Keybase

Keybase is notifying Android users of a bug in its mobile app that might have unintentionally included the users' private key —used to encrypt conversations and other private data— into the automatic backups created by the Android OS and uploaded on Google's servers.

Keybase, which is a company that provides a wide range of identity proofing and encrypted communication tools, says it fixed the bug and has sent notification emails to users it believes are affected by this issue.

The emails contain instructions on how users could force their device to generate a new private encryption key.

Keybase uses this private key as part of a private-public key pair system to verify a user's identity and encrypt conversations sent through the Keybase chat system from that device.

Issue affects only "early adopters" of the Keybase Android app

According to an email seen by Bleeping Computer, the issue appears to affect only "early adopters" of the Keybase Android app.

Keybase estimates that around 10% of Keybase Android app users are affected by this bug. On its website, the company boasts to service over 205,000 users; albeit is unclear how many of these also use its Android app.

Keybase said that users who back up their Android device through Google Play and users who reused passwords from other accounts or used a weak passphrase are affected.

Android backup settings

How Keybase creates and uses private keys

Some quick background: every device you install Keybase on generates its own key pair. This is an improvement over old models, because if you lose a device, you can simply remove it (a.k.a. "revoke") from another device, while still being you.

How the bug occurs

In an earlier beta of our Android app, a bug suggested that Google could back up an encrypted copy of your key (encrypted with your Keybase passphrase, which neither Keybase nor Google knows). Some users considered this a feature - that they could provision a new Android phone with a backup, and continue using Keybase, as long as they knew their Keybase passphrase to decrypt their key. This wasn't our intention, however. We want a fresh Keybase install never to work from a backup. Why? Because some users are bad at picking passwords.

As Keybase points out, this isn't a serious issue unless users are really bad at choosing passwords. An attacker would first need access to a user's Google account (to extract the Android backup files), and then the Keybase passphrase (to decrypt the private key). Nonetheless, we've seen many cases of bad password practices in the past to rule out possible attacks on Keybase accounts.

Keybase works by allowing users to register a Keybase account and use it as a central hub to verify profiles on other online sites and verify devices the user owns.

Keybase account example

An attacker may obtain a user's Keybase account password (passphrase), but he won't be able to impersonate that user in Keybase-encrypted chats and private PGP-protected messages unless he sends those messages from verified devices.

The bug Keybase just fixed allows an attacker to obtain the private key and impersonate the user's Android smartphone. This is why it is important that users secure devices, even if there's a little possibility they were affected.

Keybase has included the following instructions in the email to possibly affected users. Users who received the email should update their Keybase app and go through the following steps to create new private keys. The old backups can be left alone, as the private key contained within won't work anymore.

We recommend you revoke and reprovision your Android phone.

If you've got Keybase installed on another computer or have a paper key, the simplest way is to:

    1. uninstall the Keybase Android app
    2. reinstall and provision as a new device (you'll pick a new name, even though it's the same hardware)
    3. remove your old device under the "devices" tab

If Android is your *only* device, then jeez, you have another problem, which is you're risking data loss. We recommend first:

    1. make a new paper key under the devices tab in the app.
    2. leave your android app open on Keybase for ~15 mins, on a good connection, just to make sure it has time to rekey your conversations for your paper key.
    3. Then follow the above instructions.

This doesn't affect PGP keys or anything outside of Android.

Despite this issue, users shouldn't be deterred from using Keybase, which is currently the only service that provides support for end-to-end encrypting Git operations, Reddit and Twitter private messages.