Android Password Data Stored In Plain Text

jampola writes "The Hacker News is reporting that Android password data is being stored as plain text in its SQlite database. Hackers News says that 'The password for email accounts is stored into the SQLite DB which in turn stores it on the phone's file system in plain text. Encrypting or at least transforming the password would be desirable.' I'm sure most would agree encrypted password data in at least SHA or MD5 would be kind of a good idea!"

Sorry, disagree that SHA/MD5 is a solution

[mysidia]

I'm sure most would agree encrypted password data in at least SHA or MD5 would be kind of a good idea!"

No, I would not agree to that. I cannot say what most would think, but they would be misunderstanding the requirements and a misunderstanding of SHA/MD5 security for password stoarge, if they suggest SHA/MD5 as a solution.

When your android needs to access an e-mail account, knowledge of the actual login password is required, to connect to the remote server. Storing a SHA or MD5 hash does not retain knowledge of the password, so automatic e-mail login on the Android device would no longer be able to function with only a SHA or MD5 stored.

The e-mail server itself can potentially store a PBKDF2 derived strong hash for plaintext authentication over TLS (the server may require plaintext for CRAM-MD5 or other authentication mechanism selections), but your software needs to authenticate with the mail server, which requires either that actual credentials be stored, OR that credentials be entered by the user.

To quote the complaint from the article:

The password for email accounts is stored into the SQLite DB which in turn stores it on the phone's file system in plain text. Encrypting or at least transforming the password would be desirable.

I will agree that encrypting or transforming the password in the database is possible; something such as a Windows or OSX style keychain should be possible. HOWEVER, the decryption key has to be stored on the phone, and any transformation has to be reversible, for the device to still work without prompting the user for the password and saving in RAM or prompting the user every time e-mail is to be checked.

Therefore, the security benefits of doing this are absolutely minimal. Anyone who is actually trying to extract the password will learn about the transformation, and any reversible transformation is not a significant improvement.

Saving the unencrypted password in RAM may be just as good [or bad] as saving it on the filesystem, since phones are rarely rebooted, and RAM is subject to analysis just like a sqlite DB is subject to analysis.

Re:Sorry, disagree that SHA/MD5 is a solution

Usually passwords on mobile devices use the PIN as the encryption key (+ some large salt). I'm wondering if Android does that but the people reporting this don't have a PIN set. In that scenario, I believe typically you still encrypt it with the salt to make things slightly more obscure (prevents against an attack where the exploit allows reading the sqlite db but not where the encryption key is stored).

Re:Sorry, disagree that SHA/MD5 is a solution

...since phones are rarely rebooted...

I take it that you don't fly very often.

Re:Sorry, disagree that SHA/MD5 is a solution

Mod parent up. I can't believe that Slashdot's editors are so technically clueless that they would post this story.

Re:Sorry, disagree that SHA/MD5 is a solution

Full Ack. It seems like timothy is turning into the new kdawson, posting such an ignorant article.

Re:Sorry, disagree that SHA/MD5 is a solution

[maxume]

If the app-server combo has a decent session protocol, the app can get a session token from the server and discard the password.

Re:Sorry, disagree that SHA/MD5 is a solution

[joaosantos]

We are talking about standard email, so the protocol is plain IMAP or POP3.

Re:Sorry, disagree that SHA/MD5 is a solution

[gweihir]

Was just about to post the same thing. The OP seems to have no clue how password security works.

Re:Sorry, disagree that SHA/MD5 is a solution

[Macthorpe]

Incredibly, if you actually RTFA, it's written by someone both technically incapable and clearly illiterate. It's also based on a comment made by a member of the Android team posted nearly a year ago, and the comment also points out exactly why they do it this way:

Simply obscuring your password (e.g. base64) or encrypting it with a key stored elsewhere will *not* make your password or your data more secure. An attacker will still be able to retrieve it. [...] If you can obtain *any* data from files in /data/data/* on a non-rooted device, this is a security problem in the device.

So basically, it's hidden from view on a non-rooted device, people who root their devices have already technically cracked their own security anyway, and even if it wasn't in plain text it would still be trivial to decrypt as the key has to exist somewhere on the device to do it.

All in all, very boring, very old, and very stupid to post.

Re:Sorry, disagree that SHA/MD5 is a solution

[mysidia]

Usually passwords on mobile devices use the PIN as the encryption key (+ some large salt)

This is a possible approach; it has a potential drawback though. The phone cannot get e-mail in the background before the user types in their PIN, then. Also, PINs on a phone are likely to be simple, often numeric codes. If the user keeps their phone locked, they will want to have something they can key in very quickly to make a phone call in a hurry, which means that the PIN is likely to be brute forceable from a crypto point of view.

I believe typically you still encrypt it with the salt to make things slightly more obscure (prevents against an attack where the exploit allows reading the sqlite db but not where the encryption key is stored).

Obscurity is not security. And with the Android platform, the source code is available to a potential attacker. We can readily anticipate the hacker groups would quickly develop a tool, and publish details, so I wouldn't want to bank on an obscurity element here.

I agree encrypting the password and storing the key somewhere else may prevent an exploit that one case. Assuming (A) the attacker has the ability to read passwords from the SQLite database, but (B) the attacker does not have access to read passwords from other SQLite databases, and (C) your application doesn't store the encryption keys in the same SQLite database as the passwords.

Then it would follow the attacker can't decrypt the passwords.

The only question then would be.... how likely is it that the sqlite database containing the credentials can be compromised but the sqlite database containing decryption keys not be vulnerable?

Which is a difficult question to answer. Clearly though we would be looking at some sort of permissions or SQL injection vulnerability on the primary authentication database. Any vuln. where the attacker had control of the filesystem or RAM would be at greater risk of immediately exposing both databases.

The SQL injection on the credentials DB could be avoided by keeping the credentials database isolated from all other functions, and implementing strong filesystem level protections; such as authentication managed by a separate daemon through privilege separation, inside a different chroot jail, or user-mode filesystem invisible to other processes, with permissions limiting access to the DB file.

Re:Sorry, disagree that SHA/MD5 is a solution

[pmontra]

The PIN unlocks the SIM not the phone (I have experience only of European phones) and SIMs can be configured by users not to use PINs. My Android phone can even start up without a SIM and access the Internet over WiFi. So the PIN is not available to the phone all the time. Actually, I expect that the SIM does not disclose the PIN to the phone at all but I didn't check that.

Re:Sorry, disagree that SHA/MD5 is a solution

[node+3]

Yeah, because it's Android, it's ok...

A few months ago: APPLE STORED YOUR LOCATION DATA IN PLAIN TEXT!!! HOW STUPID ARE THEY? THE ONLY EXPLANATION IS THEY ARE TRACKING YOU!!! PEOPLE WILL BE STALKED USING THIS!!!

Somehow, the OS X and iOS keychain manages to use encryption to protect passwords, the entire disk on iOS (after the 3GS, I think, maybe the 3G) is encrypted, and processes are blocked from reading files outside of their sandbox.

But on Android, it's +5 Insightful to say that plaintext password storage is hunky-dory. In fact, it's preferable! And as referenced by posts below, merely posting a story where someone says, quite meekly, that it might be "desirable", or a "good idea" to up the security on Android is grounds for mocking.

Re:Sorry, disagree that SHA/MD5 is a solution

That's a surprisingly insightful and informative first post.

Re:Sorry, disagree that SHA/MD5 is a solution

Right, you can only do this if the platform has some kind of local hardware-based security (e.g., sealed-up processing with armored key material).

It can be done; ARM defines bus-level security system, and there are ARM processors out there that the vendors would like you to believe are capable of this (e.g., the TI 3530 and later). But it would mean that the cell phone crowd would have to get a clue about real security, which is hard. Also the attack models start to look like "take cell phone, dunk in liquid nitrogen, extract contents of DRAM," though this is still a little science-fictiony.

I would /love/ to see a real secure execution platform on cell phones.

Re:Sorry, disagree that SHA/MD5 is a solution

[growse]

And where does the iPhone store the encryption key protecting those passwords? On the device? Makes it a little bit useless then.

Go look at a blackberry to see disk encryption done properly - the key is not stored on the device, it's the derived from the user passphrase.

Re:Sorry, disagree that SHA/MD5 is a solution

[mysidia]

If the app-server combo has a decent session protocol, the app can get a session token from the server and discard the password.

I agree that's a very good idea. Why don't we implement Kerberos on our Android phones, and insist on GSSAPI with a Kerberos service ticket to access POP3/IMAP/etc from the phone?

Or certificate-based authentication, where we install a X509 certificate on our phone, and the server requires we authenticate with the right X509 certificate and use TLS/SSL in order to gain access to our account, instead of using a password.

Then each device is separate and lost device can be dealt with by revoking certs. Both of these are good solutions, but unfortunately, in most cases, neither will be an option, and people would not like the Android phones if it required them to introduce proper security to their mail server authentication, without addressing inconvenience issues.

Implementing token-based auth with IMAP or POP (unfortunately) requires special cooperation of the mail server admin, since most mail servers have no additional authentication options by default, beyond simple password; over SSL/TLS if you're fortunate.

The unpopularity of token-based auth for IMAP/POP stems from a lack of implementation of these security options on mail servers, partially due to the limited history of standardization of token-based auth, and the limited understanding most users have of the security issues with password storage and plaintext authentication.

Certificate based authentication has a problem that it's inconvenient, even though SSL/TLS is of course a very mature standard.

My impression is most sysadmins know nothing about token-based auth, GSSAPI, SASL, Kerberos, etc, would be words they never heard of, even if they actually manage Windows AD, they never heard of Kerberos.

So... as you can imagine... token-based extensions beyond the base standard for IMAP/POP mail access are not that well known or widely implemented.

Re:Sorry, disagree that SHA/MD5 is a solution

Another News Source is reporting that Android authentication data is being stored as plain text in its SQlite database. News Source says that 'The authentication information for email accounts is stored into the SQLite DB which in turn stores it on the phone's file system in plain text. Encrypting or at least transforming the authentication information would be desirable.' I'm sure most would agree encrypted authentication data in at least SHA or MD5 would be kind of a good idea!

Lets try it again. Some mechs do not transmit the password at all, only an MD5 hash of the password's MD5 hash and a challenge key. So, we truely could store _just!_ the MD5/SHA hash of the password, if the server reports it. Of course, if you get that hash, then you, too, can complete the challenge/auth, and we're back at the summary as posted above.

Something to be able to log in _MUST_ be stored on the machine. In your case, the session token would be stored, which an attacker could steal and log in with remotely... oh, it'll be locked to IP's? Well then you need to store the pass/derivative to relogin later when your IP changes again, back to point A.

Of course, all of this can be fully negated. Once the user verifies with a password, we can store that verification has been completed on the phone. When the user wants to check e-mail or whatever, we need only tell the server, "Yep, this user has been authenticated. Let me in."

Re:Sorry, disagree that SHA/MD5 is a solution

[Baloroth]

And, as a result, installing custom software requires jailbreaking the iDevice. I'm pretty sure thats the main reason (probably the only one, in fact) why Apple does this encryption. It also increases security, precisely because Apple can review every app that can be installed on the iDevice. The Android model is a bit less secure: but its far more open. Upping the security might be a good idea... but if it comes at the cost of this freedom and openness: then no. And yes, I realize not all Android phones are open and unlockable, and many companies do everything they can to lock it down. This, however, is not the fault of Android, but greedy phone makes and wireless providers.

Oh, and keychains don't add any real security, they just make it slightly harder to hack. Encryption is not magic. Encrypting with data on the device, as iPhones do, is nearly worthless.

Re:Sorry, disagree that SHA/MD5 is a solution

[maxume]

I agree that mysidia was mostly talking about email, but given the hilarious tendency of people to over-generalize information, it seemed worthwhile to point out that much of the problem is in supporting protocols that require frequent authentication.

Re:Sorry, disagree that SHA/MD5 is a solution

Hint: possible Google stockholder(s).

Re:Sorry, disagree that SHA/MD5 is a solution

[Belial6]

That is a troll. The big problem with the iPhones wasn't that it was storing data in plain text. It was that Apple was collecting the data without the users knowledge. Apple then used doublespeak to make their fanboys believe that no data was being sent back to the mothership.

Re:Sorry, disagree that SHA/MD5 is a solution

You clearly don't understand the difference between "Not encrypting passwords the user has voluntarily entered" and "Secretly mining location data and not telling the user".

Here's a hint - it's nothing to do with double standards.

Re:Sorry, disagree that SHA/MD5 is a solution

[Joce640k]

Oh yeah, people are known for having long PINs with a good mix of upper/lower case and symbols.

Not.

Salt? The whole point of salt is that it's known by the attacker. It's there to make sure that two identical files don't encrypt to the same cyphertext. It simply doesn't apply here.

There's not much you can do in this situation apart from asking the user to type in his email password 100 times a day. That would get old really quickly, I can't imagine many people would do it.

Re:Sorry, disagree that SHA/MD5 is a solution

[Joce640k]

I take it that you don't fly very often.

Maybe you should get a phone with an 'aircraft' mode...

Re:Sorry, disagree that SHA/MD5 is a solution

[Belial6]

OK, just brainstorming here, but how about a wireless fob that the phone can request the password from. The fob could be stored on your key chain, so if you lose your phone, the phone reverts back to the manual password and is as secure as passwords are, and if you lose the fob, you can just cancel it in the phone and re-sync to a new one.

Re:Sorry, disagree that SHA/MD5 is a solution

[sjames]

I would argue that a simple transformation is worse than storing in plain text because it provides security theater with no substance.

The real choices are simple:

1. It can be left as-is with known risks.
2. Make the user enter the password every time the mail app starts up
3. Keep the password in a lockbox and make the user enter a master password every time the phone starts up (or needs the screen unlocked).

It might be nice to offer a choice, but I suspect most would end up choosing the current situation with only a few choosing to frequently enter a password.

Re:Sorry, disagree that SHA/MD5 is a solution

[node+3]

Oh look, another dumb person thinking that Slashdot is a single mind.

Where did you get such a foolish notion?

Re:Sorry, disagree that SHA/MD5 is a solution

[jo_ham]

And no data was. The database was local, and used to speed up location services on the phone.

In the ToS it says they may collect non-personal data for their own use, but no one has been able to demonstrate that they were actually doing that.

Regardless of what Apple were or were not doing, a major criticism from the Android fanboy camp was that this was all plaintext, making "tracking your every move" suspicious, and a massive privacy violation issue since anyone could get the data and work out where you were, or build up patterns of movement so they could see when you were most likely to be away from home to rob you etc.

