KeySteal: A Vulnerability in Apple's Keychain

Presented at Objective by the Sea version 2.0 (2019), June 1, 2019, 10:10 a.m. (50 minutes).

What do your iCloud, Slack, MS Office, etc. credentials have in common? Correct, they're all stored inside your Mac's Keychain. While the Keychain is great because it prevents all those annoying password prompts from disturbing you, the ultimate question is: Is it really safe? Does it prevent malicious Apps from stealing all my passwords? In this talk I will try to answer those questions, showing you how the Keychain works and how it can be exploited by showing you the full details of my KeySteal exploit for the first time. The complete exploit code will be available online after the talk.


Presenters:

  • Linus Henze - Independent Security Researcher
    Linus Henze is an independent Security Researcher from Germany. In addition he's currently studying CS. He enjoys finding vulnerabilities in macOS/iOS and publishes them on his website [pinauten.de](https://pinauten.de/) (and [Twitter](https://twitter.com/LinusHenze) of course). His passion is fighting for a macOS bug bounty program! When he was 15, he released a bypass for Apple's newly introduced "System Integrity Protection". In 2018 he found a critical vulnerability in WebKit, tweeting "Want a free Safari 0day? Please don't do evil stuff with this." Earlier this year he became well known for demonstrating a critical vulnerability in the macOS Keychain, refusing to submit details to Apple because of a missing bug bounty program for macOS.

Links:

Similar Presentations: