iOS 8 And OS X 10.10 Need to Fix iCloud Keychain
By Judith Aparri | May 6, 2014 6:07 AM EST
Currently, there are two reported issues with iCloud Keychain that the upcoming iOS 8 and OS X 10.10 may hopefully fix. Such issues make iCloud Keychain unusable for those whose main concern is about security.
iCloud Keychain allows generation, storage and management of unique, strong passwords for Apple's Mac, iPad and iPhone. It is used to save credit card and password information to securely sync them across devices. Theoretically, it is a convenient and secure feature if not for its flaws.
Problem 1: No Re-authentication
iCloud keychain does not require re-authentication to grant access to the stored information. If the device, whether an iPad, iPhone or Mac is unlocked, anyone who uses it can access stored credit cards and passwords.
When iCloud Keychain is enabled, device owners cannot simply hand the unit over to a colleague, friend, family member or to anyone else as there will be a risk of having credit cards and passwords accessed.
Whether you have to make an emergency call, search for something on the Web, play games or do anything, people usually use their mobile devices and there is a hole in the iCloud Keychain.
Third-party password managers, found in Apple's iTunes App store, usually require a "master password." To buy apps on the App Store, Apple also requires re-authentication before the user makes a purchase, which is something Apple ought to be aware of.
iOS and OS X should not treat passwords and credit cards less protection than they do with accounts on iTunes.
Problem 2: Weak Cryptography
Apple is doing a good job in security-centered cryptography in most of its architectures, except in iCloud Keychain.
For some unexplained reasons, iCloud uses a bad curve with iCloud Keychain called P-256 curve, one that no one trusts, as it has numerous characteristics that make it weak as shown in SafeCurves and StackExchange sites.
iCloud Keychain flaws maybe too technical that not all people would want to fully comprehend them. But there are some people smarter enough to understand, who, when they find a standard weak, anyone who wants security, would move away from such standard.
Apple has used a curve determined by the security community as weak, thus, nobody should be using it if they want to be trusted.
If Apple can correct crypto and make it rock-solid throughout the system, it would be great if it would via OS X 10.10 and iOS 8.
To contact the editor, e-mail:
Most Popular Slideshows
- The Pirate Bay Founder Gottfrid Svartholm Clears That Fredrik Neij And Peter Sunde Are Not TPB Founders
- ‘The Walking Dead’ Season 5 Spoilers: Daryl Dixon Out There To Save His Two Favourite Ladies In Mid-season Finale
- [In Pictures] Police Fire As Protest Turns Into ‘Riot’ After Grand Jury Decision on Ferguson Shooting
- ‘The Walking Dead’ Season 5, Episode 8 Spoilers: Daryl Dixon Is Set To Burn The Place Down in ‘Coda’
Join the Conversation
- Russia Is Ready for Shooting War, Will Likely Win Looming Nuclear Showdown with U.S. – Report
- Kobani ISIS Fighter Sends Out Desperate Message For Prayers And Support: Euphoria Turns Into Desperation As Kurds Advance
- Chris Algieri’s Battered Face Trends On Social Media
- Home Depot Early Black Friday 2014 Sale Up To Nov. 29, 2014 Includes Special Buys On Appliances Such As Samsung Refrigerators, Whirlpool Electric Ranges And Hoover Vacuum Cleaners
- Microsoft Band Runs Out Of Stock, But Offers $10 Gift Voucher To Wait-Listed Customers
- Black Friday Sale 2014 Deals From Amazon On Smartphones, TVs, Headsets And More
- Andrew Robb Asks Obama Not to ‘Lecture’ Australia on Climate Change