt status; and time the malware was executed. Earlier versions also took a screenshot.
Because they are collecting so much information along with running the bitcoin farming, I expect that this is more of a fishing (not [phishing]) expedition. They are trying to learn about systems in general and do not have a plan of attack using any collected data. I am speculating, of course, so let’s take a look at the worst an attacker could do with your 1Password data.
First I’d like to reassure everyone that your key 1Password data is extremely well encrypted. Our Strong Password Generator tool creates extremely strong passwords for websites, and we use the best encryption tools and protocols available for encrypting those passwords (learn more about how 1Password encrypts your information in our support doc). I doubt that anyone is actually specifically trying to exploit 1Password data files they might obtain, but because we can’t rule it out, we need to consider what bad guys could do with captured data.
Since day one, we’ve highlighted how important it is to have a strong, memorable Master Password. If you want some help to create a great Master Password or improve the one you have, please see one of our many previous blog posts with tips and tricks, the geek edition of that post, or this help doc. Note that changing your master password after your data file is stolen will not protect the captured data. So don’t wait until there is some sort of breach on your machine before making sure you have a good Master Password.
In our current 1Password data file format, the URL of a Login is not encrypted. If you have an account on Amazon.com, an attacker who has obtained your data file can see that you do, but cannot see your username or password.
The password strength indicator (whether 1Password considers your password to be strong or weak) is also not encrypted in the current form of the database. Generally, this lets us strike a good balance between securing your most important data (such as usernames and passwords), allowing the 1Password data file to be stored and synced securely with cloud services like Dropbox, and still offering features like sorting your Logins by URL or by password strength. You can learn more about why the 1Password data file has been designed this way in our cloud storage security doc.
So even though your passwords are extremely well encrypted in your 1Password data file, an attacker might learn that you have a weak password for www.example.com. If the attacker can also guess your username (I, for one, use pretty much the same couple of usernames everywhere), and you used a weak password on a site instead of our Strong Password Generator, they may be able to use this knowledge to attempt a brute force (guessing lots of passwords) directly against www.example.com. Fortunately, the vast majority of websites will block or delay logins after some number of failed login attempts.
If you think you might have some weak passwords saved in 1Password, perhaps from The Old Days before you started using our Strong Password Generator, take a look at our previous advice on how to find and update weak passwords. This involves sorting your 1Password data by password strength in the 1Password application, then updating your password using 1Password’s Strong Password Generator feature. Note that sorting data by password strength may soon be removed (so that the strength is no longer stored unencrypted), which means that this specific tips may be limited to data created and viewed with 1Password for Mac (App store) version 3.9.2 and prior, 1Password for Mac (non-MAS) 3.8.10 and prior, and 1Password for Windows 220.127.116.11 and prior.
Those are steps you can take to increase your already high level of security. There is always a “weakest link”, which is what we need to look at when considering worst case scenarios.
Although users need to pick good passwords, it is not our intention push the entire security responsibility on to users. Our goal has always been to make it easy and convenient for you to behave securely. So the question is: what are we doing to guard against the dangers listed above? First of all, the security is already extremely strong. But we are always looking at where we can improve upon the weakest link.
We have already discussed how the data format currently used in 1Password 3 needs to be improved in the light of increased computer power and increased risk of data theft. Work on our new data format is coming along, but it is still not ready for all platforms (we need to make certain that it works on every platform that 1Password supports). So this doesn’t present an immediate solution to the news of malware that collects 1Password data. Once it does arrive though, our new data file format will offer some advantages, one of them being that even more of your data (including Login URLs) is encrypted.
I’ve discussed the role that PBKDF2 plays in protecting your Master Password from automated password guessing systems. We are currently exploring increasing the number of PBKDF2 iterations, but, I don’t want to promise anything specific until we’re confident to release it. We need to work through compatibility across platforms, and performance specifically on mobile platforms when syncing data. But we are actively testing things as I write this. (We put in hooks into the code a while back anticipating the need to increase PBKDF2 iterations.)
We are also testing at the moment the consequences of removing unencrypted password strength information from the current data format. If we do this, it will have more visible consequences for users. This will almost certainly mean changes to how users will need to find weak passwords among their data.
So look for updates soon that will make 1Password your 1Password data even more resistant to attack.
If you become a victim of the DevilRobberV3 trojan, we have no reason to doubt the security of your 1Password data file. Ever since 1Password was just a few scribbles on bar napkins, we’ve designed and coded the 1Password data file to remain secure in scenarios such as your computer or mobile device getting stolen, or something like a trojan gets ahold of it. The particular changes that we are looking at for the immediate future are things that we’ve been working on for months.
One lesson, if I can be forgiven for repeating myself, is that security is a dynamic process. We re-assess threats, our own design, and our implementation of that design. A security product is never really done; it is, instead, an on-going process.
Another lesson is that you should be part of that on-going process. The advice listed above isn’t new, and so regular readers of this blog will already have the extra level of security. My somewhat tautological advice, then, is that you should follow our advice.
Finally, and this should go without saying, don’t download and install software from unknown or untrustworthy sources. There are enormous numbers of reasons to not download pirated software, but one of those reasons is that the people you are downloading from are criminals. You never know what you might end up really installing. Even if you are not trying to pirate software be very careful of deals that “seem too good to be true”. It may be a topic for another day, but Wil Shipley has some nice recommendations about how Apple can help with software distribution in a way that would reduce the opportunity for trojans to be installed on OS X.