Research article: "Keep your memory dump shut: Unveiling data leaks in password managers"

Community Member
edited January 9 in Lounge

I recently (yesterday ;)) came across this research article, from march 2024:

http://arxiv.org/pdf/2404.00423
"Keep your memory dump shut: Unveiling data leaks in password managers", where there are plenty of possible attack vectors once a threat actor gets it's hands on a memory dump.

Ofcourse, once you're in the situation where this is possible you have other problems imho.

I feel like it's +- what was talked about in https://1password.community/discussion/comment/493325, but that thread is from 2019, this article is from the Q1 2024.

Has anything changed in the meanwhile that 1pw can talk about?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • Hello @jdeluyck! 👋

    Thanks for reaching out! When you view an item in 1Password, the information must be decrypted for you to see it. 1Password temporarily stores this information in your computer's memory while 1Password is open. This means that while 1Password is open, it's possible for someone who has access to your computer to read that information from your computer's memory.

    1Password makes use of several different technologies and strategies to help protect your data locally on your device. However, neither 1Password nor any app can provide complete protection against a compromised computer. You can read more about the nature of local attacks here: How 1Password Protects Information on your Devices

    The best way to protect against these sorts of issues is to follow best practices to avoid the compromise of your device:

    1. Only install apps and updates from the official app store for your operating system or the publisher's website.
    2. Keep your operating system up to date.
    3. Keep your apps up to date, including and especially 1Password.
    4. Use Windows Defender on your Windows PCs.
    5. Lock your computer when you're not using it.

    If you have any followup questions regarding this, please reach out directly to our security team by sending an email to support+security@1Password.com

    -Dave

Welcome!

It looks like you're new here. Sign in or register to get started.

Welcome!

It looks like you're new here. Sign in or register to get started.