Impact of zero-day attacks
Google’s zero day team has just issued a report claiming that earlier this year simply visiting certain websites could grant hackers access to the passwords in the iOS keychain. Did any of these exploits also compromise 1Password in any way? (They didn’t mention 1P or other third party password managers in the report.)
https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
@Tangible Thanks for starting this thread. I too am curious about the affects of the 0-day exploits on iOS and how it would affect 1Password.
This is an alarming exploit because even though iOS (and various encryption focused apps) encrypts messages in flight it doesn't appear to encrypt them on the devise (iMessage, WhatsApp, Telegram included). In addition to knowing how this could affect 1Password. I'd like to know if 1Password encrypts the data in our vaults when they aren't open on the users device.
Any thoughts?
0 -
@Tangible, @Yo_Ayo @jpgoldberg has some preliminary thoughts on this topic here: https://discussions.agilebits.com/discussion/106629/ios-security-breach#latest
0 -
You're very welcome. :)
Ben
0