Two years ago, Michael (fictitious name), a cryptocurrency holder living in Europe, faced what is probably the worst nightmare for those who hold digital currencies. In 2013 he had stored 43.6 bitcoins in a digital wallet protected by a password, generated using the well-known password manager RoboForm and encrypted with the tool TrueCrypt. Unfortunately, the encrypted file became corrupted, rendering the 20-character password that held the keys to his precious digital treasure inaccessible. Michael had not saved the password on RoboForm, fearing that someone might compromise his system and steal it.
Michael turned to Joe Grand, a hacker famous for helping other people recover inaccessible cryptocurrencies. At first, Grand refused, doubtful about the possibility of forcing such a complex password created by a trusted password manager. Michael then attempted to contact other hackers, but always received the same negative response. In June last year, Michael tried again to contact Grand, who this time agreed to help him by cooperating with an acquaintance named Bruno, a resident of Germany.
The Recovery
Grand and Bruno spent several months analyzing the operation of the RoboForm program, looking for any weaknesses that might help in password recovery. During their research, they discovered a peculiar flaw in versions of RoboForm up to 2015: the generation of pseudo-random numbers was actually linked to the date and time on the user’s computer. In other words, knowing the time and day the password was created would have made it much easier to reconstruct it. If Michael had been able to remember at least a relatively narrow time interval in which he had generated his password in 2013, the two hackers could have traced it back to a set of temporary passwords that could be used to unlock the digital wallet.
Unfortunately, Michael could not remember exactly when he had generated the password. Analysis of his software wallet’s log revealed that the first bitcoin transfer had taken place on April 14, 2013, but it did not provide precise indications of when the password had been created. Grand and Bruno had no choice but to generate millions of possible passwords, relying on the parameters used by RoboForm (20 characters, with upper and lower case letters, numbers and eight special characters) and testing different time windows between March 1 and June 1, 2013.
After many unsuccessful attempts, the two hackers conducted further analysis on the passwords generated by RoboForm and discovered that some did not contain special characters. Thanks to this discovery, they decided to change their approach to password generation and eventually managed to find the correct password, free of special characters, created on May 15, 2013 at 16:10:40 GMT. Last November, Grand and Bruno withdrew a percentage of bitcoin from Michael’s account, then handed over the password that allowed him to recover his digital assets. Michael sold some of it and now holds 30 BTC, valued at just over $2 million.
Conclusions
Michael’s case revealed an alarming vulnerability in the RoboForm password manager, produced by the U.S.-based company Siber Systems. With more than 6 million users worldwide, RoboForm is one of the most popular and pioneering password managers on the market. Although Siber Systems confirmed that it fixed the problem with RoboForm version 7.9.14, released on June 10, 2015, the company was vague about how the flaw was actually fixed, stating simply that it made changes to “increase the randomness of generated passwords”.
Furthermore, it appears that the company did not warn customers when it released the corrected version 7.9.14 in 2015, nor did it invite users to regenerate new passwords for critical accounts or data. Therefore, it is possible that those who used RoboForm to generate passwords before 2015 are still using vulnerable passwords.