Steal iCloud Keychain Secrets via OTR

August 17, 2017 by Frank Siemons

Apple iCloud Keychain

In Mac OS 8.6, Apple introduced its Keychain password management system. Still integrated into every Mac OS release since then, Keychain provides a centralized storage for passwords, network shares, notes, certificates, credit card details and many other sensitive types of data. With the increasing popularity of both cloud applications and password managers and the demand for user-friendly applications, Apple has taken the traditional Keychain system a step further. They introduced iCloud Keychain. This cloud solution keeps all Keychain data in sync between Mac OS X and iOS devices. From a user’s perspective, this is a great service, but of course, there are security risks associated with the transfer and storage of this sensitive data.

The vulnerability

As expected, the transfer of sync data between devices has been covered by end-to-end encryption. For this encryption, Apple uses the Off-the-Record protocol. OTR utilizes a combination of the AES 128 bits symmetric key algorithm, the Diffie-Hellman key exchange and SHA-1 for hashing. Because of the use of device specific keys as an additional security layer, the sensitive user data is reasonably well secured. In March 2017 however, security researchers at Longterm Security found a flaw in the OTR implementation. Simply put; If the encryption itself cannot be broken, it needs to be bypassed. This vulnerability was logged as CVE-2017-2448 and was covered with a presentation at Black Hat USA 2017 as well.

The Exploit

A key part of iCloud Keychain security is the “Signed syncing circle.” This circle is made up of interconnected, trusted devices which are all using the same iCloud account. Communication between these trusted devices in the circle is secured by a combination of a “syncing identity key” associated with each device and a key derived from the user’s iCloud password. Before a new device can join the circle, an existing device needs to approve the new member via a signature validation process. The researchers found a way to exploit a signature validation error via a specifically crafted packet. This results in the ability to establish an OTR session and when in possession of the target users iCloud password, gain access to synchronized user secrets such as passwords and credit card information. This is an important point; the attacker needs to have access to the iCloud password already as well. This password could have been obtained via a keylogger, phishing attack or shoulder surfing, but in any case, it is a requirement. This means the attack is also virtually impossible if the targeted account is configured to use 2-factor authentication.


On March 27th, 2017, Apple released the iOS 10.3 update. This update addressed the described CVE-2017–2448 “through improved validation.” This means this very same vulnerability is patched. What is does not mean though, is that similar attack vectors are guaranteed to be no longer possible.

Mobility and use of centralized cloud storage and management have taken an important place in personal and business connectivity. This requires a holistic security policy around these technologies, preventing similar attacks, regardless of any future vulnerabilities that present itself.

First, any organization allowing for the existence of company data on staff mobile devices should have a Mobile Device Management (MDM) solution in place. For staff to sign up their devices and gain access to corporate data such as intranet sites and email, users would need to hand over security control to the organization via an MDM agent. This means that for instance password policies and encryption can be enforced by security administrators before any corporate data is allowed onto the device. What it also means is that patch levels can be monitored and managed. In the case of the iOS 10.3 update, which patches the Keychain OTR vulnerability, this patch could be set as a technical requirement for devices or staff could simply be notified they need to update their device as soon as possible.

Mobile Device Management products such as Airwatch or Meraki often also offer built-in or 3rd-party host-based Malware or IPS solutions. An IPS agent can report suspicious behavior or an MITM attack on the device. When adequately monitored, such a solution could detect and prevent vulnerabilities and their exploits all the way down to the early 0-day stage.

What would have severely limited the impact of a successful exploit of CVE-2017-2448 is the use of 2-factor authentication to iCloud. This means the attacker might have gained access to an OTR session and iCloud password; this would be useless without also having access the last part of the authentication requirements; the temporary verification code, which is sent to the account owner “out of band.”

Finally, although this does not cover the particular Keychain OTR vulnerability, it is critical never to jailbreak a device or place it in debugging mode. Doing this adds a very high level of risk because malicious applications can easily gain root level privileges and take full control of the device. If available, an MDM solution should be used to monitor for such a modification and isolate the offending device from corporate data sources immediately.


High severity vulnerabilities targeting Apple iCloud and iOS are relatively uncommon. However, they do occur. With a good understanding of the risks of using the latest mobility technologies, some solid security controls can be put in place that prevents most of the risks to corporate and personal data. Whether the data is made up of personal photos and credit card information or a collection of company passwords, the underlying security principles are the same. Security controls such as Patch management, encryption, password policies and 2-factor authentication will keep most data safe and should be implemented at all times.

Posted: August 17, 2017
Frank Siemons
View Profile

Frank Siemons is an Australian security researcher at InfoSec Institute. His trackrecord consists of many years of Systems and Security administration, both in Europe and in Australia. Currently he holds many certifications such as CISSP and has a Master degree in InfoSys Security at Charles Sturt University. He has a true passion for anything related to pentesting and vulnerability assessment and can be found on His Twitter handle is @franksiemons