iMobileSitter provides higher security than conventional password managers, read on why.

Weaknesses of conventional products

Despite their use of accepted encryption algorithms, many password managers are compromised by gaping security holes. Developers tend to overlook one vital fact: algorithms like AES (Advanced Encryption Standard) that are widely considered to be secure are, in reality, only truly safe if all possible key combinations are equally probable. The key space of AES, in other words the set of all possible cryptographic keys, comprises a total of 2128 (≈ 3,4*1038) elements, for instance. If, say, a master password consists of a maximum of 12 digits, the number of possibilities that can be entered on the keypad is only 4.8*1023 – equivalent to just 1.4*10–13 percent (≈ 0.00000000000014 %) of the AES key space. An attacker hoping to get hold of encrypted secret information therefore only has to try out a relatively small number of cryptographic keys.

Under the right conditions, this step could be accomplished in a very short time, given the computing capacities available today. In practice, the situation for a potential hacker is likely to be far more favourable, because out of all the conceivable master password combinations some have a higher probability than others. According to an ElcomSoft study, around forty percent of all passwords utilized by businesses can be found in a dictionary.[1]  Attackers therefore program their hacking software to start by trying every word in a dictionary (dictionary attack).

Methods of attack

Modern invaders planning to carry out a dictionary or brute force attack (in which they try out all relevant possibilities) employ hacking software that is more or less freely available and intuitive to use.[2]  Anyone who is unwilling to get their hands dirty can resort to one of the digital online cryptography portals that offer password cracking as a service.[3]

In addition, new technologies like cloud computing allow people to purchase enormous amounts of computing capacity, which will make password cracking even simpler, faster, and cheaper in the future.[4]  Even now, attackers can already test billions of combinations in next to no time. In many cases, this happens without the data’s proper owner being even remotely aware and without giving other protection mechanisms a chance to become effective. Although some manufacturers endeavor to artificially increase the computational overhead for encryption and decryption as a way to limit the number of attempts per minute in the event of a dictionary or brute force attack, such countermeasures are inappropriate for nobile devices with limited CPU capacity – such as smartphones – because they impose serious restrictions on the usability of the hardware.

The trick: iMobileSitter

With a conventional password manager, an attacker can tell whether or not a decryption attempt is successful. With Fraunhofer SIT’s iMobileSitter this is no longer possible; there are no clues in the decryption result that reveal whether an intruder’s aim has been achieved.

iMobileSitter accepts all inputs regardless of the attempted master password; it decrypts the stored information on the basis of this password, irrespective of whether or not it is correct. The decryption result that appears on the mobile device is generated according to the master password entered. Every password and PIN that is decrypted and displayed looks as if it could be correct. If an attacker decrypts a PIN assigned to a debit card, for instance, the decryption result that is returned will always be a four-digit number combination, in accordance to the requested format. The intruder – either the hacker themselves or the hacking software – has no means of assessing whether the master password entered was actually correct. Every attempt to decrypt the codes appears to be successful. Thus, dictionary or brute force attacks are effectively frustrated.

The following two figures show the main screen after loggin-in with the (1) corrent master password and with a (2) wrong master password.

To determine whether a decryption result is correct, the hacker has no choice but to log into the relevant access or account or type in the PINs. After a defined number of failed attempts, e.g. three in the case of a debit card, additional security mechanisms of the application will take effect. The rightful user, however, realizes immediately if the master password entered is correct or if it was simply mistyped: MobileSitter displays an easily recognizable, graphical symbol depending on the master password entered. The proper user, who memorized the proper symbol, will thus have an immediate confirmation of the correctness of his input. On the other hand, this image is of no help to the attacker, who neither knows the symbol for a correct password nor has any way of finding it out.

  1. [1]  ElcomSoft: Password Security Survey 2009.
  2. [2]  Heise Online: ElcomSoft now also cracks passwords with word lists.​ElcomSoft-knackt-​Passwoerter-nun-auch-mit-Wortlisten-832342.html (in German);
    Password breaker for iPhone backups.​Password-breaker-​for-iPhone-backups-923266.html
  3. [3]  Heise online. Password cracker as a payment service.;
  4. [4]  The H Security: Cracking keys on the cheap in the cloud
    The H Security: WPA Cracker cloud cracks Wi-Fi passwords.