Security questions about 1password client updates and server infrastructure.
Hello!
Thank you for being always kind and helpful to customers.
I'm feeling safe as my vault items are secured with multi-layer zero knowledge security models.
It seems that data stored in 1password servers are almost uncrackable by itself.
However, I got some concerns while reading the security white paper.
The white paper has excelent and easy to understand documentation on how the security model of 1password works behind.
But I've noticed some aspects of 1password isn't documented in this paper. It might be a bit unrelated to the security model of 1password, or I'm being a bit too paranoid, but here are my thoughts.
The first thing is Infrastructure security of the 1password server.
The paper says about encryptions and key derivations involved in the use of 1password, it even says if the 1password server is hacked, there will be no compromise of user's sensitive data since the server doesn't have an ability to decrypt that data.
However, I can't find how the server is protected and how access controls are enforced.
I'm not refering to access controls of vaults on 1password families or teams, instead by access controls, I mean management of permissions to gain direct access to the 1password server, like database access, terminal access, file system access etc.
I'm wondering how 1password mitigates these kind of unauthorized accesses.
The last thing, which I'm having a lot of concerns about is security of software delivery processes and source management.
This includes security of 1password client updates, security of 1password employee's development environments, and management of various signing keys used by the server.
Since 1password is designed with the possibility for the server to be compromised in mind, let me explain some imaginative scenarios that making me worried about.
Scenario 1. An attacker breeches the 1password source server which holds source codes of client applications and silently insert malicious code.
Scenario 2. An attacker somehow obtains remote access to a development computer used by one of the developers in agilebits, and injects malicious code without the owner noticing.
Scenario 3. Similar to scenario 2, but this time the malicious code is injected by an 1password employee with unknown reason, probably he got fired and wanting to cause trouble for the entire company and all it's users.
Scenario 4. This time an attacker attacks the release channels of the 1password update system and push backdoored 1password clients to users.
These scenarios I presented doesn't rely on stealing data from the server or brute forcing the password or encryption key. Instead, these attacks focus entirely on delivering malicious 1password clients to users, and once it succeeds, all security measures, including encryptions, SRP, two secret key derivations etc breaks in an instant.
I'm wondering what mitigations 1password have and possible mitigations for the end-user about these kind of attacks.
I don't know where to post general security questions, so I'm posting this to product updates category but please feel free to move this topic if the subject doesn't match the purposes of this room.
Thank you in advance.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided