A vulnerability in such a sense could lead to private data being used in court cases against individuals, destroying Keybase’s reputation as a secure and private communication platform. For example, keybase is presenting itself as a secure end-to-end encryption solution. In addition, there are legal ramifications to such storage of information. A user, believing that they are sending photos that can be cleared later, may not realize that sent photos are not cleared from the cache and may send photos of PII or other sensitive data to friends or colleagues. In non-technical terms, this means that conversations between individuals or groups within the app shouldn’t be persistently stored unencrypted on disk.Īn attacker that gains access to a victim machine can potentially obtain sensitive data through gathered photos, especially if the user utilizes Keybase frequently. Keybase is known as an End-to-End Encryption (EE2E) Communication Application. Normally, cached and cleartext photos wouldn’t be considered a vulnerability, but in the instance of Keybase, it is. Specifically, the image of the skull above was sent to John Jackson by Robert Willis, and Robert had deleted the image – yet it remained behind in the Cache. The vulnerability was quickly replicated on Windows by navigating to the Roaming folder of the AppData directory:Ĭ:\Users\usernamehere\AppData\Roaming\Keybase\Cache It was easily seen within mac because of the fileviewer functionality, but on windows a user has to change the file extension from its native extension to. In other words, a user could send a photo to another user via a private conversation, and click on the “delete” or “explode” button and the photo could still be recovered via the “Cache” directory due to the insufficient cache clearing issue/lack of encryption of the content. In addition, the directory even included images that other users had sent us. The issue was similar in the sense that images were also being stored in this directory, unencrypted, however – the amount of images stored were far more in quantity than in the “uploadtemps” directory. ~/Library/Application Support/Keybase/Cache Sakura Samurai began to investigate further and that’s when a similar issue was discovered within the “Cache” directory of the Keybase Client for macOS: Users/usernamehere/Library/Caches/Keybase/uploadtemps Additional Escalation Robert investigated the issue further while Cottle
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |