This is Part Two of our review of the security of the LastPass Authenticator app. Check out Part One of the security review here.
LastPass Authenticator Login Process



LastPass Authenticator uses the Apple Push Notification (APN) service to send messages to the iOS device to indicate that an authentication has been requested. Apple’s iOS devices connect to the APN service at boot, or as soon as a data connection becomes available. Here’s a typical APN DNS lookup:
When LastPass Authenticator receives a “Push Requested” message over the APN network, it requests further details from the LastPass servers by means of a new TLS connection to the “GetRequestInfo” service. In this connection, it POSTS the just-received “requestToken” back to the LastPass servers in order to verify the token and to obtain additional data about the verification request. This is the same sort of token verification that we see in modern SAML-based authentication systems, and it is a great security practice — especially when using a third-party protocol to transmit the original request.
{
"requestToken": "01_5YeOODMPFL83B9jzXOP5ytCY3DcLeSCzz2Wowx9iAc2ANgryq8dxRV3RzjT3FNwq"
}
The LastPass servers then send the details of the request, again in JSON format.
{
"GetRequestInfoResult": {
"requestId": "71UKK",
"requestTime": 1458428374,
"requestTimeout": 90,
"serverTime": 1458428387,
"userEmail": "[email protected]",
"userId": "4fab24b8-a3a4-4f6d-a6d5-09a98cd29079" }
}
The LastPass Authenticator app then notifies the user that a request is pending and presents the confirmation page.
If the user selects “Allow”, a reply is sent via TLS POST to the LastPass servers. The reply contains “authenticated:true” along with the requestToken, the deviceId that was established during enrollment, and several other parameters. The “signature” parameter is likely a BASE64-encoded hash. Expanding it reveals a random 128-bit value, most likely a MD5 or similar hash of some entanglement of the various tokens used during the push authentication process.
{
"deviceId": "5a42c41d-1b8a-48cb-a469-d540ceb4bfbd",
"signature": "lIf8EMdx7YAlOiw2x9RfbJqPcUo6MhXLPTJO4clPCRo=",
"authenticated": true,
"deviceSecret": "lUDUbcnbUSuxGWFVPAKdmfTGP5nsVBuN4NjDr6pcoY5oI9MfgevrP4aB8svEG2Xo",
"requestToken": "01_5YeOODMPFL83B9jzXOP5ytCY3DcLeSCzz2Wowx9iAc2ANgryq8dxRV3RzjT3FNwq"
}
Whappens if the user hits “Deny”?
As one might expect, if the user declines the authentication, a “false” is sent.
{
"deviceId": "5a42c41d-1b8a-48cb-a469-d540ceb4bfbd",
"signature": "wxiBoExWj9M4+hK+HLPCErahzDs0mKI0yNhgTam8Rrs=",
"authenticated": false,
"deviceSecret": "lUDUbcnbUSuxGWFVPAKdmfTGP5nsVBuN4NjDr6pcoY5oI9MfgevrP4aB8svEG2Xo",
"requestToken": "01_zsZTRO8e5NhmDQcrelEFqsidsw6gAN6jv5DIJl9QScnKKRLmXql54W2W5Jr725Rg"
}
Upon receipt of the “authenticated: false” message by the LastPass servers, the user is denied access and presented with an appropriate error message.
What happens with TLS MITM?

The LastPass Authenticator app properly verifies the X.509 certificate it receives for https://accounts.logme.in against the iPhone’s RootCA store. Unlike some other smartphone applications we’ve studied, it does recognize client-installed root certificates, making it compatible with TLS-inspecting firewalls, intrusion detection systems, and other perimeter security devices routinely found in our clients’ enterprise networks.
LastPass properly detects invalid certificates and refuses to operate. For example, when presented with a spoofed TLS certificate, the application fails to function and simply reports a network error to the user.
LastPass Authenticator: Summary of Security Review
The LastPass Authenticator is secure and cryptographically sound, and we recommend its use for individuals and small departments. Our enterprise clients, who are looking to maintain a unified multi-factor authentication deployment are urged to continue using Duo to secure their LastPass Enterprise deployments. Duo in particular is highly extensible and can be applied to a whole host of other systems, making it a better fit within a unified, enterprise-wide deployment.