Go look it up - it's all there.

Now, here we have Android phones storing *passwords* in plaintext, and somehow that's "perfectly ok, since the key must be on the device somewhere so it doesn't matter". Mmmm. Double Standard Cream. Delicious on a pie.

Re:Sorry, disagree that SHA/MD5 is a solution

[node+3]

That is a troll. The big problem with the iPhones wasn't that it was storing data in plain text. It was that Apple was collecting the data without the users knowledge. Apple then used doublespeak to make their fanboys believe that no data was being sent back to the mothership.

Absolute rubbish.

1. It was in the EULA. Not hidden or obscured, but out in the open.
2. The data found was a cache of Apple's location database. It never contained your actual location.
3. One of the issues *was* that it was in plaintext. Go to the slashdot article about it and control-f for "stalker" or "police".
4. Apple never claimed (or implied) that data wasn't being sent to them. In fact, they specifically stated that this is exactly what happens.

Re:Sorry, disagree that SHA/MD5 is a solution

[MobileTatsu-NJG]

Oh look, another dumb person thinking that Slashdot is a single mind.

Yeah, imagine somebody making that mistake when moderation follows popular opinion. What a huge leap.

Re:Sorry, disagree that SHA/MD5 is a solution

[node+3]

Hint: the location database cache was not "secretly mining location"
Hint: Apple did tell their users.
Hint: Lack of encryption was one of the complaints against Apple.

Re:Sorry, disagree that SHA/MD5 is a solution

[node+3]

And where does the iPhone store the encryption key protecting those passwords? On the device? Makes it a little bit useless then.

Um, the encryption key has to be on the phone at some point for it to work. Do you even understand encryption?

And the only way to keep it from being stored on the phone is to require some method for acquiring the key, either from the user, or from some external source (online, dongle, etc.).

You have severely misunderstood the article you linked to.

Go look at a blackberry to see disk encryption done properly - the key is not stored on the device, it's the derived from the user passphrase.

First off, I don't think you've described how it works on BlackBerry correctly. Second, the way it works on the iPhone is a key is generated, then it is encrypted with the user's passphrase. This is standard for encryption systems, including FDE.

Re:Sorry, disagree that SHA/MD5 is a solution

[guruevi]

The problem is not that the password is stored on the device, that is a problem occurring regardless of the device. The problem is that the program stores the password in an open, unauthenticated data store that other programs can access and is not encrypted. You can create your own encrypted container and store passwords in it (like Firefox stores passwords internally) or rely on a system-wide per-program encrypted container (like Mac OS X Keychain). Android just uses an unencrypted SQLite database with hardly any access controls. Most Android devices are also not encrypted (as compared to most Blackberries and iOS devices) since the manufacturers leave that 'option' to the 'business-class' devices like the Motorola Droid Pro.

Re:Sorry, disagree that SHA/MD5 is a solution

[Superken7]

1. Lack of encryption was a complaint due to the fact that backups to the laptop happen automatically and is not encrypted by default
2. Most complaints are worthless because they either overlooked that apple's EULA stated they were allowed to gather location, or they overlooked that this data was not sent back to apple, at least not in a way that could identify (and thus track) anyone.
3. This iOS vs Android comparison is pointless IMHO.

4. The article itself is pointless: There is no way around password-based authentication systems' passwords being recoverable from the device; plaintext or encrypted does not matter because as soon as you are not asking the user for the password every time email is going to be checked by using a password, an attacker can easily recover it.
Even locking the data with the PIN is worthless because pins are just 4-digit numeric passwords 99.999% of the time.

Re:Sorry, disagree that SHA/MD5 is a solution

[shutdown+-p+now]

processes are blocked from reading files outside of their sandbox.

This is partially true on Android as well. Processes can read the shared /sdcard (whether or not it is mounted to a real SD card - this depends on the phone), and their own isolated storage, but they don't get access to each other's storage or to the system. The password in question is stored in an SQlite database which is not accessible by any Android app (unless it requires root).

Encrypting such password is rather pointless, since the decryption key would necessarily have to be on the phone, as well - if you can find a way to read the DB, you could get to the key, as well.

The difference between this and iOS is that location data on the latter was accessible from iTunes when you sync the phone. Thus your location data would end up on your PC, which is presumably much less secure (at least for a casual user).

Re:Sorry, disagree that SHA/MD5 is a solution

Maybe you should get a phone with an 'aircraft' mode...

The last two trips I took (one on Southwest in May and one on Alaska just three days ago), they kept telling us that "airplane mode" is not ok. They wanted real off. Of course I ignored them and used airplane mode since the radios are off and phones don't emit enough em spectrum to cause any problem with the radios off (it is debatable if they cause problems with the radio on, but with them off there is no way they cause a problem). Anyway - apparently the industry has gotten wind of "airplane mode" and does not approve.

Re:Sorry, disagree that SHA/MD5 is a solution

[TheRaven64]

No it isn't, it's authenticated IMAP or POP3. Both protocols support a variety of authentication systems via SASL, including one-time-passwords and Kerberos. Which of these are supported depends a lot on the server, but every mail server program I've used has supported a range of them.

Re:Sorry, disagree that SHA/MD5 is a solution

[drinkypoo]

The big problem wasn't the plain text, although that concerned some people, but the fact that the amount of data retained was all out of proportion to what is necessary.

Re:Sorry, disagree that SHA/MD5 is a solution

I take it that you don't fly very often.

Maybe you should get a phone with an 'aircraft' mode...

Maybe you should trying buying me a phone that does not require being powered off in order to be restarted in flight mode. (Which requires entering your PIN, if you' ve not disabled it). Every mobile phone I've ever owned has worked this way. Including my 2-months-old Samsung Galaxy.

Re:Sorry, disagree that SHA/MD5 is a solution

[icebraining]

Citation needed. You usually only need three people to put a post on +5; there's no reason to believe they were the same. Especially since the same people might not even have modpoints this time.

Re:Sorry, disagree that SHA/MD5 is a solution

[davesque]

This is the only comment anyone needs to read regarding this article.

Re:Sorry, disagree that SHA/MD5 is a solution

[icebraining]

So what's your point? Different mods have different opinions - news at 11!

Re:Sorry, disagree that SHA/MD5 is a solution

[MobileTatsu-NJG]

Citation needed.

Take a moment to consider how the concept of the Slashdot GroupThinkTM became an intuitive name for a commonly held observation.

Especially since the same people might not even have modpoints this time.

That supports my point.

Re:Sorry, disagree that SHA/MD5 is a solution

Bullshit. Android is *far* less secure. Where's all the iOS malware?

Where's all the Android malware? Oh, right, in unofficial 3rd-party Chinese app stores. And its "malware" effect is to send texts that cost the phone owner money, not to steal their passwords. And you can't install it without clicking through a screen that says THIS PROGRAM WILL SEND TEXTS THAT COST YOU MONEY. Yeah, that's really insecure!

The only reason iOS is "more secure" is that there are no 3rd-party app stores. And that's got fuck all to do with the OS itself.

You hear of many dozens of programs being pulled (often using Google's "kill switch"

You do? I don't. I hear of a handful. Always obscure programs from obscure unofficial app stores. You make it sound like it's a thing that actually affects a lot of people. Is there any evidence that one single American has had malware on their Android phone? Because every single report I have ever seen on the subject has been talking about dodgy unofficial app stores in China, probably containing 99% pirated apps in the first place, because why the hell else would you not use the official marketplace.

Re:Sorry, disagree that SHA/MD5 is a solution

[timothyb89]

For the record, TFA is only referring to the Email app (often called Email.apk) which is just a normal app. Unlike Apple's apps it has no special access to system APIs, keychains, or the like. On top of that, it isn't even included on many Android devices. HTC uses their own which could very well handle things differently, and I'm pretty sure other manufacturers do the same. On my CM7 device I don't even use it in favor of the dedicated Gmail app, which seems to take security quite a bit more seriously. Call me crazy for actually reading TFA but an Android dev made a very helpful comment on the situation:

Now, with respect to this particular concern. The first thing to clarify is that the Email app supports four protocols - POP3, IMAP, SMTP, and Exchange ActiveSync - and with very few, very limited exceptions, all of these are older protocols which require that the client present the password to the server on every connection. These protocols require us to retain the password for as long as you wish to use the account on the device. Newer protocols don't do this - this is why some of the articles have been contrasting with Gmail, for example. Newer protocols allow the client to use the password one time to generate a token, save the token, and discard the password.

And as demonstrated by many others here, the keychain is not actually the be-all, end-all solution to the problem, as it either leaves the decryption key elsewhere on the disk, making it useless, or requires the user to constantly enter a password, making it annoying. Android leaves it up to the app to handle passwords (as does iOS in most cases, I believe), and in this case the Email app doesn't really have a choice. Asking the user to enter their keychain password every time the Email app wants to grab new emails would get annoying quickly, and the protocols that it needs to support can't use the more secure token-based systems. Unfortunately there's no other feasible way to do it, and this debate is ignoring the real issue: mail servers that don't support secure authentication.

tl;dr: Article is not about "Android", only one app, and said app doesn't have much of a choice.

Re:Sorry, disagree that SHA/MD5 is a solution

[icebraining]

Groupthink is a concept that people use to put down contrary opinions. Its existence as a real phenomenon is highly dubious.

Re:Sorry, disagree that SHA/MD5 is a solution

[Baloroth]

up front disclaimer, I hate Apple, and will not buy any of their devices for the forseeable future. But I have good reasons for this hatred, not all of which I have time or room to fit here. Now, lets try actually citing some sources here, shall we?

The release of the iPhone 3GS (and later iPod Touch 3rd Generation) brought hardware-based full disk encryption (FDE) to the iPhone. This was designed to accomplish one thing: instantaneous remote wipe....Jonathan Zdziarski found that the iPhone OS automatically decrypts data when a request for data is made, effectively making the encryption worthless for protecting data.

source . Some of what Zdziarski says here. After a little more research, I discovered that apparently iOS 4 devices do use your passcode to encrypt the hardware keys, so they can't be read when you are logged out. source That is actually a reasonable system: the original one, not so much. Just because something uses "hardware encryption" doesn't mean it actually encrypts data effectively. As I said, the original system didn't, and wasn't intended to: it was only intended to make remote wiping your device faster (since you can just erase the key, not the whole drive.)

And as for why there isn't any iOS malware: seriously, stop and think for a second. If Apple reviews every last app on the official App Store, its kinda hard to sneak malware in, isn't it? Also, you might want to actually look up Android's security system. After about 20 seconds, I found that, surprise surprise, Android also sandboxes applications so that they can't read each others data. In other words: it doesn't matter if the passwords are stored plaintext, since other applications can't read them anyways. Hence, why all the Android malware I've ever heard about doesn't mess with the phone itself, but rather calls home/ phones premium numbers/ etc. Maybe there is an actual virus for Android that messes with the data on the phone. Never heard of it though.(edit:someone mentioned storing apps on SD cards, and then reading those. You can't do that from the phone directly any more than you can read the internal memory, and if you get physical access no encryption is really gonna help. And the same problem exist on iPhone... oh wait, you can't use SD cards with those at all. Apple likes the flash memory premium too much) If it breaks the sandboxing, sure, but if it does that on the iPhone it can do the exact same thing, password keychain or no (proof: they did). And precisely how you said they can't: through root. I'm not sure how passcode encryption effects this or what iOS version they were using, but I would presume its iOS 4.

And I never said an encrypted system wasn't better, I said it wasn't much better... which, as it turns out, it isn't. I absolutely think that passwords should be encrypted. But with another password, not a keychain stored on the device itself. Its just the tiniest bit better than plaintext, but not by much. I can't believe people on Slashdot still keep thinking "oh, encryption, that means my data is secure!"

And I'm not sure how "Google specifically designed" Android to be locked down. AFAIK all the phones that prevent custom firmware use an encrypted bootloader system, which has very little to do with Android itself. Please, inform me how Google is responsible for that. As for Honeycomb source: straw man much? Where is ANY iOS source? Android source will be out at least by Ice Cream Sandwich, relax, Google is just being prudent. For once. I know FOSS fanatics want absolutel

Re:Sorry, disagree that SHA/MD5 is a solution

[joaosantos]

An email client should be able to connect to all servers, so it's logical that the developers decided to target to lowest common denominator.

Re:Sorry, disagree that SHA/MD5 is a solution

You, mysidia, have just been trolled by a slashdot article.

Re:Sorry, disagree that SHA/MD5 is a solution

[exomondo]

and processes are blocked from reading files outside of their sandbox.

which is the case here, applications cannot access that password db.

Re:Sorry, disagree that SHA/MD5 is a solution

[MobileTatsu-NJG]

Groupthink is a concept that people use to put down contrary opinions.

It's a description of the herd mentality that exists on Slashdot.

Its existence as a real phenomenon is highly dubious.

It's quite alive and real. It isn't challenged until the sheeple's opinion is clearly proven wrong.

Re:Sorry, disagree that SHA/MD5 is a solution

[Firehed]

This is a possible approach; it has a potential drawback though. The phone cannot get e-mail in the background before the user types in their PIN, then.

Sure it can - store the PIN (or whatever key the PIN is transformed into) in memory after its first entered. The file is still stored encrypted, but the device can decrypt the relevant information once authentication has taken place the first time after booting. This is only relevant for polling-based solutions anyway; I believe most of the Exchange-based push services do some sort of long-running connection over a secure socket (I have done no research on that and could be completely wrong; and regardless it would still need a similar mechanism to reauthenticate if the connection drops)

Also, PINs on a phone are likely to be simple, often numeric codes.

And if you use a short PIN or passcode, you're trading security for convenience. That's why you transform it with some sort of obscure one-way algorithm to get a stronger key and use that. Hard to decrypt the raw file if you get access to it, and you can still use software-based lockouts (lock device for ten minutes after five failed attempts, wipe after ten, etc.) to increase security further. Not foolproof but that's the nature of the business. If you're that scared about someone accessing your email if your phone is lost, don't put your email on your phone.

Re:Sorry, disagree that SHA/MD5 is a solution

[Firehed]

That's because they want to have your full attention during takeoff and landing, not because of radio interference. You know, using fear as the default instead of a perfectly valid explanation that people will probably be happy to comply with.

That also varies by airline. I fly Virgin America all the time and they're quite happy with airplane mode; Continental and United have given me similar experiences. Policy != science.

