1Password Security Concern

I plan to choose 1Password due to its good support for windows hello and Intel SGX, however I am very disappointed to see that the latter feature got dropped in newer versions.

Meanwhile, I came across this report when searching online: https://www.ise.io/casestudies/password-manager-hacking/

It seams 1Password is doing a poor job in preventing the data snooping on local computer. The promised SGX protection is not in ver7 and the memory protection/scrambling is even worse than the old version.

I consider this as an actual threat because there will be ring0 malware which snoop the 1Password memory region (and especially that 1Password's user base is large, it is more likely to be the target of the attack).

I am wondering if 1Password is addressing any of the problem mentioned in this report. I've scrolled through the windows client update log and I didn't really see such enhancement being implemented since the release of this report. Is 1Password aware of this vulernability and working on the resolution? Now I am not sure if I should choose this product.


1Password Version: 7.3.712
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • HidingInPlainSite
    HidingInPlainSite
    Community Member

    I paid for a full family version of this software to protect my households passwords and to encourage more diverse password use.

    I have just read the case study from the link supplied on scraping memory and I will say I am not impressed.

    I did wonder myself if this was possible, after all the software makes use of the clipboard.

    It is only a matter of time before this hits big and malware designed to target password managers is out, so leaving bit and pieces in the memory is not great.

    Adding a comment as I also would like an answer to this.

  • DanielP
    DanielP
    1Password Alumni

    @n00mis, @HidingInPlainSite:

    Thanks for asking about this. It's good that you're thinking about these things.

    External security evaluations are important and make 1Password a better, safer product. In addition to the third-party security audits that we specifically request, many security professionals evaluate 1Password independently. A year ago now, one such evaluation has brought renewed attention to the memory management of password managers like 1Password, which has presented us with an opportunity to discuss memory management and memory safety.

    The most important thing to know is that the issue described in the report is only a threat to a computer that is already compromised. If your computer is not compromised, you aren't affected by the issue.

    You can read more about this in our documentation page about this, which you can find here.

    If you have any further questions, don't hesitate to let me know. I'm happy to address them.

    ===
    Daniel
    1Password Security Team

  • n00mis
    n00mis
    Community Member
    edited January 2020

    The real problem is: whether a computer is compromised or not is usually hard to know nowadays. Many infostealer trojans are stealthy enough so that the users won't even notice the data leak until they start to see financial losses. Meanwhile, many antivirus software cannot recognize them effectively either. Therefore, it is 1Password's responsibility to shrink the attack surface, raising difficulty for local snooping as much as possible. In the report I attached in the original post, the real no-nos are these two things:

    1) the master password is stored in memory in plain-text once unlocked. Especially since the 1Password client is a constantly running process, this may stay in the memory as plain-text for a long time. This generally renders the claim here meaningless locally: https://support.1password.com/pbkdf2/ because the infostealer can easily snoop the local memory and bypass all those protections.

    2) the whole database gets decrypted as soon as user unlocks the vault. This means even I only want to fill a gmail password, other info like all my credit card information will be able to be extracted even after I lock the vault!

    From my perspective, relying on other means of protection (like antivirus, OS) to ensure the data safety for a critical software like this is unacceptable. For here, I draw a clear line between memory management issue and other covert channels like clip board snooping or keylogger. The latter two covert channels are more of the OS's responsibility, but the former one is definitely controllable by 1Password devs.

    I cannot imagine any corporate user will be happy to see their secret, tokens are stored in memory in plain-text form, especially they are the ones who are more susceptible to APTs, memory forensics, and other state-sponsored attacks that may target on a critical software like 1Password.

    For the link you have provided, I think it is ok to state that 1Password doesn't protect against compromised computer because there will be countless ways to attack 1Password locally. However it doesn't mean that local memory encryption/scrubbing should be totally abandoned. If this is the case, then all the OS safety measures like ASLR, DEP should also be abandoned because they can also be bypassed in some ways.

    I think the bottom line here is to scrub the sensitive memory region when the vault gets locked which at least prevents local data leak for most of the time. A nice to have feature is to decrypt the user db on-demand instead of all at once so at least a leak won't reveal all the secret. An even nicer feature is to support modern processor's secure enclave features like SGX, which won't leak data beyond processor register level. I understand the nice to have features may not be trivial to implement depending on how the current software is handling the db queries so I won't push for those too much for now... Anyway I sincerely hope the 1Password dev team can consider to improve this if this has yet been addressed in the latest version...

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    Hi @n00mis,

    Much of what you raise has been discussed to a great extent and in gory details earlier in this thread, but I can't expect anyone to read more than a small portion of it. But people forgive me if my response to you is short on details.

    SGX

    We are all disappointed that we were unable to maintain the use of SGX as a way to provide meaningful security. We put a great deal of effort into trying. But we didn't want to continue to advertise our efforts with SGX until we were fully confident that we could be making use of it in a way that provides a meaningful security improvement to our customers. Remember that anything that is displayed or made available to the user has to live, at least for some time, out of the secure enclave. So while we can stuff decryption keys into a secure enclave, we can't use it for the bulk of user secrets. Again, this is not to say that there aren't ways for us to make good use of SGX, but it isn't going to be as big a gain as many may hope for and it is going to be tricky.

    Memory management in general

    Our experience with SGX is among the things that help teach us to not promise anything before it is delivered, but at the same time I am going to ask you to keep an eye out for future versions of 1Password for Windows.

    Local attacks

    It appears that we disagree on what local attacks we need to defend against. I really don't want to re-open that endless discussion, so I will only repeat that our choice of which kinds of local attacks we work defend against depends on, among other things, whether we are entering into an arms race. We are not going to put in costly1 defensive measures for things where the attacker has cheap counter measures. I think that in principle most people agree on that, but as this long discussion thread demonstrates that people continue to disagree about the costs of defensive measures, attacker counter measures, and the nature of particular kinds of attackers. I hope that even as you may continue to disagree that you recognize that the choices we've made are well considered.


    1. Costs can include, among other things, trade-offs with other code safety measures, developer time, code maintainability. Many of these involve opportunity costs. Resources dedicated to one thing mean that those resources aren't available to others. ↩︎

  • n00mis
    n00mis
    Community Member

    Thanks for the response. I think I will keep an eye on 1password and decide whether to subscribe the service when I see improvements in the memory security.

  • stevenhq
    stevenhq
    Community Member

    Having been on the receiving end of a significant funds hack, I've been re-thinking my OpSec from the ground up. I was using 1Password for storage of all my logins and secure notes. Someone, somehow was able to gain access to my PC (or at least it's data) and used 1Password + Authy to login to quite a few services and drain my accounts. No antivirus or antimalware warnings. Nothing detected after running a few deep scans as well.
    They were able to login to a new 1Password + Authy session in HK and also delete any notification emails from my own email accounts. Worst case scenario happened.

    A few takeaways:

    • Storing your 1Password login details inside 1Password is a bad practice. If someone gains access to your PC, then they will have their work much more facilitated.
    • Never ever store 2FA authentication apps on the same computer as 1Password (or at least the computer where the most likely hijack can happen). That goes for storing OTP inside 1Password as well.
    • Reply on hardware keys to secure your most important accounts.
    • Use an email address for critical services that is not available on your main PC/work device. Secure it with hardware keys only.

    Basically, always imagine that your computer will be compromised.Will the bad actor be able to login to your most important services if that happens? If that answer is yes, it's time to re-think your online security.

This discussion has been closed.