Dashlane explains how attackers managed to download encrypted password vaults
Dashlane explains how attackers managed to download encrypted password vaults
Dashlane 解释攻击者如何成功下载加密密码库
Dashlane said that attackers mounted a coordinated hacking campaign against a large base of its users in an attempt to recover as many encrypted password vaults as possible. The password manager provider said fewer than 20 personal user vaults were downloaded before it shut down the operation. Dashlane 表示,攻击者针对其大量用户发起了一场协同黑客攻击,试图尽可能多地获取加密密码库。这家密码管理器提供商称,在他们阻止该行动之前,被下载的个人用户密码库不到 20 个。
In a campaign that started Sunday, the unknown threat actor abused the mechanism that allows Dashlane users to add new devices, such as computers or phones, to their accounts. By abusing Dashlane’s programming interfaces for device enrollment, the attackers sent requests to large numbers of existing users’ registered email addresses. 在周日开始的一场攻击活动中,身份不明的威胁行为者滥用了 Dashlane 允许用户向账户添加新设备(如电脑或手机)的机制。通过滥用 Dashlane 的设备注册编程接口,攻击者向大量现有用户的注册邮箱发送了请求。
In an update published Thursday, Dashlane wrote: The threat actor targeted the API endpoints for device registration and used a brute force attack to send a large volume of automated requests to those endpoints. In response, Dashlane’s automated security systems operated as intended, triggering an automatic lockout of the targeted accounts to protect those users. 在周四发布的一份更新中,Dashlane 写道:威胁行为者瞄准了设备注册的 API 端点,并利用暴力破解攻击向这些端点发送了大量自动化请求。作为回应,Dashlane 的自动化安全系统按预期运行,触发了对目标账户的自动锁定,以保护这些用户。
Before the attack was fully mitigated, the threat actor was able to brute force and generate valid tokens for fewer than 20 personal plan customers, allowing them to register a new device on those accounts and download copies of users’ encrypted vaults. 在攻击被完全缓解之前,威胁行为者成功暴力破解并生成了不到 20 名个人套餐客户的有效令牌,从而允许他们在这些账户上注册新设备并下载用户加密密码库的副本。
The flow and strategy of the attack
攻击的流程与策略
When a user installs the Dashlane app on a new device and attempts to enroll it in their existing account, Dashlane first verifies the account holder’s identity. This verification is completed by sending a one-time six-digit token to the user’s registered email address (or, for users who have enabled two-factor authentication, by validating a six-digit code generated by their authentication app). For the registration to succeed, the user must enter this code into the Dashlane application. At this point, Dashlane will approve the enrollment and send a copy of the encrypted vault to the device. Vault contents remain unreadable until the user enters the master password, which acts as a decryption key. 当用户在新设备上安装 Dashlane 应用并尝试将其注册到现有账户时,Dashlane 首先会验证账户持有人的身份。此验证通过向用户注册的邮箱发送一次性六位令牌来完成(或者对于启用了双重身份验证的用户,通过验证其身份验证应用生成的六位代码来完成)。为了使注册成功,用户必须在 Dashlane 应用中输入此代码。此时,Dashlane 将批准注册并将加密密码库的副本发送到该设备。在用户输入作为解密密钥的主密码之前,密码库内容保持不可读状态。
As Dashlane explains in its security documentation, the one-time password must be entered on the new, enrolling device for the registration to be successful. Brute-forcing the one-time code for a single account—meaning iterating through every possible combination until the right one is entered—would be little more than a fool’s errand, even within the three-hour window that the codes remained valid. With 1 million possible valid codes, the attackers would have to cycle through a statistically significant percentage within that period. Rate limiting, in which a set number of requests are allowed per account, would also lock out the account. 正如 Dashlane 在其安全文档中所述,必须在新的注册设备上输入一次性密码才能成功注册。对单个账户暴力破解一次性代码——即遍历所有可能的组合直到输入正确的那一个——几乎是徒劳的,即使在代码保持有效的三个小时窗口内也是如此。由于有 100 万种可能的有效代码,攻击者必须在此期间内循环尝试足够大的比例。速率限制(即每个账户允许的请求次数有限)也会导致账户被锁定。