Although to back the point you're trying to make - airplane mode is a software-based control and software has bugs. It also explicitly allows you to turn WiFi back *on* (at least on the iPhone); it just disables cellular and, I believe, GPS. So yeah, don't use it as a means to prevent hackers from accessing your phone.

Re:Sorry, disagree that SHA/MD5 is a solution

[Kalriath]

I've never, ever, seen a phone that requires you reboot it to enter flight mode. On my IDEOS running Android, it's a long push of the power button until the menu appears, then select "Flight Mode" and off go the radios. On my iPhone, it's Settings, Airplane Mode, On, and off go the radios. On my LG running Windows Phone 7, it's Start, Settings, Flight Mode, On, and off go the radios.

Re:Sorry, disagree that SHA/MD5 is a solution

3. One of the issues *was* that it was in plaintext. Go to the slashdot article about it and control-f for "stalker" or "police".

Which is a problem because not once, but twice there have been vulnerabilities uncovered that can allow an attacker to compromise the core system of an iPhone just by the user visiting a website. Apple's security failures are proof that you cannot store information in plain text on their devices even inaccessible to applications and expect it to be safe and secure.

Re:Sorry, disagree that SHA/MD5 is a solution

Bullshit. Android is *far* less secure. Where's all the iOS malware? You hear of many dozens of programs being pulled (often using Google's "kill switch", which never seems to ruffle any feathers here, but even the mere *existence* of Apple's "kill switch" (which they've never used) raised a ruckus. this is the exact same mentality that leads to the absurd idea in the first quote of yours above--that anything Apple does is for evil reasons, and anything Google does is for good reasons!).

Android is much less secure, by design, and it's more open, but not "far more open".

What utter bullshit. You don't see malware as much on IOS's store 'cause they SCREEN ALL THE FUCKING APPS YOU FUCKTWAT. Jesus. Are you serious?

Where's the source for Honeycomb?

Hi. I'm conflating the issues!

That's just apologetics. If Android is locked down and it's still Android, you can't just brush that off. Google specifically designed Android to allow for this, and they even bless these locked down phones as being proper Android, and not just some perverted branch of the AOSP, which is the only truly open version of Android, but is not Android proper.

Alarmist bullshit. Yeah, honeycomb hasn't been released, yeah. But it's google's ball. They've been doing their best to release open source polished products. Stop your whining and entitled bullshit.

Again, bullshit. Keychains add real security.

Except the password that goes to pop and imap? And Imap over ssl? IT'S REQUIRED TO BE IN FUCKING PLAINTEXT YOU RETARDED ASSHOLE. LEARN SOME TECH INSTEAD OF BEING AN APPLE FANSHIT.

You can't just mount the filesystem and read the contents of the keychain. You can't use an app on a rooted/jailbroken iPhone to read the keychain contents.

No one said "encryption is magic".

Just sniff the password as it's being transmitted. Herp derp.

>It's pathetic that so many Slashdotters (who are supposed to be nerds) won't even accept that some sort of encrypted system is better than plaintext for storing password. Absolutely pathetic.

Way to conflate the issues. Google solved this w/ per device passwords. THAT'S HOW YOU SOLVE THE PROBLEM SINCE YOU NEED THE CLEARTEXT ANYHOW.

Re:Sorry, disagree that SHA/MD5 is a solution

[fferreres]

>The difference between this and iOS is that location data on the latter was accessible from iTunes when you sync the phone. Thus your location data would end up on your PC, which is presumably much less secure (at least for a casual user).

Sorry, but right now I am more concerned about my bank and email accounts being stolen, than my location being on my PC. I bet you $100 USD that if we made a Poll in slashdot pools, my "worry" would outvote yours.

Re:Sorry, disagree that SHA/MD5 is a solution

[fferreres]

I didn't study engineering and I don't program and have no security focus, yet....

>The article itself is pointless.

It's not. it made me aware how losing my device can be very dangerous, even if I am using a password. So I will take some precautions in case I lose it. This is just my personal "why". There may be a 100 others very valid reasons.

>There is no way around password-based authentication systems' passwords being recoverable from the device;

There is. If things are more complicated, you reduce the risk of massive, automated password grabbers. Suppose it's becomes easy to access data specific to an app, but not easy to impersonate the app (signed binaries, checking sizes, etc), then having the data encypted with some other data (like your PIN) can reduce the threat significantly, they will have access to anything not encrypted by the app itself. eg. It can also help in other cases, eg. you lose your SD but the data there is worthless to someone that finds (or steals it).

> plaintext or encrypted does not matter because as soon as you are not asking the user for the password every time email is going to be checked by using a password, an attacker can easily recover it.

That is only true if the attacker has access to they encryption key or app (vs hacing only access to the data of the app), which may mean a little bit more work or be non trivial at all.

>Even locking the data with the PIN is worthless because pins are just 4-digit numeric passwords 99.999% of the time.

This assumes brute force would always works. That's why banks look for number of failed attempts. If they don't have access to that encryption key (they only got to the app data) and they need to guess, something can happen when they guess too much. Also, if it's on an SD, then the PIN is still worthy. If plaintext (eg. user data for a bank account), in SD you can just grabb it. But if it's encrypted with a PIN, they need to test against the bank server. And after 5 failed attempts, it will lock the account. Some people also have notifications of all logins, or all failed logins.

So not, there are better things even if not perfect, that can save hundreds of millions of people thousands of dollar. I have an Android, and the mentality of the Android fanbase (here) is making me reconsider Apple.

Re:Sorry, disagree that SHA/MD5 is a solution

[shutdown+-p+now]

Your bank/email accounts are exactly as likely to be stolen on iOS. There's no way around the requirement to store your email password on the device, unless you want to enter it every time you check email (and then bye-bye push notifications!). Encrypting it doesn't help because the key would still be on the device as well - in the end, you have to have the password available in its original form on the client at the moment authentication happens.

Yes, the Apple location story was vastly overblown. This one, even more so.

Re:Sorry, disagree that SHA/MD5 is a solution

[chrb]

A few months ago: APPLE STORED YOUR LOCATION DATA IN PLAIN TEXT!!! HOW STUPID ARE THEY? THE ONLY EXPLANATION IS THEY ARE TRACKING YOU!!! PEOPLE WILL BE STALKED USING THIS!!!

People (including many iPhone owners) were upset because Apple was storing location data at all, not because it wasn't encrypted.

Somehow, the OS X and iOS keychain manages to use encryption to protect passwords

Keychain stored passwords are encrypted using a key derived from data on the device. Encrypting data and storing the encrypted data on the phone along with the decryption key provides no security benefits - apparently it's trivial to extract Keychain passwords once you have software running as root on the device, link: "The attack works because the cryptographic key on current iOS devices is based on material available within the device and is independent of the passcode"

the entire disk on iOS (after the 3GS, I think, maybe the 3G) is encrypted, and processes are blocked from reading files outside of their sandbox.

Wired says different: Hacker Says iPhone 3GS Encryption Is ‘Useless’ for Businesses:

'Apple claims that hundreds of thousands of iPhones are being used by corporations and government agencies. What it won’t tell you is that the supposedly enterprise-friendly encryption included with the iPhone 3GS is so weak it can be cracked in two minutes with a few pieces of readily available freeware. “It is kind of like storing all your secret messages right next to the secret decoder ring,” said Jonathan Zdziarski, an iPhone developer and a hacker who teaches forensics courses on recovering data from iPhones. “I don’t think any of us [developers] have ever seen encryption implemented so poorly before, which is why it’s hard to describe why it’s such a big threat to security.'

Re:Sorry, disagree that SHA/MD5 is a solution

[shmlco]

"Therefore, the security benefits of doing this are absolutely minimal. Anyone who is actually trying to extract the password will learn about the transformation, and any reversible transformation is not a significant improvement."

By this logic, I should never lock my door to my house, as a determined thief can always force entry No benefit at all in preventing the casual or opportunistic thief from getting in and plundering at will.

Re:Sorry, disagree that SHA/MD5 is a solution

[Charliemopps]

iOS encrypts the entire disc in an attempt to prevent people from using the system in ways other than what they want you to use it. It's not for the users security.

Re:Sorry, disagree that SHA/MD5 is a solution

[chrb]

Again, bullshit. Keychains add real security. You can't just mount the filesystem and read the contents of the keychain. You can't use an app on a rooted/jailbroken iPhone to read the keychain contents.

What about this - they run an app on a jailbroken phone and get access to the contents of the keychain.

And what about Elcomsoft's forensic tools? They claim "The toolkit allows eligible customers acquiring bit-to-bit images of devices’ file systems, extracting phone secrets (passcodes, passwords, and encryption keys) and decrypting the file system dump. Access to most information is provided in real-time. In addition to Elcomsoft Phone Password Breaker, the toolkit includes the ability to decrypt images of devices’ file systems, as well as a free tool that can extract the encrypted file system out of the device in raw form."

If an encrypted disk image can be decrypted by an attacker in realtime, then the encryption is not so good, is it?

Re:Sorry, disagree that SHA/MD5 is a solution

[AlienIntelligence]

I take it that you don't fly very often.

Maybe you should get a phone with an 'aircraft' mode...

Maybe you should trying buying me a phone that does not require being powered off in order to be restarted in flight mode. (Which requires entering your PIN, if you' ve not disabled it). Every mobile phone I've ever owned has worked this way. Including my 2-months-old Samsung Galaxy.

You... are not making any sense. My Droid Incredible has a widget
with an airplane on it. Click it, all radios are killed, unclick it, all radios
are back on.

-AI

Re:Sorry, disagree that SHA/MD5 is a solution

[mysidia]

By this logic, I should never lock my door to my house, as a determined thief can always force entry No benefit at all in preventing the casual or opportunistic thief from getting in and plundering at will.

Well, this is true if you leave the key in the lock, or leave a key in a well-known place such as under the doormat; locking the door really doesn't protect you against an opportunistic thief, if a key is readily available.

With a massively distributed OS/device, the place where the key gets placed is going to be very public knowledge, so it's really just the same as locking the door but leaving a key in the lock.

Anyways... no I wouldn't say that locking a door is no point. First of all, the criminal and civil charges for forced entry and damage are more severe than simple breaking and entering. This is not really true of the virtual world -- stealing a user's password from an unencrypted sqlite DB and using it to get into their bacnk account is just as severe a crime as stealing an encrypted sqlite DB with the user's password, stealing the encryption key, and using their decrypted pw in the same manner.

Second of all, homeowners' insurance policies generally don't pay for items stolen in a burglary, if there is no police report or no signs of forced entry.

With the virtual world.... well... if an ID thief raids your credit card account electronically, you're not liable beyond $50 anyways, as long as the charges are fraudulent -- there is no virtual requirement to show 'forced entry'; only that the charges were unauthorized. Insurance won't generally cover the loss of personal/private data, so showing signs of 'virtual forced entry' just isn't of any real benefit

Third of all.... unlike the virtual world; in the physical world, you can be sure that manual physical actions are required to defeat every security measure you put up. If you put up enough good measures, it will take so long to commit the crime, OR the crime will be so visible to the public, that criminals' chances of being caught are so high, that they will move on to an easier target.

Because houses are not like consumer electronics; houses are not produced en masse to identical specs... not all houses have identical security designs provided by the manufacturer. Pretty much, every house is unique, and there are most likely plenty of 'easy targets'.

With phones, for the most part, all targets of the same make/model phone will be equally 'easy' targets; 'moving on to an easier target' doesn't have much an analog, BUT it facilitates highly automatable, standardizable methods of attack.

A cat burglar cannot "download a piece of software" to automatically force the door open on every house on the block without extra work, extra time spent on their part, doing physical things, requiring them to spend more time at risk, and thus increasing their chance of being caught.

Walking in the door is not obviously "wrong"..... busting down a door is going to raise suspicion of ANY person (neighbor or otherwise) that sees this, and the police are likely to be called as soon as these signs are spotted.

Re:Sorry, disagree that SHA/MD5 is a solution

Oh please. The modern EULA is such a opaque monstrosity that calling anything buried in it "out in the open" is disingenuous at best.

In any case, the location database snafu is not an good analogue. In the password case, even if the password was encrypted, the *decryption key MUST reside on the device* in order to be able to send the password. Apple could have easily encrypted the location database with a public key for which they retain the private key, and transmitted the encrypted data. Decryption on the device was not a requirement.

Re:Sorry, disagree that SHA/MD5 is a solution

Yeah, because it's Android, it's ok...

A few months ago: APPLE STORED YOUR LOCATION DATA IN PLAIN TEXT!!! HOW STUPID ARE THEY? THE ONLY EXPLANATION IS THEY ARE TRACKING YOU!!! PEOPLE WILL BE STALKED USING THIS!!!

You can't refute the logic (probably because you don't actually know anything about security) so you make an ignorant comparison to Apple.
JailbreakMe...nuff said. Apple's security isn't good enough for them to rely on it to protect plain-text data.

Re:Sorry, disagree that SHA/MD5 is a solution

Android is much less secure

Yet unlike the failing security of iOS there is no website that can get system-level access to your Android device just by visiting it.

and it's more open, but not "far more open".

Since there is no yardstick for either of those saying it just makes you look like an idiot fanboy.

Where's the source for Honeycomb?

The release is scheduled, however comparatively almost no devices run Honeycomb (in fact no phones at all run it).

That's just apologetics. If Android is locked down and it's still Android, you can't just brush that off

That's additional device-specific lockdowns on top of Android, not Android itself.

Re:Sorry, disagree that SHA/MD5 is a solution

[devilspgd]

Go look at a blackberry to see disk encryption done properly - the key is not stored on the device, it's the derived from the user passphrase.

First off, I don't think you've described how it works on BlackBerry correctly. Second, the way it works on the iPhone is a key is generated, then it is encrypted with the user's passphrase. This is standard for encryption systems, including FDE.

On BlackBerry, the key itself is generated by the device on first boot, and the key is stored encrypted with the user's password as well as some device-specific data, making extraction of the key difficult.

For internal storage, the user can choose whether to encrypt Contacts or Media or not, everything else is encrypted at all times if encryption is enabled.

For the SD card, the user can choose whether to encrypt files using the device's key, their password, or both. This allows you to control who/what can decrypt the card's contents, either requiring the device's key (rendering the data on the card useless if the device itself is lost), the user's password (allowing the data to be decrypted anywhere with the user's password) or both (requiring both the "something you have" and "something you know"). Similarly, media can be encrypted or not, so as to allow media to be accessed from another device.

