Question on: "If an attacker gains access to your OS..."

juliju

Hey guys, on the boxcryptor info site on "App Protection" there is a note that says:

Note: If an attacker gains access to your operating system, it is theoretically possible for him to modify the locally stored Boxcryptor settings in such a way that the protection feature can be circumvented. While this feature can help you better protect your encrypted data on your computer, it does not guarantee 100% security against sophisticated attackers with access to your operating system. We recommend to follow local device security best practices, to avoid such a situation.
(https://www.boxcryptor.com/en/help/settings/macos/)

Now, I just want to understand why/how an attacker can do this when he gains access to the operating system. Doesn't he still need my password to decrypt my private key to decrypt the data? (Sorry for such a beginners question)

Oh and of course I am not asking you for a detailed instruction on how one can do this 😃, I just want to know what I generally misunderstand with my simple logic from above. Why does the attacker not need the password to decrypt my data?

Thanks a lot!

juliju

So I thought about it and I guess what happens is the following:

My key is stored in unencrypted form locally on my computer. If an attacker takes control over my computer, then he can simply take this key to decrypt my data. I.e. what actually happens when I open boxcryptor locally on my computer and I am asked to input my password is not that my private key gets decrypted by my password (since it is already stored in decrypted form anyway). What happens is simply that the boxcryptor app decrypts the data for me. So it is basically a user convenience thing. If I don't enter the password, I could still just take my private key (that I already have access to since it is stored on my computer!) and use it to decrypt my data myself. So on my computer the data is not secured at all, boxcryptor provides security exclusively for the cloud. (Which is of course entirely legid! That is what it is meant to do! 🙂 I just wanted to make sure that I actually understand correctly what is going on)

Is that correct?

If it is correct, then I think that the official boxcryptor note that I cite above is quite misleading! Since in the scenario I described, there is no need for the attacker to modify any settings, or is there?

kluzaklien

This is a very good post. Thank you. I'm surprised you have not heard back from support. Maybe you could help me with a follow-up question however:

Does what your said also apply to other devices? Such as my Android phone or my iPad which I have Boxcryptor on? Is the key stored unencrypted and if an attacker got access to these devices they could just decrypt local files? (assuming one can save local encrypted files on android and iOS. I haven't tried, I just use it w cloud service)

Still curious if the key is in plain text or encrypted with my Boxcryptor password?
Thanks!

juliju

Hey, kluzaklien, I hope somebody will tell us one day.

But maybe the only way for this to happen is to buy a boxcryptor subscription such that we are allowed to directly ask the customer support 😃

juliju

Push 🙂

Esad

Hello juliju,

We show this warning in our help pages since our app protection is not directly tied up cryptographically to Boxcryptor's encryption ecosystem.

For example, the settings on Windows are encrypted with the Protected Data API, on iOS / macOS we are making use of the Keychain. If an attacker has access to the user profile he might be able to decrypt the settings. Although we added temper-proofing techniques to our settings, since these techniques are not backed up cryptographically, a sophisticated attacker might be able to discover unknown vulnerabilities.

Boxcryptor's main purpose is securing your files in the cloud, providing protection on a (potentially) compromised device is out of the scope of our product.

Best regards,
Esad

juliju

Dear Esad, thank you very much for your reply. You talked about the settings. I'm struggling to understand the role that the settings are playing. Why does access to my data (on my device) depend on the settings?

Is the data on my device encrypted or is it not encrypted?