To improve their odds, the attackers sent requests to register new devices across a large number of accounts. Then they simultaneously entered the one-time codes into each of them. In theory, attacking two accounts this way increased the odds for each try to 1 in 500,000. Attacking 1,000 accounts would increase the odds to 1 in 1,000, and so on. The more accounts that were targeted, the better the chances one of them will fall. The economics of password spraying work similarly. The technique also weakens rate limiting because the large number of attempts is spread out, limiting the number hitting any single account. 为了提高成功率,攻击者向大量账户发送了注册新设备的请求,然后同时在每个账户中输入一次性代码。理论上,以这种方式攻击两个账户会将每次尝试的几率提高到 50 万分之一。攻击 1,000 个账户会将几率提高到 1,000 分之一,以此类推。目标账户越多,其中一个被攻破的几率就越大。密码喷洒(Password spraying)的经济学原理与之类似。这种技术还削弱了速率限制,因为大量的尝试被分散开来,限制了针对任何单个账户的请求数量。
Ultimately, the 2FA spraying attack managed to hit the right combination on fewer than 20 user accounts, according to Dashlane, before it was shut down. The company said it has contacted all those users and that any user who has not already received a notification is unaffected. 据 Dashlane 称,最终,在攻击被阻止之前,这种双重身份验证(2FA)喷洒攻击成功在不到 20 个用户账户上命中了正确的组合。该公司表示已联系所有这些用户,任何尚未收到通知的用户均未受影响。
For attackers to obtain the decrypted vault contents for those accounts, they would still have to crack the master password. Dashlane makes this process difficult by using an algorithm known as Argon2. It dramatically slows down and intensifies the process of converting the plain-text master password into a cryptographic hash. In turn, entering large numbers of guesses requires a tremendous amount of time and computing resources, even when the cracking is performed using GPUs or special-purpose hardware. That means the chances of the attackers decrypting one of the encrypted vaults they obtained is very small in the event the master password was strong, meaning long, randomly generated, and has high entropy. 攻击者若要获取这些账户的解密密码库内容,仍需破解主密码。Dashlane 通过使用名为 Argon2 的算法增加了这一过程的难度。它极大地减慢并强化了将明文主密码转换为加密哈希的过程。反过来,即使使用 GPU 或专用硬件进行破解,输入大量的猜测也需要巨大的时间和计算资源。这意味着,如果主密码足够强大(即长、随机生成且具有高熵),攻击者解密其获取的加密密码库的几率非常小。
However, not everyone uses such master passwords. In the event the master password was included in word lists exchanged by password crackers, the chances of success would be higher, although still unlikely. 然而,并非每个人都使用这样的主密码。如果主密码包含在密码破解者交换的词汇表中,成功的几率会更高,尽管可能性仍然很小。
Broadly speaking, the incident has similarities to the 2022 LastPass breach, which also allowed attackers to obtain encrypted user vaults. Eventually, the attackers managed to obtain decrypted information from some of them. The success was the result of two things. First, certain fields, such as website URLs, remained unencrypted in vaults. That meant attackers could read them even without the master password. Second, some of the stolen vaults used outdated algorithms that didn’t adequately intensify the process for converting the plain-text password into a hash. 从广义上讲,此次事件与 2022 年的 LastPass 数据泄露事件有相似之处,后者也允许攻击者获取加密的用户密码库。最终,攻击者成功从其中一些密码库中获取了已解密的信息。其成功归结于两点:首先,某些字段(如网站 URL)在密码库中保持未加密状态,这意味着攻击者即使没有主密码也能读取它们;其次,一些被盗的密码库使用了过时的算法,未能充分强化将明文密码转换为哈希的过程。
Dashlane has said that no user fields in vaults are unencrypted. Further, when algorithms are periodically strengthened to account for advances in cracking abilities, the process occurs automatically, with no interaction required. The algorithm update process for LastPass vaults at the time came with more user friction. Dashlane 表示,其密码库中没有任何用户字段是未加密的。此外,当算法因破解能力的进步而定期加强时,该过程会自动发生,无需用户交互。而当时 LastPass 密码库的算法更新过程则带来了更多的用户阻力。
Dashlane’s initial notification left out key details of the attack and led to considerable confusion about the ongoing risk users faced. Out of an abundance of caution, both master passwords and the contents of any of the recovered Dashlane vaults should be changed immediately to reduce the chance, however unlikely, that the attackers succeed in breaking the master password. Unaffected Dashlane users don’t need to take any such action. Dashlane 最初的通知遗漏了攻击的关键细节,导致用户对所面临的持续风险感到相当困惑。出于谨慎考虑,应立即更改主密码以及任何已恢复的 Dashlane 密码库的内容,以降低攻击者成功破解主密码的可能性(尽管这种可能性很小)。未受影响的 Dashlane 用户无需采取任何此类行动。