AFAIK iPhones don't actually use the user's passphrase at all for the device-wide encryption, or the keychain. If you want to prove it, try this:

1) Enter your landline number into the phonebook with a specific name.
2) Lock the device with a code.
3) Reboot
4) Call the device from a landline.

Note that the iPhone figures out the name? This indicates that the contact list is not encrypted in a way that requires the user's passphrase, since if it did, the iPhone would be unable to access the contact list to do the name lookup.

Similarly, the device can receive email after a reboot, before it's unlocked, indicating that either email passwords aren't stored in the keychain, or the keychain is not dependent on the PIN.

Re:Sorry, disagree that SHA/MD5 is a solution

[devilspgd]

If an encrypted disk image can be decrypted by an attacker in realtime, then the encryption is not so good, is it?

The best encryption in the world won't help you deal with the fact that the device itself needs to store it's own decryption key so that the device can function.

Re:Sorry, disagree that SHA/MD5 is a solution

Not true. There are generally two PINs, one for the phone and one for the SIM (this is true even in Europe). If the PIN was for the SIM alone, then your phone would never ring until you unlocked it - patently untrue.

Re:Sorry, disagree that SHA/MD5 is a solution

[andymadigan]

You can't simply transform the pin to make it stronger. By its nature there would still be a limited number of possible values. If there are 10,000 potential pins, and I hash the pin to get the encryption key, there are still only 10,000 possible hashes.

If you assume that an attacker can get access to the storage of the phone, then brute forcing the pin will be trivial, and the passwords will be no more secure than if they were plaintext.

The real solution would be to not store the passwords on the phone, rather store them on a remote, secure server. The server can enforce pin-lockouts more effectively, and could probably act as the polling agent for the various e-mail and other accounts, potentially saving battery life on the phone. But that has its own complications.

Re:Sorry, disagree that SHA/MD5 is a solution

Pretty much says it all about you

Re:Sorry, disagree that SHA/MD5 is a solution

[node+3]

Oh please. The modern EULA is such a opaque monstrosity that calling anything buried in it "out in the open" is disingenuous at best.

Have you read Apple's EULAs? They aren't exactly "opaque monstrosities".

In any case, the location database snafu is not an good analogue. In the password case, even if the password was encrypted, the *decryption key MUST reside on the device* in order to be able to send the password.

Which means jack shit. It's still better than simply storing it plaintext in a database. There's just no way whatsoever to defend this without raising severe suspicion of fanboyism.

Apple could have easily encrypted the location database with a public key for which they retain the private key, and transmitted the encrypted data. Decryption on the device was not a requirement.

How does that make any sense? What good would a location database cache be if it's encrypted? The information is there to help the phone lock onto GPS, not for Apple.

Re:Sorry, disagree that SHA/MD5 is a solution

[xenocide2]

Help me out here. How would it be different if the phone stored Kerberos credentials instead? Yes it hashes your password, but now that hash is the decryption key. Disclose that and you're fucked, just as much as

Re:Sorry, disagree that SHA/MD5 is a solution

[lonecrow]

Which is why your phone needs a strong unlock pattern or password. Otherwise someone can pick your phone up off a bar table and own all your accounts via forgot password links.

Re:Sorry, disagree that SHA/MD5 is a solution

[MobileTatsu-NJG]

Ok... so what does that make the folks that are letting Google off the hook so easily?

Re:Sorry, disagree that SHA/MD5 is a solution

[Abreu]

Maybe you should trying buying me a phone that does not require being powered off in order to be restarted in flight mode. (Which requires entering your PIN, if you' ve not disabled it). Every mobile phone I've ever owned has worked this way. Including my 2-months-old Samsung Galaxy.

You... are not making any sense. My Droid Incredible has a widget
with an airplane on it. Click it, all radios are killed, unclick it, all radios
are back on.

-AI

My lowly Huawei Ideos has the same feature, so it's most likely part of Android.

Also, hold on the power button, and a menu pops up, asking if you want to turn it off, or just put it on airplane mode.

Re:Sorry, disagree that SHA/MD5 is a solution

[AmiMoJo]

It is no different to how your browser stores your password on your PC for automatic login. I bet every other smartphone OS does the same.

Complete and utter bollocks.

Re:Sorry, disagree that SHA/MD5 is a solution

[RichiH]

Storing your previous locations is not needed for the function set desired by the average user.

Storing passwords, on the other hand, is.

It would be nice if there was an option to unlock the encrypted passwords at boot time, but unless you are willing to give up background synching, you are required to have a plain text copy _somewhere_. I fully expect the business-geared phones to offer something like this within a year or two.

I am not saying that storing passwords in plain text does not suck. Yet, you seem to be mixing two totally unrelated issues to further your side of the agenda. But on Anti-Android, it's +4 Insightful when you do that ;)

Re:Sorry, disagree that SHA/MD5 is a solution

[allo]

a large salt is useless on a 4-digit pin. you can just brute-force it without need for rainbow-tables.

Re:Sorry, disagree that SHA/MD5 is a solution

[TheRaven64]

Kerberos probably isn't much better, but my point is that IMAP and POP both use SASL for authentication, so it's relatively easy to plug in other authentication systems. One-time passwords (supported by most mail servers that I've used) would make sense for a mobile device. You typically enter a short PIN and the device generates a new password from it and a challenge from the server. This is then valid for one use. If someone steals the device, they still need to know the PIN, and you can set the server to block OTP authentication after a few dozen failed attempts.

Re:Sorry, disagree that SHA/MD5 is a solution

[icebraining]

Your argument for its existence is an ad hominem. Sorry if I'm not convinced.

Re:Sorry, disagree that SHA/MD5 is a solution

[Stellian]

The vast majority of servers support CRAM-MD5, a simple protocol that is immune to replay attacks and allows the server and client to store only an MD5 internal context of the password (128 bit, before finalizing the hash), and not the plain-text password. But it's still an unsalted hash that is fairly easy to break in the age of GPU brute-force crackers.

Re:Sorry, disagree that SHA/MD5 is a solution

[xaxa]

When I swap the SIM in my Android phone I'm prompted to re-enter the password for my Google accounts (but not others, like Facebook, Last.fm, Exchange etc). There must be something going on, but I'm not going to guess.

Re:Sorry, disagree that SHA/MD5 is a solution

[Superken7]

>It's not. it made me aware how losing my device can be very dangerous, even if I am using a password. So I will take some precautions in case I lose it. This is just my personal "why". There may be a 100 others very valid reasons.

Agreed, the article makes the point that your device is not secure. But it specifically criticizes the fact that its plaintext, which is not that different from storing it in encrypted form if you are not going to ask for the user's password, because both ways would be insecure for the same reason: storing passwords offline that are not protected by strong passwords (that in turn are not saved offline)

> There is. If things are more complicated, you reduce the risk of massive, automated password grabbers. Suppose it's becomes easy to access data specific to an app, but not easy to impersonate the app (signed binaries, checking sizes, etc), then having the data encypted with some other data (like your PIN) can reduce the threat significantly, they will have access to anything not encrypted by the app itself. eg. It can also help in other cases, eg. you lose your SD but the data there is worthless to someone that finds (or steals it).

Yes, you can complicate things a bit so attackers must do a bit of reverse-engineering. Sure, that's more difficult than recovering it in plaintext, I agree on that.
But it does NOT prevent the risk of massive, automated password grabbers, at all. Please take in mind that it takes only one device to get hacked by one skilled hacker for every device to fall under the click of a button. If things are more complicated, like you suggest, its only security through obscurity, which doesn't work. Yes, it might take a bit more time initially, but after that delta of timespan, security is broken either way.

I am not sure why you suggest signing binaries and checking whether system data has been manipulated. Were are not talking about remote/runtime attacks at all. Signing stuff and preserving data and binary consistency does not protect against the attacks I'm talking about at all, because they are done offline, and not in runtime.

> having the data encypted with some other data (like your PIN) can reduce the threat significantly,
> This assumes brute force would always works. That's why banks look for number of failed attempts. If they don't have access to that encryption key (they only got to the app data) and they need to guess, something can happen when they guess too much. Also, if it's on an SD, then the PIN is still worthy. If plaintext (eg. user data for a bank account), in SD you can just grabb it. But if it's encrypted with a PIN, they need to test against the bank server. And after 5 failed attempts, it will lock the account. Some people also have notifications of all logins, or all failed logins.

Again, I think you are referring to a remote attack or a rogue applications. That is not the case. I am referring to offline attacks here with physical and/or root access as I said (remote attacks should be dwarfed because apps are sandboxed from each other and plaintext passwords are not available unless you gain root access, in which case you have already broken security through other means).
Thus, protecting data with your PIN does certainly not "reduce the threat significantly". A 4-digit code will fall in less than seconds to offline attacks: its the attack under the circumstances you were describing yourself: when losing a device, for example.

> So not, there are better things even if not perfect, that can save hundreds of millions of people thousands of dollar. I have an Android, and the mentality of the Android fanbase (here) is making me reconsider Apple.

Why do people constantly assume this is Android vs iOS? I have both iOS and Android devices at home and my head did not explode, nor did any of my devices with different OSs when getting near each other, even when in contact ;)
I really think it is a fanboy mentality to try and bring up this Android vs iOS every damn time one of both is mentioned, not unlike pointing out flaws if the article's/story's purpose, or however you want to call it.

Re:Sorry, disagree that SHA/MD5 is a solution

[MobileTatsu-NJG]

That's interesting because one of your posts already alluded to its existence.

Re:Sorry, disagree that SHA/MD5 is a solution

I've heard they've invented encryption where the user can enter a password, obviating the need to store the key on the device.

Re:Sorry, disagree that SHA/MD5 is a solution

[jhdevos]

A few months ago: APPLE ......

And yes, again someone turns this into an Android vs. Apple war. 'Some idiots talked about Apple in an irrational, sensationalist way a while back, so now we can do the same thing with Android!' is basically your argument here. Please, leave Apple out of this.

And as referenced by posts below, merely posting a story where someone says, quite meekly, that it might be "desirable", or a "good idea" to up the security on Android is grounds for mocking.

Well, the OP did say something about MD5 which was a little bit silly. Should he/she be mocked for this? No, I don't like mockery, not everyone can be an expert in everything of course, and I rather prefer a rational discussion in any case. On the other hand, I do find it strange that the /. editors managed to let this pass without a little bit of critical thought (apparently).

Now, whether or not obfuscation is a good or bad idea is up for a lot of discussion. In any case, it is in no way stupid to think about and discuss the risks of plain-text password storage -- I'm pretty sure that a lot of users won't be aware of them. I also think that adding a thin layer of obfuscation does not really improve the situation, and it certainly doesn't solve the problem... but that is just MHO.

Re:Sorry, disagree that SHA/MD5 is a solution

[LordLimecat]

Somehow, the OS X and iOS keychain manages to use encryption to protect passwords,

And if you had read any of the comments here at all-- including the one you replied to-- you would have understood that that does NOTHING AT ALL. A properly protected password will be inaccessable to apps without proper permissions, encrypted or not. If you encrypt it, anything using the login still needs the decryption key, which must be on the phone, and thus would be potentially accessible to any app trying to grab the password.

In otherwords, such encryption is worthless, because it is on the device by necessity.

Re:Sorry, disagree that SHA/MD5 is a solution

[maxume]

I have no experience with Kerberos, but just reading the Wikipedia entry:

http://en.wikipedia.org/wiki/Kerberos_(protocol)

It looks like the password hash is only used to decrypt the session key provided by the authentication server. So the session is maintained with that key and the password and password hash can be discarded.

If the device is compromised with a valid session key, it should be possible to terminate access once the compromise is noticed, simply by revoking that session key (and the device shouldn't contain the information necessary to obtain a new session key).

Re:Sorry, disagree that SHA/MD5 is a solution

[andrewa]

Including my 2-months-old Samsung Galaxy.

Cheapskate, buy your toddler a new Samsung Galaxy instead of giving him/her your hand-me-downs.

Re:Sorry, disagree that SHA/MD5 is a solution

[julesh]

probably containing 99% pirated apps in the first place, because why the hell else would you not use the official marketplace.

Because marketplace access is limited only to certain operating system builds. There are many devices (mainly the sub-$100 tablets) out there that cannot use marketplace. The unofficial x86 port (used on some Atom based hardware) also cannot access marketplace.

Re:Sorry, disagree that SHA/MD5 is a solution

...And all it takes is one enterprising malware developer running the 'rage against the cage' exploit to gain access to whatever they want Keep in mind, that it's not just 'end users' that can root most phones out there on the market, and most android phones are still susceptible to this particular exploit.

Re:Sorry, disagree that SHA/MD5 is a solution

[Macthorpe]

Once they have access to whatever they want, then they can also get the encryption key to decrypt the passwords, so what's the point? That's what I'm trying to say.

Re:Sorry, disagree that SHA/MD5 is a solution

This happens everywhere. People freak out about things they don't understand. Retail places have done the same thing with requiring sole use of encrypted pin pads rather than letting the cashier have the much needed option of sliding it themselves with a USB reader when the idiot customer can't do it. Sorry, but I think I'd notice if there was some guy I didn't know standing right next to me with a laptop and a bunch of cables plugged into my cash register...

Re:Sorry, disagree that SHA/MD5 is a solution

[fferreres]

This was a very fair point by point informative post. Thanks! I agree that if the attacker has root access (wish there was more granular permissions used) or has access physical to the device, little can be done to prevent harm. Except with a strong login password and full encryption (and still, the can probably brute force the password by different means).

All in all, I think that the more the user understands the risks, the better. And the harder it's for an average person (not the dedicated hacker) to get to one's stuff, the more secure one is on average. In most cases, one will just forget the phone or have it stolen for the device itself with hacking as second thought.

Do you think remote wipers add any layer of real protection? I am worried because of the risk of having my phone wiped (which I presumed better compared to not be able to have even a slight chance at wiping it remotely if I lose the device

Re:Sorry, disagree that SHA/MD5 is a solution

[fferreres]

What about a secret gesture to unclock the device after every sleep (and strong disk encryption using that key), it can be a strong master password as well. Do it wrong once, and the system will forget that password. So unless it's a remote exploit, you'd need a very sophisticated hacker with proper hardware to compromise your system.

This is just becoming more strict with regards to the phone lock mechanism. I am talking about the scenario of losing your phone, or having it stolen for the device by anyone but a very dedicated hacker with the right hardware.

