Presented at
DEF CON 32 (2024),
Aug. 10, 2024, 2 p.m.
(45 minutes).
Password managers are routinely granted a massive level of trust from users, by nature of managing some of their most sensitive credentials. For any noteworthy password manager, the encryption standards for user data are well understood and highly scrutinized. What is less understood is the attack surface of the software itself. This presentation explores the local security of the 1Password MacOS desktop application and answers the question of “how safe are my passwords if my computer is infected or otherwise compromised?”.
This talk will cover the outcome of our research into 1Password, presenting several different attacks to dump local 1Password vaults. This includes describing multiple application vulnerabilities and security weaknesses we identified in the 1Password MacOS desktop application, as well as discussing the inherent limitations in its usage of IPC mechanisms and open source software. Additionally, we will discuss novel vulnerabilities found in Google Chrome that aided our exploitation of the 1Password browser extension.
DarthNull’s work around decrypting 1Password vaults: [link](https://darthnull.org/1pass-roundtrip/)
Presenters:
-
Colby Morgan
- Leads, Pentest Team at Robinhood
Colby Morgan is a Staff Offensive Security Engineer with extensive application and infrastructure security experience. Colby currently leads the pentest team at Robinhood.
-
Jeffrey Hofmann
- Senior Offensive Security Engineer
Jeffrey Hofmann is a Senior Offensive Security Engineer with a history of vulnerability research and exploit development. He recreated NSO’s 0 click iOS exploit FORCEDENTRY and discovered pre-auth RCEs in the MDM KACE SMA.
Similar Presentations: