1Password security and Jamf
Hello,
I've been wondering about interactions between 1Password for Mac and Jamf.
Quick overview of Jamf: it provides device management tools for IT teams and sysadmins, and it's a popular tool used in many companies that issue Macs to their employees. It allows the administrators to remotely control the Macs: change their configuration, update them, install and uninstall apps, wipe their disks, etc. It's meant to ensure security compliance (e.g. "FileVault must be enabled", or "the screensaver should lock the mac") and to remotely manage the system (e.g. "install Office and keep it up to date", or "configure the office printers and the WiFi network"). It's the kind of tool that is a staple of office IT management, even though usually users get concerned about privacy. This is not what I want to discuss: if a Mac belongs to the employer, they have the right to manage it in any way they think is appropriate, and they have the right to protect their data and systems.
The reason I'm asking this questions is that I am wondering if Jamf could also compromise the security of the 1Password app, and if it's safe to use it on a Mac running Jamf.
Jamf works by using a hidden admin account that can operate as root, which is used to access the macs through SSH. If that wasn't enough, technically the remote "app installation" and "script running" features could be exploited to install other kinds of trackers. (e.g. keystroke loggers).
So, I've been wondering: in a hypothetical worst case scenario, could the root user get access to the 1Password data? While it's encrypted it should be safe I imagine, but what if the root user uses lldb to get a core dump of a running unlocked 1Password app?
Is there any documentation on the subject? Are there any recommendations?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: macOS 10.14.6
Sync Type: Not Provided
Comments
-
If that wasn't enough, technically the remote "app installation" and "script running" features could be exploited to install other kinds of trackers. (e.g. keystroke loggers).
I think you've answered your own question here. :)
I wrote this paragraph in response to a different question, but it is applicable here as well:
Beside that fact, the much more likely attack vector in that case would be to simply read the passwords out of password fields as you input them (whether you use 1Password or not). Someone isn't likely to build software to attack 1Password in that way because they could much more easily read the data from your web browser as you enter it, and have a much higher success rate (e.g. it would affect people who aren't using 1Password as well).
Is there any documentation on the subject? Are there any recommendations?
If you are concerned about this type of attack then the recommendation would be to not have personal data on a work computer.
Ben
0 -
Hi Ben, thanks for the answer.
If you are concerned about this type of attack then the recommendation would be to not have personal data on a work computer.
Yes, that goes without saying, but that's not really the point. My question is not about how I can safely keep personal data on a work computer, but it's about the security of 1Password itself.
0 -
I'll try to answer more directly, then.
So, I've been wondering: in a hypothetical worst case scenario, could the root user get access to the 1Password data?
Yes.
Ben
0