Re:Sorry, disagree that SHA/MD5 is a solution

[xenocide2]

If you discard the password hash, your session key will expire and prompt you for a password again. For normal systems this might be fine, but in the case of mobile devices, you're not paying regular attention to it, and the keyboard is annoying to type with.

Re:Sorry, disagree that SHA/MD5 is a solution

[maxume]

Once every 12 or 24 hours seems to offer some peace of mind without being hugely inconvenient.

This is RICH

I remember all of the mocking Android users did of Apple's security faux pas. Tables have turned.

Re:This is RICH

[oobayly]

Yup, as an Android owner and developer I admit I've mocked other manufacturers for their school boy errors. Guess what my reaction was? Something along the lines of "oh for fucks sake, they had better fix this pronto".

That said, my fetchmailrc file on machines contain plain text passwords and rely on only the owner having read rights, so maybe I'm a hypocrite. Any encryption key will have to live on the device, so it'll be interesting to see opinions and suggestions.

Re:This is RICH

I remember all of the mocking Android users did of Apple's security faux pas. Tables have turned.

If you're so ignorant and stupid to go with a summation that 'both issues deal with unencrypted data and are therefore the same'.

Well submitter is clueless...

[Kjella]

SHA and MD5 are hash algorithms, there's no way to recover the actual password from a hash. And since you need the password to log in, that doesn't make the slightest bit of sense. The best they could do is some symmetric encryption with the key hardcoded in the software as security through obscurity.

Re:Well submitter is clueless...

[Mr+Z]

An alternative to security by obscurity would be to have an actual secured device-specific key on the device, and an encryption block that has sole access to that key. I've actually architected products in the past that have such things, and one of the use models was "user's bag of sensitive data", where you could put items in the bag (passwords, credit card #s, etc.) in a secure manner, and only pull them out as needed. You need to be careful with how you handle the information once it's outside the bag, but the main point is if someone takes the bag (the SQLite database, in this instance), it's valueless to an attacker.

The bag itself could be stored encrypted in whatever bulk storage is convenient, with a key that's only physically accessible to the encryption engine. The key is "device specific", meaning each chip gets a random key blasted into it in the factory. You couldn't take the secure bag image from one phone and plop it on another and read it.

Lest this sounds like science fiction, it isn't. The same technology is used and widely deployed for DRM and other such purposes. Heck, TPM does this same stuff. It could be used to protect your passwords, but there isn't as much money or emphasis on implementing that.

Re:Well submitter is clueless...

[Fireking300]

You can use hash algorithms to protect passwords. If when a person creates a account. The server hashes it. Then when a person trys to log in it hashes the same password. If someone managed to hack the android servers for its passwords all they would be able to get is the hashes.

Re:Well submitter is clueless...

SHA and MD5 are hash algorithms, there's no way to recover the actual password from a hash. And since you need the password to log in, that doesn't make the slightest bit of sense.

Well duh, you just brute-force the password out of the hash whenever you need it. Could take some time whenever you need to login somewhere, but should work just fine.

Re:Well submitter is clueless...

[F.Ultra]

This is not about some android-servers, this is about the android phone storing the password unencrypted locally on the phone. Which it must do since it otherwise cannot use it to authenticate with the e-mail provider.

Re:Well submitter is clueless...

[growse]

I think you fundamentally misunderstand what's going on here.

Re:Well submitter is clueless...

[Tom]

That would make the sqlite file useless to an attacker, yes.

But if he can fetch the sqlite file, he has deep enough access to access other data on the device, very likely including the in-memory decrypted password.

You'd need more than just a safe storage. You would need an OS that does the proper segmentation as well. If you're doing that anyways, making sure nobody who shouldn't get access to the sqlite data in the first place is a lot easier.

For maximum security, of course, you'd want to do both.

Re:Well submitter is clueless...

[Mr+Z]

You'll note that I did say you'd need to be careful with the information when it's outside the bag. That's true whether the password gets stored on the phone, or the phone makes the user type the password every time it's used. If the password only gets stored in RAM, though, you can do things such as wipe buffers immediately after use, etc. to at least limit the size of the window involved. Finding the right bytes in the right VM page (after hacking your way to get access in the VM!!) isn't nearly as trivial as knowing what file to grab in the filesystem. And, if you're able to walk the VM at your leisure, I suspect you've got bigger problems to worry about.

Proper segmentation would prevent run-time attacks that allow you to view RAM that you're not supposed to see when the device is in a normal operating mode. What about devices like the police forensic scanners, that conceivably could use something like JTAG to dump all the flash, without any cooperation from the host OS? I guess at that point we're into a discussion as to what threat models matter most and which ones we're trying to solve, so we can fix the goalposts.

Re:Well submitter is clueless...

What "android servers" are you talking about here?

Re:Well submitter is clueless...

[wasabii]

Doesn't really help for PLAIN or LOGIN methods though, does it?

Or even DIGEST, really. That stuffs simple to break.

Re:Well submitter is clueless...

[godrik]

Instead of hardware encrypted key, you could use a master password provided by the user and either stored in RAM for the whole session or forgotten after some time in a way similar to sudo. That won't prevent anything from malware that achieve root access since they could read the key when typped in by the user, but that will prevent the diffusion of password when a phone is stolen or if the password file is compromised.

You could also imagine that applications need to ask the user permission to access each type of password individually. So the first time I boot up my email client, it asks for authorisation accessing my email password for each account. The user is prompted explicitely with a "remember that choice" check box so that it happens only once. With that model, applications can only access the data it needs. and if my email application ask for my youtube password, I'll be quite suspicious...

Re:Well submitter is clueless...

The "outside of the bag" is what breaks that whole idea down. Even if you had a separate encryption block and a key visible only to a decryption engine, at some point the decrypted data must be visible to the CPU to create a password-containing HTTP request to ship down the network. To defy this scheme all I would have to do is develop an application that accesses the API or parts thereof responsible for that.

You could lock down your API, but the success rooters and jailbreakers have with existing operating systems doesn't make me hopeful. It also could expose you as a device maker to liability and or bad PR for being unable to protect people's sensitive information if bugs in the decryption engine, API, or operating system allow leaks.

Maybe you could place TCP/IP handling in a separate processor (such as in the radio ROM along with the baseband) and link the decryption engine and radio ROM with a separate, private bus. Sounds like a lot of man-hours and effort to implement operating system support, though. Also, better hope your radio ROM doesn't need firmware and or CDMA PRL updates because if you allow such updates, someone will hack that firmware to undo your work!

Re:Well submitter is clueless...

[subreality]

How does the decryption engine determine if it's a legitimate application or a trojan that's asking for a plaintext password?

Re:Well submitter is clueless...

[The+Moof]

The crypto engine would create a hash value of the requesting binary and check it against an internal permissions list to verify that the program is the correct program, and it's not been tampered with.

Re:Well submitter is clueless...

[julesh]

What about devices like the police forensic scanners, that conceivably could use something like JTAG to dump all the flash, without any cooperation from the host OS?

I believe you'll find such a device can also dump all the RAM of a running phone, thus allowing access to the key for any encryption you're using.

Beh

Is obvious that someone complaining about software storing passwords in plain text doesn't know how things work.

Re:Beh

[node+3]

Is obvious that someone complaining about <strike>software</strike> Android storing passwords in plain text doesn't know how things work.

FTFY

Everyone knows storing passwords in plain text is the worst possible way to store a password, and there exist ways (such as the OS X and iOS keychain) to store passwords that aren't so abysmally trivial to access.

But since this is Android, well, it's *stupid* to point something like this out! If it were iOS, though, the tone here would be very different. In fact, back when iOS stored the location database cache (*not* a list of where you were, but the cache of Apple's much larger location database, which can be used to infer larger areas in which you most likely were), this was seen on slashdot as a horrible thing!

You guys are practicing platform-centric hypocrisy, to such an extent as to completely rewrite reality to suit your preferences. There's a word that gets tossed around here for merely saying something *nice* about Apple, so I'm sure I don't have to actually write it. But do consider for a moment how many of you can ever use it again without contradiction.

Re:Beh

[Macthorpe]

I don't think you actually understand anything about the issue. Do you know where the actual passwords on the device are stored? If you look into that, you'll see why further obfuscation is unnecessary. If a user can get access to the folder where these files are stored, they already have enough information to break any remaining encryption on the device.

It's sad that you see this as 'platform-centric hypocrisy' instead of what it is - a non-story dredged from a year old post by an Android engineer that only confirms what other rational people already know.

Re:Beh

[node+3]

Absolutely incorrect, and a perfect example of the Android fanboyism I was talking about.

There's absolutely no way to argue against the idea that plaintext password storage is the *worst* way to store passwords. Period. There is no further discussion.

Storing them in a place that is normally restricted is better than just storing them in the user's home directory, or in a globally accessible location. But to say there's no reason to encrypt the password is absurd. Somehow Apple does a great job with the keychain. There's no excuse for an OS to not have some mechanism for locking passwords away.

Further, the "hypocrisy" here is that when Apple stored a location database cache in plaintext, you lot were up in arms. Hypocrisy.

If a user can get access to the folder where these files are stored, they already have enough information to break any remaining encryption on the device.

That is absolutely incorrect. See the iOS/OS X keychain for more details.

Re:Beh

[Macthorpe]

Further, the "hypocrisy" here is that when Apple stored a location database cache in plaintext, you lot were up in arms.

Yeah, don't think that was about it being in plaintext - it was about it being recorded at all, in secret, and then it being transferred to your PC, also in plaintext, and very easily available. The passwords in plaintext on the Android device are stored in a folder that cannot even be seen unless you root the phone, let alone access - and even then you're still subject to the usual sudo-style admin permissions to give apps access to it.

That is absolutely incorrect. See the iOS/OS X keychain for more details.

What, this iOS keychain? iOS keychain system crack can expose passwords

Again - if you have that level of access, there's little you can't do. The iPhone must store the encryption key somewhere on the device or it's useless. It's only a matter of time until you or someone else finds it. It's not fanboyism to state the obvious.

Re:Beh

[Superken7]

You should not generalize because many of those that are saying that this is a non-issue were not necessarily criticizing that same thing about iOS. See this other reply next to me, you are just accusing people of being hypocrites without any "evidence" and its making you look like a fanboy.

Also, AFAIK Android *does* store those passwords in a restricted place where no other app has access to; certainly not a globally accessible location like the users' home directory like you suggested. The fact that this is stored in plaintext or using encryption (which would have been pointless anyway) is irrelevant. What *is* relevant is the fact that no other app can access this information, and you would need to have physical access and/or root access level to the device in order to recover this information.

Looks like there IS room for discussion and it was you who was - at least in part - wrong.

Who is the fanboy, the one who points out how this is a non-issue or the one who somehow manages to mix iOS into the subject and criticizes those who point facts out, comparing it to a remotely related iOS issue? It doesn't matter if iOS did or did not the same, its not about who's platform is better until fanboys come and force it down to a iOS vs Android thing.

Re:Beh

Further, the "hypocrisy" here is that when Apple stored a location database cache in plaintext, you lot were up in arms. Hypocrisy.

Fuck you're a sad cunt that you actually define yourself by the product you use with this 'us and them' mentality. This retarded assumption that anyone who disagrees with something anti-Android must also agree with something anti-Apple just shows how much of a pathetic fanboy you really are.

Re:Beh

[julesh]

If a user can get access to the folder where these files are stored, they already have enough information to break any remaining encryption on the device.

That is absolutely incorrect. See the iOS/OS X keychain for more details.

According to research by Fraunhofer, the iOS keychain will provide protection against a concerted attack for approximately 9 minutes, being how long it takes to brute-force the encryption keys it uses (which are derived from the user's pin). A false sense of security is worse than no security, in my book.

Encrypt The Phone

[steevven1]

As a precaution, you can encrypt the entire phone's filesystem. The Droid Pro, for example, offers this feature as a part of the OS. Unfortunately, for this to be fully effective, this means choosing a STRONG (ie long and complex) password with which to unlock the phone each time you want to use it, which may be impractical.

Re:Encrypt The Phone

[growse]

Blackberry's do exactly this. It works well, but a lot of people argue against the convenience. The thing about security controls is that they're rarely convenient, so it's always a trade-off.

Re:Encrypt The Phone

[complete+loony]

Or you could just encrypt the database.

Re:Encrypt The Phone

That's why you write the password on a sticky note and stick it on the back of the cell phone. The same concept as sticking a sticky note on one's monitor or under a keyboard. (This is meant as a joke for anyone who thinks I'm being serious.)

Re:Encrypt The Phone

[JAlexoi]

Convenience - what if you're under fire and you need to call in for backup? Your life depends on you having quick access to your phone. It's not always about convenience, sometimes it's just about requirements.

Re:Encrypt The Phone

And store the encryption key in plain text, so that the phone can decrypt it when it needs to.

Or require the user to enter the key every time, but then you might just as well avoid the entire problem by requiring the user to enter the original password every time.

Old News

[Pirow]

1. This is almost 1 year old "news".
2. Why does it matter? These passwords are generally transferred in plain text without any sort of encryption anyway (which is another issue, but these old protocols are well known to be insecure without SSL etc.) so if you have access to get to the file in question you have access to sniff out these passwords anyway which is just as simple.
3. Any one way hashing is no solution if you need to transfer the passwords in plain text anyway, what's your POP3 server going to do with a MD5 hash?

Re:Old News

Why does it matter?? Had it been another very popular, alternate OS, you guys would be jumping all over it and screaming revolt. But hey, why does it matter right?

Re:Old News

[gilesjuk]

Exactly. If Apple does it wrong it's the end of the world. Android does it then the fandroids come up with some technical excuse as to why doesn't matter to them.

SSL is supported on my mail accounts these days to stop accounts being harvested and used for spamming.

Re:Old News

[vinehair]

Sounds like you're a bit of a sore Apple user, or just an anti-Android person (why are people like this? I don't understand it) who is a bit threatened, or perhaps you just like to appear smarter than people by trying to point out that Slashdot is just as biased as any other place (which it is.) But trying to pretend that the competent technical folk on the site that have very correctly pointed out that this is a non-issue being propagated by people that don't actually understand what they're talking about, which is what I'm assuming you also are, as you didn't even continue to read the post you're replying to beyond the eleventh word.

Re:Old News

As to point 2: just because a majority of users still use non-SSL protocols to check their email doesn't mean I do. Don't assume that passwords don't need to be encrypted because they're going to be sent in plain-text over the wire anyway.

However, point 3 is absolutely valid.

Point 1 would be valid if it were fixed...

Re:Old News

[MobileTatsu-NJG]

Sounds like you're a bit of a sore Apple user...

To somebody that is more objective on the topic, he sounds like somebody who thinks noisy Slashdotters should at least be consistent. The whole 'competition is good' principle falls on its face if one company is held to a different standard than another's.

Re:Old News

[bonch]

I think he made a very good point--that if this wasn't about Android, it would be treated as a big security issue. When it's Android, or more correctly, Linux, there are justifications and excuses made.

Calling him names isn't going to change the validity of the point he made.

Re:Old News

[bonch]

Oh, well, hey, if a major security flaw is almost a year old, it's no longer news!

Why are Android security problems always justified and dismissed on Slashdot? If this was iOS, I suspect your post would be completely different.

Re:Old News

nice try node3^h^h^Steve Jobs

Re:Old News

[jo_ham]

So the thrust of your argument is "bias is expected, and it doesn't matter if we're inconsistent, and you're a "sore loser" if you call us on being biased and hypocritical".

Gotcha.

Re:Old News

Because you don't understand the problem.

It is mathematically impossible to create a system which you cannot pull the password out of, while at the same time being able to supply the password to the server when needed.

Well, there is "Trusted Computing", but that just transfers the problem from software to hardware - meaning that you need an electron microscope or logical analyzer, rather than a rooted phone. Sure it's much harder, but the problem is still not solved in the mathematical sense.

Also, one of the main things that Apple gets criticized for here, is exactly the "Trusted Computing" model, where you don't really own you phone (unless you jailbreak it). Apple decides what you can install on your phone, you don't.

Re:Old News

Hint: Google stockholders are likely replying.

Re:Old News

[vinehair]

It's strange that I've been modded troll for what I said and I have replies like the parent, when the post I was replying to was adding nothing to the conversation, countering the valid point 'Why does it matter?' with 'well, if reality was different for a second, Slashdotters would pretend that it does matter because we're a bunch of fanboys.' I don't see how that is a useful point, as accurate as it is to point out, except to troll. It doesn't matter, and it wouldn't matter if the platform we were talking about was Android or iOS. The fact that some people would get their knickers in a twist if this was iOS is neither here nor there to the facts - and the fact that other people have said that folk are making 'excuses' is telling, because there are sound technical reasons for this whole thing. It's no use trying to proclaim that people are biased - everyone knows that, it's a fact of life - but the best response is to deal with it when it happens, on the next Apple security 'hole' that has a sound technical reason. Trusting at thin air, attacking the people that would otherwise do this, is worthless because nobody with feel like it applies to them, so all it reduces the post down to is a slightly sour attack that ignored the logical points for the sake of making a frustrated reply.

Re:Old News

Our Exchange server uses SSL only. Non encrypted ports are not turned on. Our users connect and authenticate to their e-mail using their Android phones. Being Exchange and AD, this is the same user and password that they log onto the network with. So you are telling me my domain admin passwords are stored in plain text on Android phones, and that any old app downloaded to a rooted Android can read this password? Nice.

Re:Old News

[Timmmm]

> Oh, well, hey, if a major security flaw is almost a year old, it's no longer news!

News.

*New*s.

And it's not news anyway - anyone who knows anything about security could tell you that.

Re:Old News

[brunes69]

Because this is not a security problem and anyone who knows anything about security knows that.

Security through obscurity is meaningless. Having a reverseable obfuscated password is not "encrypting" the password.

The whole premise is total nonsense. If a password is saved on a device, and can be retrieved and transmitted with no user interaction, then it is not encrypted. If user interaction is required, then why save the password at all.

Re:Old News

Other have explained it, but to put it simply, if an attacker can read the plain-text password, then that means your phone is already compromised which means they could access any decryption keys if the passwords were encrypted, worse case for the attacker would be if the encryption featured password protection, but then they'd only have to wait for you to enter the password.

Re:Old News

[bonch]

I understand the problem completely. It seems it's you who doesn't (it doesn't surprise me that you posted anonymously once again).

The phone ownership issue at the end of your post is completely irrelevant and has nothing to do with my point that a year-old security issue is still an issue.

MD5 is not encryption

[microbee]

MD5 is a one-way hash, not encryption. You store the password in this form, you cannot go back to the original form.

You need the plain text password for interoperating with the email servers (or whatever services that need password). They may support a different transformation of the password instead of MD5. So there has to be a way to go get the original plain text password.

On the other hand, if you use SHA or other means of encryption, the phone still has to decrypt the password. There are two ways for the phone to get the key:
1. embedded on the phone, maybe generated randomly for each user. Still the key has to come from somewhere, so theoretically it's possible for any malware to find the key and use it.
2. ask for the key or passphrase from the user everytime the phone boots, like Firefox's password manager.

Re:MD5 is not encryption

[microbee]

Correcting myself, SHA is a hash function too. I got it confused with the public key encryption.

Re:MD5 is not encryption

[Baloroth]

This. Maybe you could do some sort of hardware-level black-box encryption system (kinda like I how SIM cards already work). That way, simply reading the file system wouldn't be sufficient, you would need to actually be able to perform a hardware level request to decrypt the password. Doesn't add much security, but maybe better than nothing? Don't think it would be worth the cost, though. Anything able to read your filesystem if probably gonna be able to get around this.

What we really need are device tokens to authenticate the device to the your email server. I believe GMail has a system like this for people who activate two-factor authentication to allow email programs to work without being reauthenticated. This token would only work on that specific phone, so copying it wouldn't allow access to the email, though I'm not exactly sure how/if this would work. I'm sure there is someway. Obviously, combining the above two would work wonders (so the hardware black-box would do all the encryption, theoretically making it impossible to hack, and the encryption would be unique to this phone), but then you wouldn't be able to access your email except through that phone. Unless you use two-factor authentication, but since that usually involves calling your phone... might cause some problems.

Re:MD5 is not encryption

Any cryptographically secure hash function (i.e. not MD5...) can be used for symmetric encryption. You hash an initial value and a key, then you hash the result, then the result of that and so on. This generates a stream of numbers which depends on the key and the initial value and cannot be generated without knowing the two. XOR your data with that stream and you have encrypted your data. Decryption is symmetric.

As with all cryptography, the cipher algorithm is hardly the difficult aspect. You just choose from the proven ones. The crypto system surrounding the cipher is the thing that often goes wrong. In this case, where would you store an encryption key on the cell phone? That's what trusted platform modules are for...

Re:MD5 is not encryption

If you get SHA confused with Public Key, maybe you shouldn't be offering encryption advice.

Re:MD5 is not encryption

[izomiac]

Phone power users are notorious for misunderstanding encryption. For example, to this day people talk about the Droid X's "encrypted boot loader". Obviously, encrypted bytecode isn't executable (quiet about homomorphic encryption, that's not yet practical), so the bootloader is in plaintext. It's merely that firmware upgrade images are signed.

IMHO, what needs to be stressed is that *any* form of "Remember my password" is insecure. This is by design, since the point of it is to ensure that the password can be read without user interaction.

Public key cryptography

[Omnifarious]

It should generate a certificate for access to your account. The password should only be used the first time you log in to establish the certificate as one which has access to your account. You should then be able to go to the web and see what kind of history of access and operations each authorized certificate has been performing, and allow you to revoke any certificate which is misbehaving.

But that, of course, is good security that isn't a huge pain and a headache for the user. And, as we all know, and the TSA is fond of reminding us, security must be a tradeoff between ease of use and good security. So I'm guessing that solution will never be adopted.

Re:Public key cryptography

erm,

From the article, reply from android support:

"The first thing to clarify is that the Email app supports four protocols - POP3, IMAP, SMTP, and Exchange ActiveSync - and with very few, very limited exceptions, all of these are older protocols which require that the client present the password to the server on every connection. These protocols require us to retain the password for as long as you wish to use the account on the device. Newer protocols don't do this - this is why some of the articles have been contrasting with Gmail, for example. Newer protocols allow the client to use the password one time to generate a token, save the token, and discard the password."

Re:Public key cryptography

[growse]

Given that a certificate is effectively just a very very long structured password, what stops me pinching the cert off the phone and using that to sign into the relevant service? A certificate doesn't solve the problem, it just changes the terminology slightly. It's still bits and bytes stored on the phone that can be used as a secret to access a service as a user.

If you want a device-specific password, Google already support that for their services through their two-factor authentication with application specific passwords.

Re:Public key cryptography

[Omnifarious]

Nothing. But there is no way data can be stored on the phone that cannot be used to access the service.

The best you can do is make sure that it's apparent when the phone is being used to do something via the service so a user can monitor it and cut off access is something untoward is happening.

Re:Public key cryptography

[Omnifarious]

If you want a device-specific password, Google already support that for their services through their two-factor authentication with application specific passwords [google.com].

What I want is a password that is unguessable. Storing any kind of user password at all is totally unacceptable. I haven't used a password to remotely log into any of my computers for at least a couple of years now. Somebody who somehow got a copy of my password database would be unable to use it to get remote access to my computer. They'd have to get private keys instead.

I have separate private keys for each device capable of physically authenticating me. So if I lose any of those devices I can easily revoke its access to anything in a very short period of time without affecting my ability to use any of my other devices to.

Re:Public key cryptography

[growse]

It's a good idea, and Google already do this. Scroll to the bottom of gmail and on the right there's a link that opens a windows giving a list of current open logged in sessions, as well as a history of sessions, giving datetime, IP address and type (Mobile, browser, IMAP, etc.).

Re:Public key cryptography

[growse]

And that's brilliant, but what I'm saying is a private key is just a long password. They fall into the same password-factor space of 'something you know'. By thinking that a private key makes you any more secure than a password on the basis of anything other than password length is wishful thinking.

I believe you're also free to set your Gmail password to be 100 characters, making it effectively 'unguessable'.

Re:Public key cryptography

[DavidTC]

Yes, and the second IMAP supports this standard you've invented, feel free to pester the Android people to implement it.

This article, however, is retarded. Of course the password is stored on the device. It couldn't access email if it wasn't.

As some people said, they could make it slightly better by encrypting the filesystem or the file, and requiring people to enter a password to decrypt it on startup. Although considering that telephone 'passwords' tend to be only 10000 different combinations, uh, those are trivially easy to crack with brute force.

But that's not anything close to what the article suggests, because the article was written by an idiot who thinks you can log into places with hashes of password instead of the actual password. (Which would, of course, defeat the entire point of using hashes in the first place.)

Re:Public key cryptography

[Tom]

The only thing certificates, hashes, challenge-response, etc. etc. gain you is the attacker doesn't learn your password itself. If you use the same password for other things, that's an advantage. But it doesn't prevent him from accessing your account after cracking your phone.

(and yes, /., it took less than a minute to type that. moronic system)

Re:Public key cryptography

[swalve]

"Google already do this"?

How many Googles are there?

Re:Public key cryptography

[TopSpin]

what stops me pinching the cert

The cert won't help. A 'cert' implies some form of public-key cryptography, where one must have a private key to be authenticated. Anyone may have the cert and its public key; it is public material and dissemination compromises nothing. The question is how does one secure the private key.

One can imagine an HSM embedded in a portable device. This could isolate key material such that recovery, if possible, would require time, physical possession and destruction of the device.

Someone is actually attempting to provide this in the form of a microSD card. Ultimately the best solution would have the HSM circuit embedded in the SOC. Given the liberal nature of ARM SOC manufacturing, where designers mix in modules as they wish, it seems entirely feasible.

Still, sites often can only authenticate a password, so the password must be stored. Would encrypting the password(s) offer any benefit? I think it might, given a correct design. If the encryption key were stored only in RAM then a power cycle of the device would protect the credentials. I could briefly lend the device to someone and they would have no access to services for which I had stored passwords. A neglected (how many old phones do you have lurking around, dear reader?) or lost device would eventually discharge to the same effect.

Re:Public key cryptography

Yes, but it's a computer generated and remembered password, so if it becomes compromised I just revoke the certificate and don't have to choose a new password. This is much preferable to me.

Re:Public key cryptography

A googol, of course.

Re:Public key cryptography

[Omnifarious]

There is no algorithm at all that will help you if your cell phone is compromised. Two factor authentication or no, once your cell phone is compromised it's game over.

But having your gmail password on your cell phone is a very bad thing because you might use that password for other things, or your passwords might follow a theme, or any number of other things. You should never store a password if you can help it, and you certainly shouldn't be storing it on a cell phone.

So, that leaves a password that's basically a string of random characters. You're right, there is not much gained by it being a public key. The important thing is that it is a long string of completely random gibberish that's specific to the particular device it's stored on.

Re:Public key cryptography

[Omnifarious]

Yep, I agree with you completely. That's what I'm trying to defend against.

Re:Public key cryptography

Use of the plural verb with names of groups or organisations made up of multiple persons is the norm in Commonwealth English.

US usage requires you to say "International Business Machines does this", which sounds pretty odd to me.

Re:Public key cryptography

[swalve]

It is pretty simple. The verb (do/does = to be) is conjugated based on whether the word is singular or plural. Google, and International Business Machines, are singular. You aren't talking about "machines", you are talking about IBM. Which is a company. You wouldn't say "James are going to the store" just because it ends in an s, would you?

Re:Public key cryptography

But if James and his ten thousand employees are going to the store, I would.

Re:Sorry, disagree that SHA/MD5 is a solutionj

[segin]

My phone's "power off" is a suspend-to-RAM mechanism by default. HTC calls it "fast boot". Only by disabling "Fast boot" is power off really power off. Else yanking of the battery becomes a requirement.

Cant get too worked up over this.

[Kenja]

Given that by default you're auto-logged into your Google account, if someone has the phone they have email access. Would be nice if there was better security of course.

Trusted Platform Module

[tepples]

with a key that's only physically accessible to the encryption engine.

The last time that was tried, where not even the owner of a device can access its keys, that was called the "Trusted Platform Module", and the Slashdot crowd was up in arms against it.

Re:Trusted Platform Module

[Mr+Z]

You may've missed the part where I said "Heck, TPM does this same stuff." TPM itself isn't evil. It can be put to good uses also.

Re:Trusted Platform Module

[Mia'cova]

Hardly true. Example: my SSD (intel 320 line) encrypts everything on disk. It stores the encryption key in a secured portion of the hardware. And that key is encrypted/decrypted with a user-entered string on bootup via the bios.

The phone could easily require the user to enter the PIN once on boot-up to unlock a key which is used to store passwords. That would prevent your phone from downloading email until the first time you've unlocked it after boot. It would still be a huge step up in security over storing it in plain-text with the rest of the user data.

Re:Trusted Platform Module

[julesh]

The phone could easily require the user to enter the PIN once on boot-up to unlock a key which is used to store passwords. That would prevent your phone from downloading email until the first time you've unlocked it after boot. It would still be a huge step up in security over storing it in plain-text with the rest of the user data.

1. Users don't expect PIN resets to wipe their data. Forgotten PINs are a relatively frequent occurrence, meaning that this would represent a huge inconvenience.
2. It's not that huge a step up. Recovering it from the data requires either (a) root access on a running phone or (b) physical access to the hardware to probe the device's flash using JTAG. If you have (a), you could recover the key from memory anyway using /dev/kmem. If you have (b) and the phone's still running, you can probe its RAM using JTAG and recover the key that way. So this would only help on phones that have been switched off since last used, which is to say a small minority of those that are likely to be interesting to would-be attackers.

Password system's fault

[Superken7]

I would not blame this on Android's fault for the same reason many others have noted.

However, if this system is so insecure, why not use something else? I agree that standard mail-based servers have no choice, but maybe other services would be able to use other authentication systems such as token-based (OAuth style) or some sort of host verification procedures (using public-key cryptography, just like with SSH) instead of using the insecure password-based authentication mechanism.

Again, I understand that this is not possible for a service that only supports passwod-based authentication, but maybe Google could have provided a way of trusting them with your password (as in storing your passwords in their servers) and using a more secure authentication scheme on the smartphone--goog servers link.

Re:Password system's fault

[Tom]

The entire point of this kind of password storage is to remove user interaction.

Which at the end of days, no matter how you skin the cat, means that the phone must contain all the data it needs to authenticate itself to the server and access your e-mail account.
So no matter what solution you come up with, it will break at this point.

Yes, there are challenge-response or hashing ways that gain you one thing: Someone cracking your phone can access your mail, but he doesn't know the password itself, only its hash or response. That can be useful if you tend to re-use passwords (and honestly, who doesn't?).

A tiny step forward would be multi-password authentication. AKA I don't have one password that will unlock my account, but several (or as many as I want). That way I could give my desktop computer one, and my phone a different one. Now if my phone gets stolen or cracked, I don't have to change all my passwords, but only invalidate the ones that were on the phone. That would be a small convenience step, but no change in security (the effect of multiple passwords on brute-forcing, hacking, etc. is negliegable - so you're now a 5 in 25752 trillion instead of 1. Big deal)

Re:Password system's fault

[swalve]

No, the phone could be a Blackberry, and the passwords would not be on the phone.

Re:Password system's fault

[gl4ss]

you guys are suggesting to make the phone a thin client terminal, in that case some credentials would be stored anyways there. anyhow, many, man phones from many, many vendors have sqlite db's full of juicy shit. anyways, the sqlite db itself should be user level protected on the android device itself, so if you or others don't root it, regular apps don't get to steal your passes --- this is the big deal really why this would matter. imagine if any application you let read files could read your email/g passes. that would suck. now any app can just read MOST of the stuff on the phone :).

Re:Password system's fault

[Superken7]

Yes, I know that the point is to remove user interaction, that was also my point :)

If its insecure, then I would rather have no password at all be stored in the device, and instead have a token like you suggested, and like most modern authentication systems work.

However, many standard services don't have the notion of tokens and still work with passwords.

At first glance, it would seem like for those password-based systems you either store the password in the device or forget about removing user interaction. However, I was suggesting a third option: You trust someone (google in this case) to act as a man in the middle and store your passwords so you don't have to store them in your own device. This middleware would then provide the password to the password-based system the user wishes to access, like POP3 mail for example. The communication between the user's device and this middleware would be done with a more modern (token-based, for example) authentication mechanism. This way, you would still be able to access a password-based service (like POP3), remove user interaction (no asking for password every time you want to check mail), *and* you would not need to store this password in your device, since its using a different, more secure auth mechanism (token-based for example).

Re:Password system's fault

Unless they won't still be needed in plain-text at some point - it's not just useless, it's really dumb.

Basically, you're leaving your passwords in tender care of some unknown people hoping they won't accidentally or malevolently fuck up the security.

Y-yeah, sounds like a great idea all around.

Re:Sorry, disagree that SHA/MD5 is a solutionj

[pnewhook]

Yup. Blackberry is the same way. Phone is never really 'off' unless the battery was pulled.

Yawn

They only found this out now?

No SSL - that's the real problem

[Artem+S.+Tashkinov]

Using public WiFi spots is a much more dangerous issue, since a lot of websites still don't employ SSL encryption of the traffic and your POP3/IMAP/HTTP credentials can be easily eavesdropped.

Like it's mentioned earlier not storing passwords in an open or reverse encryptable form is not possible, since your Android device has to supply plain text password to many Internet servers.

Re:No SSL - that's the real problem

[Haeleth]

Using public WiFi spots is a much more dangerous issue, since a lot of websites still don't employ SSL encryption of the traffic and your POP3/IMAP/HTTP credentials can be easily eavesdropped.

That's not a problem Google can solve.

Protecting my passwords from people who steal my phone is a problem Google can solve.

Please don't divert attention from an easily-solved issue just because you think some other thing is more important. Or I might just ask why the fuck you're wasting time on Slashdot instead of working night and day to eradicate hunger and disease, which are clearly far more pressing issues than people eavesdropping on you when you use public wifi.

Like it's mentioned earlier not storing passwords in an open or reverse encryptable form is not possible, since your Android device has to supply plain text password to many Internet servers.

Yes, it's totally impossible to protect data at rest. All those companies selling full-disk encryption to governments and businesses are clearly selling snake oil. Truecrypt is easy to break and Bruce Schneier is an idiot, right?

Or maybe it's actually trivial to encrypt data, and while many users might choose not to use it or might choose extremely weak passwords for the encryption, it would still be better than nothing.

Re:No SSL - that's the real problem

[Superken7]

Every time you want to access your encrypted data, you need to supply a secret key/password.

The whole point of Android to store the password is NOT to ask you every time for it. Any full-disk encryption solution, Truecrypt or any other, is totally useless if you skip the step of the user entering the password for unlocking the data, because you would then be storing the password - you guessed it - in plain text!

Re:No SSL - that's the real problem

[canajin56]

Your solution to "passwords are stored plain text and can therefore be stolen by a Trojan Horse running as root" is "encrypt them and prompt the user for a password each time they use their saved password?" Do you not understand the concept of a saved password? Your alternate solution of full disk encryption does not work because the disk is decrypted by the user turning their phone on and unlocking it, and so the Trojan Horse will have free rein regardless. It protects the user only in the specific case that their phone is stolen while off. Right now if that happens the thief could root it and then get at the files, but with full disk encryption they could not.

There's useless, and then there is USELESS

[SuperKendall]

And where does the iPhone store the encryption key protecting those passwords? On the device? Makes it a little bit useless then.

As that article notes, you need physical access to the device. Not just being able to run software n the device, actual physical access to pull out the system keys.

You are trying to equate that to storing password in plaintext in a database that any app can just copy and send anywhere?

Re:There's useless, and then there is USELESS

[icebraining]

Where did it say that any app can copy it? They can't - it's stored in /data which is off limits to any app, unless you've rooted the phone.

Re:There's useless, and then there is USELESS

Rooting an Android phone doesn't break the security model either. It's not like apps suddenly run as root by default.

Re:There's useless, and then there is USELESS

[growse]

Apps can't read the database on non-rooted phones. So yes, you need physical access so you can root the phone first to get at the data.

Re:There's useless, and then there is USELESS

[Barefoot+Monkey]

They can't - it's stored in /data which is off limits to any app, unless you've rooted the phone.

Which as many Android enthusiasts point out is terribly easy to do. While it does not affect every user it affects huge subset of users.

On the iPhone, even if you've jailbroken it there's no such weakness thanks to the Keychain. Jailbreaking allows side loading, it does not break the entire security model and expose things as basic as email passwords.

No such weakness? What weakness are you talking about? GPP did not imply that rooting the phone causes /data to cease being off-limits to apps.

Re:There's useless, and then there is USELESS

Rooting doesn't break the security model either. Users granting root access to software from untrusted sources does.

Re:There's useless, and then there is USELESS

On a rooted android phone, you need to explicitly give apps root access, which can either be on a per-session basis or a per-app basis. I am rooted, but only a select few trusted apps (WiFi tether, Titanium Backup, etc.) are given root access.

Re:There's useless, and then there is USELESS

If you've jb / rooted / run-as-admin on any device (including desktop OSs), then you can easily sniff out encryption keys in RAM, capture keypresses for password entry, brute force any passwords without failure delays (bad password timeouts) and access running program states.

Just because it can grab your passwords immediately doesn't mean squat. Malicious users wouild simply drop a program in memory and remotely wait.

Re:There's useless, and then there is USELESS

Unlike jailbreaking where an app can detect that by writing outside of its space, rooting does not change the security model of Android at all. Yes, rooting is detected by some apps because they check for the presence of /bin/su.

Of course, if an app asks for root access and the phone user approves it, all bets are off. However, if an app asks for su rights without some obvious reason (such as backups, ifconfig, or functions that the user explicitly downloaded it for), it becomes very suspicious, and it won't be long before the app starts getting bad feedback about it and reported to Google. Programs that do use root (Titanium Backup and DroidWall are examples), are scrutinized heavily by the Android community.

Android has an advantage in this department. Its security model doesn't completely get shorted out if a user has full access to the phone.

Re:There's useless, and then there is USELESS

[chrb]

Which as many Android enthusiasts point out is terribly easy to do. While it does not affect every user it affects huge subset of users.

In Linux a process will only run as root if you run it as root. A random process will not suddenly start running with root priviledges just because you enabled root logins (which is all that "rooting" does).

On the iPhone, even if you've jailbroken it there's no such weakness thanks to the Keychain. Jailbreaking allows side loading, it does not break the entire security model and expose things as basic as email passwords.

Apparently that is not true. According to this, you can access Keychain passwords if you have a jailbroken phone: "The attack works because the cryptographic key on current iOS devices is based on material available within the device and is independent of the passcode." Well, that is pretty much the same as Android. Encryption isn't much use if the key is stored or derived from data on the device.

Re:There's useless, and then there is USELESS

[chrb]

As that article notes, you need physical access to the device. Not just being able to run software n the device, actual physical access to pull out the system keys.

You might need physical access to jailbreak it. Or you might not - there have been remote jailbreaks before. You don't need physical access to run software once you have jailbroken the phone and installed a backdoor. Note that in the Wired article they use SSH to retrieve the decrypted disk data.

Re:There's useless, and then there is USELESS

[downhole]

Even more than that - the standard rooting setup for Android phones is to install a command-line and graphical sudo utility. Individual apps don't have root access normally, just the access they already applied for. When an app asks for root access, the Superuser app pops up a dialog asking the user to confirm. So to get the data, you'd have to root the phone and then either connect it to a computer or install an app and manually give it root access. Sounds secure enough to me.

Re:There's useless, and then there is USELESS

[dudpixel]

Even if your phone is rooted, an app needs to request root permissions before it is granted them. If you run an app and it asks for root permissions, you'd be stupid to say "yes" unless you explicitly trust the app (and expected it to need root permissions).

The exception is if there is a software flaw that allows an app to gain root access, but I'd suggest this would affect non-rooted phones equally, if such a flaw were to exist. I should note there are no known flaws of this kind.

Bah

My password already looks like it's encrypted.

get a clue

[Tom]

I'm sure most would agree encrypted password data in at least SHA or MD5 would be kind of a good idea!"

Yeah, because SHA1 and MD5 are one-way hashes which are just great if you actually, you know, need to know the password so you can tell the mailserver.

When I started reading /., one of the reasons was that the editors had enough of a clue to weed out submissions from people who had not the slightest idea what the fuck they were talking about. At that time, /. stood out from the mainstream publications, who generally didn't employ geeks and the normal journalist had to ask his geek friends about what this "HTML" thing he noticed at the end of every webpage address was.

Please. One thing we really don't need more of is people with half-a-clue meddling in security and giving advise. For us security professionals, the clueless secretary is not our worst enemy. She at least knows she knows nothing and will listen to us. Our worst enemy in the company environment is the self-proclaimed power user who think he knows what he's doing, but is in fact only messing things up. And because he thinks he's smart, he won't listen to the security department.

Now yes, there are better ways than storing the passwords in plain-text. Encrypting them would help. You'd think. But in order to decrypt them, you have to have the key. Which means you have to store it on the phone. Or in other words: Right next to the database.
So encrypting the sqlite data would be the equivalent of having a really good lock on your door, and hanging the keys on a nail right next to it. Anyone who breaks your phone enough to get the sqlite file will also be able to get the key file the same way. All you're doing is making everything more complicated and wasting CPU cycles on pointless crypto.

Re:get a clue

[damfol]

Whatever bad aspects of Slashdot your post highlighted, I definitely learned a lot from your post. So, thankyou, and don't give up yet.

Re:get a clue

You assume the most stupid implementation (key stored unprotected on disk) one can imagine and refute it. Wow, what an achievement.

The key can be stored on disk and unlocked by the user (passphrase, gesture, etc.). This would actually improve security.

Re:get a clue

Give this man ./ admin privileges. Google's response was clear, appropriate, correct, undeniable, and *not* newsworthy.

Re:get a clue

The key can be stored on disk and unlocked by the user (passphrase, gesture, etc.). This would actually improve security.

But that would not provide the intended functionality, which is to have the phone automatically log in to various services without user intervention.

Obviously, if the user was required to enter the passphrase, this would increase security. However, it would also be seen as a complete annoyance. Arguably, it would even be pointless. If they have to enter something anyway, they might as well just enter the password, rather than entering a passphrase so the system can read the password.

Re:get a clue

[Tom]

The key can be stored on disk and unlocked by the user (passphrase, gesture, etc.). This would actually improve security.

If the user needs to input a passphrase to unlock a key which then decrypts the password with which he logs into his mail account - doesn't that kind of defeat the whole purpose of storing the password in the first place, namely that the user doesn't have to repeatedly enter it?

This is why I rail on people like you. You come up with complicated solutions that leave the root problem unsolved, and only add more complexity which creates more security problems (now you also have to worry about your key, the decryption routine, in-memory storage of both key and password, etc. etc.).

Re:get a clue

Now yes, there are better ways than storing the passwords in plain-text. Encrypting them would help. You'd think. But in order to decrypt them, you have to have the key. Which means you have to store it on the phone.

They should invent some form of encryption where the key doesn't have to be stored with the cyphertext, where the user could enter a decryption password or something.

Re:Sorry, disagree that SHA/MD5 is a solutionj

[Flyerman]

yep, and you can't turn it off and then pull the battery. You have to pull the battery while the phone is on.

wtf

Did they take so many days to figure this out? I mean, Android was open source.

The issue with reversible encryption...

[Sits]

The problem is "keyless" (no password or secret bits needed) encryption doesn't actually add any real security because the passwords have to be accessed without being "unlocked" first.

What do I mean? Imagine you protect the password database with a single password (e.g. the unlock code). Now swiping the password database wins me nothing because it still needs unlocking. Now imagine I have a desktop with password-less autologin - my choices are now complicated. I must either

• Prompt the user the moment I need to access the password database
• Store the users password in a form that it can be derived using information on the filesystem
• Store the database unencrypted

• The first one is unweildly for a phone (does an unlock code really provide enough bits to securely lock the database?). The second and the third are effectively the same. In fact the second case reminds me of the old password database from Netscape where if you swiped the password database and a key file you could find out the real passwords.

The Fix

Why not use a cookie sort of system like web browsers use? When I sign into yahoo email it will keep me signed in, but the browser isn't storing my password in browser history. The email protocols would need to be changed to support this though.

Re:The Fix

The email protocols would need to be changed to support this though.

Good luck with that.

Less than worthless article

[MisterJohnny]

MD5 and SHA1? Are you serious? If they were in-fact stored as MD5 or SHA1, than those hashes would need to be sent to the mail server...in which case they are vulnerable to a pass-the-hash attack and would be just as effective as if they were in plain-text! In order for someone to get into your phone's SQLite database, it would involve stealing it and than running forensic tools until they found the database itself. And anyone here who assumes that there wouldn't be tools provided to decrypt any kind of potential Android e-mail encryption is fooling themselves.

from tfa

A Android user complain that , All passwords are stored in plane text on Disk via a message on discussion board of Android.

so you see, it's not storing in "plain" text but in "plane" text which is completely different
obviously

This is how all the hacks occur...

[Eirenarch]

People like the submitter and the ones who filed the bug are the reason hacks occur all the time. They think they know something about security and they've heard that plain text passwords is bad but they have no idea how and why they are bad. These people go and implement "secure" systems that get hacked. Encrypt the password on the same device that has the encryption key and then think it is secure

Re:This is how all the hacks occur...

What nonsense. Don't assume anyone except you being an amateur.

Re:This is how all the hacks occur...

[That+Guy+From+Mrktng]

Lurking in the Android 1.6 filesystem I found some config files that store the WIFI passwords in plain text, Shocked? not really, Would I trust my Credit card info or server passwords on a smartphone? No way, not yet. But certainly there should be a way for the data to be not so obvious to retrieve. Was I using some sort of sniffer or forensic tool? nah just root explorer. No system can be 100% secure but please rise the bar a bit.

Re:This is how all the hacks occur...

[bWareiWare.co.uk]

How dose your desktop computer protect your WiFi/server passwords?
A computer either knows your credentials or it don't. If you have root access then any talk of security is moot.
Yes the are protocols (Kerberos) that dramatically limit the value of any stored credentials, but Google can't force them onto POP3 servers (which often still send the passwords over the network plain-text).

Didn't imply, stated directly

[SuperKendall]

What weakness are you talking about? GPP did not imply that rooting the phone causes /data to cease being off-limits to apps.

From the GPP:

it's stored in /data which is off limits to any app, unless you've rooted the phone.

If that's inaccurate start by correcting the person I responded to, not me.

Re:Didn't imply, stated directly

[icebraining]

No, I did not. The negative of being off limits to any app is not being accessible to all apps.

When you root, it can still be off limits to any app as long as you don't run any app as 'root'. It doesn't break any security model more than having an admin account breaks the security for normal user accounts.

Re:Didn't imply, stated directly

[exomondo]

If that's inaccurate start by correcting the person I responded to, not me.

That is accurate though because if you haven't rooted the phone you cannot run an app with elevated privileges and just because you've rooted the phone doesn't mean everything runs with elevated privileges, it just gives you the ability to do that.

Re:Didn't imply, stated directly

[Barefoot+Monkey]

From the GPP:

it's stored in /data which is off limits to any app, unless you've rooted the phone.

If that's inaccurate start by correcting the person I responded to, not me.

The person to whom you responded is accurate, as far as I know, but "it's stored in /data which is off limits to any app, unless you've rooted the phone." still does not imply that rooting the phone causes /data to cease being off-limits to apps. You're drawing a false conclusion.

The Thread on protection, a link

[SuperKendall]

The link to the thread on Android SD protection did not work before so here it is for completeness.

Where then is it?

[SuperKendall]

1. Lack of encryption was a complaint due to the fact that backups to the laptop happen automatically and is not encrypted by default

If that was an issue where do Android backups go if you synchronize them to a computer?

It seems like it's kind of hard to do a full system backup, but for those that do would not the database be exposed on the computer you are backing up to?

Re:Where then is it?

[Superken7]

You don't. Everything relevant is in the cloud. In Android no such scenario even exists.

While there are ways of syncing stuff, no user usually connects their Android phone to their computer, especially not for doing full system backups (thats only possible for rooted users, if I'm not mistaken, so go figure)

But anyways, thats comparing iOS and Android again... even if Android did, that would still be something people could be criticizing of iOS (and Android, but thats not the case).

sqlite is a crime

sqlite is a crime. Linus should just hard code it into the kernel; the quality fits.

It matters

[SuperKendall]

Why does it matter?

1) Anyone doing full system backups is probably also copying this database on to a computer, where anything could read it.

2) Storing core passwords out in the open implies there is no system framework to store secure credentials. That means in turn any application storing a username/password would be probably storing it in plaintext in the application directory. If that application directory is on an SD card, anything could read it.

Long passphrase: Feature, not a bug

[SpaceLifeForm]

I will recommend the Android Pro to all my drunk-dialing and drunk-texting friends.

FFS!

"I'm sure most would agree encrypted password data in at least SHA or MD5 would be kind of a good idea!"

Why do I even come to slashdot?!...
I started reading slashdot for the articles/submissions... Then when the submissions went to shit, I read it for the comments... Now the submissions suck even more and all the comments just state that fact...

I think it's time for a break from slashdot! - afterall there are a lot more useful sites with 'REAL news for nerds' on it!

Re:Agree, terrible danger in lack of system Keycha

[hax4bux]

I develop for iOS and Android, and I am responding to your point about "twitter app directories".

I have produced only a single app which used twitter/facebook (I usually write enterprise apps), so I might have this wrong.

Twitter and Facebook both rely upon oauth, and both of these services provide libraries/jars for access. I think storing/caching a raw password is actually a ToS violation. I know my app doesn't store the password.

HTH

Owner override

[tepples]

TPM itself isn't evil. It can be put to good uses also.

TPM with owner override can also be put to good uses, but the TCG has refused to implement it.

Re:Sorry, disagree that SHA/MD5 is a solutionj

[pnewhook]

you say that like its a bad thing

Re:Agree, terrible danger in lack of system Keycha

[SuperKendall]

That's a good point, although Twitter did not used to require OAuth...

But it stands for any other application that is holding credentials. I know I've used the keychain in a number of applications to store credentials.

Anyone who use SHA or MD5 for passwords

[nedlohs]

that they are storing to use to login, to say a mail server, is an idiot (or I guess running on a super computer or ten). Only beaten in the idiot stakes by someone suggesting it would be a good idea.

Re:Agree, terrible danger in lack of system Keycha

[flonker]

The premise is that if you have access to the keychain, you can decrypt the stored passwords. The keychain is, as you say, just another layer of security. It adds complexity to the system, making it harder to get the password back out, but it doesn't add any security; if someone has access to the keychain, it only requires a token amount of additional effort to acquire the password.

"Secrets are fragile; once they're lost, they're lost forever. Security that relies on secrecy is also fragile; once secrecy is lost there's no way to recover security. Trying to base security on secrecy is simply bad design. "
Bruce Schneier

More than a token amount

[SuperKendall]

The premise is that if you have access to the keychain, you can decrypt the stored passwords.

The Keychain has been around forever on the Mac and is a pretty advanced system for securing important data. It's more than just a single layer of security, it's a true security framework with many layers.

It can for instance require a passcode plus a salt. Please read through the extended details of how the iOS keychain works.

If you have set data to require the device to be unlocked, then if the user has a passcode having the hardware itself even means very little to you in terms of unlocking - you'd still have to crack it as if you knew nothing about the passcode because it's not on the device.

Hash functions in encryption

[jvonk]

SHA and MD5 are hash algorithms, there's no way to recover the actual password from a hash.

Interestingly, this is not universally true: hash algorithms can be used for encryption in certain block cipher modes. This was explained to me by user Goaway in this comment.

I concur that the submitter was completely off base referencing the use of hash algorithms in the context of stored passwords within a SQLite database. However, I believe the potential for nonstandard use of one-way hash functions for encryption to be quite interesting in a "thinking outside the box" sort of way.

SHA/MD5 != encryption.

[kuzb]

It's hashing, not encryption you illiterate fucking morons.

Fuck you slashdot, you should know better. More than that, if my fucking mail password is hashed, it can't be passed to the servers. Slashdot is such a flaming piece of shit these days.

Just use javax.crypto

Since Android has access to the Javax.crypto API, just use it to encrypt the password before putting it into the SQLite DB. The SQLite DB interface in Android has an 'sql builder' interface, but the most useful way of doing things is using SQLiteDatabase.execSQL() which you can use to run any SQL rather than the crippling SQL builder type classes which can't do complicated joins etc.

Anyway, here is an example of using javax.crypto: http://exampledepot.com/egs/javax.crypto/DesString.html

Re:Sorry, disagree that SHA/MD5 is a solutionj

[Lachlan+Hunt]

WTF? How does it possibly stop you from removing the battery when the phone is turned off? Isn't the battery held in with some sort of mechanical latch, with either a slider, something to depress to release the hooks, or similar? Which blackberry model are you talking about specifically?

Re:Sorry, disagree that SHA/MD5 is a solutionj

[Flyerman]

The effect isn't the same. You'll get a better reset by pulling it while it's on. I'm discussing all models, I speak with RIM Support fairly often, you see...

What abou the PIN number?

I agree with all the one way hash arguments, but why couldn't they make an option to encrypt it with the PIN you already enter in to unlock the phone? Added bonus points for doing what Blackberry does and also encrypting it with the serial number of the device. Google really just needs to offer whole disk encryption. I know that both iOS and Blackberry now offer these features, I don't see why Google doesn't. As for the CPU cycles argument throw in a crypto chip to lower the power requirements and offload the power from the main CPU. What this guy is saying (while clueless) is still a valid problem. It would be nice in corporate environments to offer these features. Until Google offers whole disk encryption, I don't see them as a valid contender in the enterprise market.

Disclaimer: I own a Droid 2, and really do like it.

It is a mobile phone, use SMS tokens for passwords

I have signed up for Google 2 level encryption, this means that when I need a password (to check my email for example) I have to key in my password (something you know) followed by a text token sent to the phone of my choice (something you have).

If you don't have access to your nominated phone there are other ways to obtain a token (you can ask Google to call you instead, an automated voice reads the token to you), failing that I have a series of valid tokens for emergencies, printed in an unmarked piece of paper (since the password in my head is still used the tokens can't be used on their own to access my account).

There is no reason why applications in Android phiones could not receive text tokens automatically in order to allow login.

Easy fix

If you are concerned about email security, use a BlackBerry.

Re:Agree, terrible danger in lack of system Keycha

[julesh]

You didn't actually read that thread, did you? Applications stored on the SD card are stored in an encrypted filesystem that's loopback mounted. The key stays on the phone, so the threat model you suggest doesn't work.

Yes, the external storage APIs don't provide security, but guess what: those APIs are intended for storing and accessing external files, i.e. stuff that's supposed to be public. Even with SD-based apps, the databases maintained using the system standard database API are secure.

Re:Agree, terrible danger in lack of system Keycha

[SuperKendall]

Applications stored on the SD card are stored in an encrypted filesystem that's loopback mounted. The key stays on the phone, so the threat model you suggest doesn't work.

I did miss that part (I read through much of the earlier thread).

But it still doesn't stop an attack from another application accessing data from that mounted SD card on the device (which was always the greater danger anyway).

Google now supports two factor authentication.

I enabled two factor authentication for my google account. I had to download a android app that generates new random 6 digit codes every 30 seconds. But for applications that don't support the extra code, google lets you create application-specific passwords. If I understand correctly, one one of these is used for one purpose they can't be resized for another.

Rely on the SIM card

[gr8dude]

A mobile phone has a SIM card inside; a SIM is a smart card, a tamper-proof device designed to store sensitive data.

If the password is stored on the SIM card, the phone could retrieve it from there, instead of storing it in its own memory. A SIM card can be PIN-protected, so effectively the PIN needs to be entered once - when powering up the phone.

This does not completely resolve the problem - if someone steals a phone and keeps it on, they can retrieve the password. However, a [smart] thief turns the phone off after stealing it; once they do that, they'll have to enter the PIN again when powering up the phone.

Now, the only problem is that many people have their SIM PINs disabled; but at least in this scenario you have some control and you can increase the level of security with little effort.

Note: the structure of the file system of a SIM card is defined in GSM 11.11 (for 2G) and there is a standard for 3G cards as well. There is no possibility to create new files on the SIM (it is not in the personalization phase anymore), so you'll have to keep the data in other files that are readable with PIN1, such as EF ADN or EF SMS (phonebook, SMS archive) - as modern phones don't use those files anyway. An alternative is to influence the ETSI, 3GPP and others involved in maintaining the specs and have this file for password storage added in the future versions of the spec.

device level encryption

http://www.whispersys.com/whispercore.html

iOS method

[BadPirate]

SHA/MD5 are not alternatives (already mentioned above) as they are one-way.

Real alternative is to have a standardized global keychain (like implemented by iOS), which doesn't offer extra security when there is no pincode set (other then obfuscation), but offers at least one additional layer with a password or pin-code actually set. (not to mention, with pin code enabled there is a free layer of hardware encryption enabled as well).