Security data

1User
1User
Community Member
I am seriously worried about the security of my data. If you connect to a iOS-device via iExplorer, you can get a Confidentiality data: host headers (there is a login) and cache sites. Please make a new version:

1) To be able to fully encrypt all data on the master key, without the use of PIN
2) After the close of the application to clean Cache.db

Comments

  • jpgoldberg
    jpgoldberg
    1Password Alumni
    Hi,

    That is a great observation. There is a lot of confusion about what can and can't be seen with iExplorer. You are safer than things first appear, because the most likely circumstances under which a bad guy gets hold of your device, iExplorer (or similar tools) won't work even though you see it working seemingly without restriction.

    If you plug in a locked device into a "new" computer, you will be prompted to first unlock your iPhone or iPad. So if someone steals your iPhone, they can't just plug it into their own computer and get at everything. The vast majority on the phone will remain encrypted with the hardware device key.

    However, once you have connected to iTunes on the desktop and unlocked a device, then iTunes will be granted an escrow key that allows decryption of the device and for tools like iExplorer to work. So this means that if you share a computer with someone, and they get hold of your device, then they may be able to see everything with iExplorer.

    In my opinion, Apple has made a security blunder here. The stored "escrow key" used by iTunes should be specific to a particular account on the desktop, but at least on the Mac once a device is unlocked when connected to iTunes for one user, it is unlocked for all.

    We've discussed this issue on our blog at

    http://blog.agilebits.com/2012/04/06/oauth-dropbox-and-your-1password-data/

    The relevant paragraph says,


    There is, unfortunately, one further complication. iTunes will automatically unlock the device for any user account on the same computer that the device has previously been unlocked on. That is, if Alice and Bob both have user accounts on the same Mac, and Alice has at one point entered the her passcode on her iPad to allow syncing, then Bob will be able to gain access to most of Alice’s iPad simply by using iTunes in his account on the Mac. What is worse is that Bob’s account on the computer can also be a guest account, and he will still have access.


    Considering that there are circumstances where the kind of data you are concerned about can be exposed, we do need to keep your suggestions in mind. It would be great if we could rely on device passcode security for things like Cache.db, but we do have to be aware of this iTunes-unlock mechanism in our design.

    I can't promise a full solution any time soon, but we are very aware of when this sort of data can and can't be exposed. As you see, it isn't actually simple.

    Again, thank you for your comment, and please continue to keep in eye on such things and report any security (or other) concerns you may have.

    Cheers,

    -j
  • 1User
    1User
    Community Member
    Thank you for your extended comment. Yes, I know how the pairing with itunes and I use hardware encryption iphone. But I am concerned that my password iphone can see or write to the camera. I care about this title to login 1P. Please make optional full encryption of all data in the 1P, it is a big security issue about which ordinary people do not know and have complete trust in your program.
  • jpgoldberg
    jpgoldberg
    1Password Alumni
    1User wrote:

    I care about this title to login 1P. Please make optional full encryption of all data in the 1P,


    Ah. I misunderstood what you were asking about. Yes, I can promise you that the Titles and URLs of 1Password items will be fully encrypted in 1P4. (Some metadata, such as last modify time, will still remain unencrypted.) We committed to that more than a year ago (despite our reluctance to talk about future versions). It has been taking time, as, among other things, it involves major redesign of the data format and how information is located and retrieved.

    it is a big security issue about which ordinary people do not know and have complete trust in your program.


    It is true that the "lock/unlock" metaphor makes it appear that either everything is encrypted when the data is locked and that everything is decrypted when the data is unlocked. Neither is actually true when you look behind the scenes. We've always documented the fact that some information remains unencrypted, but you are correct that for most people the over all impression remains incorrect.

    We certainly don't want people making security decisions based on incorrect impressions, so this is definitely a reason for our data format redesign. I won't make any promises about release dates, but I can tell you that work on 1P4 has been intensive. This is all seeing very very active developments.

    I hope that I've properly understood and addressed your concern here. If I haven't please let me know.

    Cheers,
    -j
This discussion has been closed.