Lose your laptop? Change all passwords, pronto
Stanford University researcher shows how to bypass Windows' built-in encryption that Web browsers, instant messaging clients, and other programs used to store user passwords.
LAS VEGAS--If your Windows laptop is stolen, be warned: new research shows how a thief can gain access to the passwords used by your Amazon.com, Google, Yahoo, Facebook, and other Web accounts.
The passwords for accounts in the cloud are supposed to be protected by Windows' built-in encryption. But a team of security researchers demonstrated at the Black Hat security conference here how last week to bypass the operating system's security.
A thief--or someone unconcerned with the finer points of federal hacking laws--can take advantage of the vulnerability to discover the passwords stored by Web browsers and other programs like instant messaging clients. So can police using electronic forensics to analyze a computer seized during a criminal investigation or without a warrant at a national border.
"It's not just your data on the computer, but everything you have in the cloud, including your Facebook account, your Gmail account, and so on," Elie Bursztein, a postdoctoral researcher at Stanford University who also , told CNET. Ivan Fontarensky, Matthieu Martin, and Jean Michel Picod collaborated with him on the research.
The team has released a open-source utility to perform this decryption, which they call OWADE, for Offline Windows Analyzer and Data Extractor. It runs on Ubuntu, a Debian-derived Linux distribution, and is designed to decrypt information stored by the four major Web browsers and instant messaging clients under Windows XP.
Here's how it works: Windows offers a built-in encryption feature called DPAPI, part of the Crypto API, which allows application developers to store sensitive data in scrambled form. Microsoft describes as allowing any application to "secure data without needing any specific cryptographic code other than the necessary function calls to DPAPI." (API stands for application programming interface.)
That's a useful feature to have--assuming it's designed and implemented well.
What Bursztein and his colleagues found are security vulnerabilities in the way DPAPI was created. For instance, the list of possible passwords in many versions of Windows is unusually small, about 7 trillion possibilities, and can be pre-computed.
A Microsoft representative said the company would have a public response later today.
Another vulnerability they found is in the way passwords for Wi-Fi networks are encrypted and stored. (In Windows XP, they're in the system registry. In Windows 7 and Vista, they're in both the registry and an XML file.)
Different browsers, they found, store passwords for Web sites in different locations with varying amounts of security precautions.
"I'm very sad to say that Firefox is the worst for offline security," said Bursztein, who uses that browser himself.
Internet Explorer turns out to be the most secure. If you don't know the exact Web page, you can't recover the password.
Instant messaging clients also offer differing levels of security. They found Skype uses custom encryption for passwords and rated the difficulty of decrypting or bypassing it as "extreme." If the Skype password is sufficiently strong, they said, it can't be discovered.
Google Talk's Windows client uses DPAPI and is rated as "hard" to penetrate. Microsoft Messenger gets a verdict of only "medium," with details varying based on which version is being used.
Even worse: aMSN, an open-source MSN Messenger clone; 9talk; Trillian; and Pidgin.
Bursztein's recommendation, after doing all this work? "The mechanism that's in place in Windows to protect your data can be easily bypassed. The only real alternative for you is to encrypt your disk if you don't what your account compromised."
Update 7:28 p.m. PT: I've received a response from Microsoft, which passed along the following statement from Pete Voss, senior response communications manager, Microsoft Trustworthy Computing. It doesn't address the vulnerabilities directly, and instead appears to simply suggest that full-disk encryption with BitLocker be used instead:
Microsoft BitLocker can protect data from malicious third parties that have unrestricted physical access to a computer by protecting the data with full volume encryption. BitLocker encrypted volumes can be configured to require multiple forms of authentication (e.g.: PIN, TPM) before a volume becomes accessible which prevents attacks that can occur when an operating system can be loaded without authentication by an authorized user.
The Data Encryption Toolkit (DET) provides additional information and tools for Encrypted File Systems and BitLocker. The latest information on how BitLocker can be used to protect against these types of attacks can be found on the BitLocker team blog."