Yesterday a new open-source project was posted on GitHub that contains the source code for a utility to scour a Mac system's memory and list the entire contents of a targeted keychain. While this utility may raise some concern and its approach potentially be used for malicious activities, its abilities do not arise from a vulnerability in OS X.
The utility is a small C program called keychaindump that, with administrative privileges, will scan the system's active memory for the wrapper and master keys to unlock a targeted keychain file; however, the utility will work only on keychains that have currently been unlocked so their encryption keys are stored in memory.
Apple's keychains are safeguarded through several layers of encryption, but once a user logs in and unlocks the keychains, the encryption keys are stored in memory so the system's security services can access it. This is why the system can present you with a dialogue box to simply click "Allow" or "Deny" for access to your keychain, instead of requiring your master keychain password every time. The trade-off is that the password must be kept in memory, and apparently a common structure for the encryption keys in memory was uncovered, which is searched for and analyzed by the new keychaindump utility.
Once the structure is found and determined to be a proper master key, the tool uses it to reveal the next four layers of encryption to finally unlock the targeted keychain file, revealing its stored usernames and passwords, along with the services they are associated with.
The GitHub page for the project shows some example output, and in running the utility on one of my systems it clearly and quickly found and revealed all of the passwords on the system.
Though at first glance this tool's abilities may cause concern, it ultimately is not a flaw in OS X or the keychain encryption setup. To run keychaindump one must first have administrative access to the system, which can be used for numerous nefarious activities. Tech site ArsTechnica describes the ability of the keychaindump utility not as a bug with OS X, but rather as a powerful use of a legitimate technology in OS X, and aptly parallels any claims of a vulnerability to describing a meat slicer as flawed because with misuse one could cut off a finger.
The utility's developer also reiterated this to clarify the situation:
"I want to clear up some misconceptions. This is not a security bug in OS X. Everything works as designed. The point of this post was to show a post-exploitation technique and to release a tool for the job. I found this particular technique interesting because it is instantaneous, reliable across OS X versions, and requires no persistent changes in the system."
However, even though there are no bugs or vulnerabilities that have allowed the passwords to be uncovered, this tool's approach can be used to quite easily get sensitive information. Since it requires only administrative access, it can potentially be implemented into malware that requests a user supply an administrative password.
Perhaps the only problem is the identifiable memory structure Apple uses to contain the keys, but maintaining encryption keys in memory is a common approach for numerous encryption technologies for many platforms, including whole disk encryption routines like FileVault.
Recently, password recovery company Passware developed a tool similar to keychaindump that can image a Mac's memory through DMA ports such as Firewire and then reveal the encryption keys for an unlocked FileVault volume. The difference here is that while Passware has kept its code secret and charges a high price for its software, keychaindump is available as an open-source project that can be compiled and used by anyone. Furthermore, Passware's approach requires physical access to the machine, whereas keychaindump can be run remotely or if implemented in malware.
Even though keychaindump takes advantage of the memory organization of the keychain encryption and with administrative privileges can uncover a user's passwords, the true significance here is that this is the first time Apple's keychain encryption routines have been both documented and then developed into what ultimately amounts to attack code.
Currently the tool is a proof-of-concept utility and is not known to be in use in any malware. But it could easily be implemented into malware or potentially used in other criminal ways to give an attacker access to a users' online services. Hopefully Apple can update how it stores keychain information in memory to make it more difficult for utilities like this to identify a keychain's encryption keys, though in doing so it will have to weight maximum security against convenience to the end user.