I have always known this at the back of my head, but never really looked at it and now I have. Turns out anyone who has access to your machine can easily retrieve all the saved passwords from your Google Chrome browser.
Now, before you rule out the possibility of someone having access to your machine, let me ask you these questions:
So, what is the moral of the story? I'll leave it to you to decide, but I tend to prefer not to trust my passwords with my computer :P
Now, before you rule out the possibility of someone having access to your machine, let me ask you these questions:
- Do you occasionally leave your computer unattended?
- Do you sometimes lend your computer to your friends?
- Do you install or run any software on your computer?
The easiest way involves opening up your Chrome browser, navigating to the settings of your browser, showing the advanced settings followed by clicking on the "Manage Passwords" link. Then, you can click the "Show" button next to any of your saved passwords in order to reveal them. However, you would need to type in the password of your Windows account in order for this to work. This makes it not so convenient for a malicious person to steal the passwords from your browser!
So how would a malicious person do it, you may ask? Well, there's another technique that one may use. From the window above, you may click on the URL in order to access the page in which the passwords are stored for. Then, simply right click on the password field, select "Inspect" and change the input type from "password" to "text". Voila! The password is then revealed!
But what if there are too many passwords for you to retrieve? Or what if your friend who lent you the computer is not far away and you would like to make it less obvious? In this case, you may simply use a script or a binary executable to do the job and secretly exfiltrate the passwords from the computer. To do this, we need to understand that your passwords are stored in a SQLite database on your computer, and they are encrypted using a Windows API called CryptProtectData. Accordng to MSDN, this API encrypts data using your Windows login credentials. This means that your encrypted passwords can also be decrypted using the corresponding CryptUnprotectData API call. So it's really simple to retrieve all your passwords using a script. We simply have to locate the path of the SQLite database file (which is usually at %LOCALAPPDATA%\Google\Chrome\User Data\Default\Login Data), connect to it and retrieve all the encrypted passwords, then decrypt them using API calls to CryptUnprotectData. Here are the results:
You can find the code (and its compiled binary for x86-64 machines) at https://github.com/thngkaiyuan/chrome-creds-dumper. Of course, there are legitimate uses for this tool. For example, if you know someone who is computer illiterate but wants to retrieve their saved passwords, you can instruct them to simply double-click on the compiled binary (you might need to add a pause at the end of the script though).
So, what is the moral of the story? I'll leave it to you to decide, but I tend to prefer not to trust my passwords with my computer :P
Comments
Post a Comment