privsec.dev/content/posts/knowledge/ChromeOS Questionable Encryption/index.md
Tommy 365c717bc1
ChromeOS's Questionable Encryption (#222)
* ChromeOS's Questionable Encryption

Signed-off-by: Tommy <contact@tommytran.io>

* Add metadata

Signed-off-by: Tommy <contact@tommytran.io>

* Minor fixes

Signed-off-by: Tommy <contact@tommytran.io>

* Minor fix

Signed-off-by: Tommy <contact@tommytran.io>

* Update ChromeOS Questionable Encryption.md

Signed-off-by: Tommy <contact@tommytran.io>

* Update ChromeOS Questionable Encryption

* Fix link

* Edits

---------

Signed-off-by: Tommy <contact@tommytran.io>
Co-authored-by: wj25czxj47bu6q <git@wj25.xn--q9jyb4c>
Co-authored-by: wj25czxj47bu6q <96372288+wj25czxj47bu6q@users.noreply.github.com>
2024-04-25 22:32:31 -07:00

2.1 KiB
Raw Permalink Blame History

title date tags author
ChromeOS's Questionable Encryption 2024-04-25
Operating Systems
ChromeOS
Security
Tommy

Premise

ChromeOS encrypts user data on the disk by default. The implementation details are documented upstream but not relevant within the scope of this post.

It is well-known that ChromeOS uses Google account passwords as the primary login credentials. This necessarily means that anyone with knowledge of the Google account password is able to unlock and therefore decrypt a ChromeOS user profile.

Practical Implications

The very same Google account passwords used for ChromeOS authentication are also used for logging in to various Google services in web browsers and other apps. After a quick investigation with browser dev tools:

Google Login

…It turns out that passwords are submitted to Google servers in plaintext (see "mygloriouspassword" in the Form Data).

As a result, someone with sufficient access to Google's servers would theoretically be able to obtain the actual, unhashed password for a given Google account. An adversary with physical access would be able to unlock and decrypt ChromeOS user data with cooperation from Google.

This differs from how encryption passwords are handled by other services like cloudbased password managers — they use clientside hashing to deliberately blind the server from the actual password. As the name suggests, the browser locally executes a cryptographic hash function on the actual password and only transmits the resultant hash to the server for authentication.

Takeaways

If Google is malicious, coerced by the government, or hacked, their servers can record the user password prior to it being hashed serverside. That password can then be used by an adversary with physical access to unlock ChromeOS and gain access to the data stored therein.

Just to be clear, this is not a vulnerability. It's just how the system is designed.