Posted by on Jan 17, 2014 in Uncategorized |

Was playing around the iOS keychain on a jailbroken device and dumped it to a file using a Keychain-Dumper tool written by Patrick Toomey.

While looking through it I noticed that Google Chrome for iOS is storing all passwords synced between browsers in plain text. This is a massive security flaw. Any application on a jailbroken device could implement the same dump and upload all chrome passwords to an external server without the user knowing anything.

Generic Password
----------------
Service:
Account: 90XXXD39-9XXE-XXXX-8XXD-0DXXXXXXD45F
Entitlement Group: EXXXX8AV.com.google.chrome.ios
Label: (null)
Generic Field: (null)
Keychain Data: <plain text passcode>

Chrome has another keychain storage implemented:

Generic Password
----------------
Service: Chrome Safe Storage
Account: Chrome
Entitlement Group: EXXXX8AV.com.google.chrome.ios
Label: (null)
Generic Field: (null)
Keychain Data: ZFYwsXXXX0000000XX9gUGZkUw==

Why are passwords not also saved using the safe storage?