In my attempts to try to understand the concept of Atom table bombing techniques, I am being led to believe that keystrokes and passwords can be theoretically retrieved using this code injection technique to bypass Windows security.
What I am trying to ascertain is whether this could also affect 1Password for Windows and to what extent. The whole intent of this post is to understand the risks surfaced with this new technique in compromising Windows security.
Any thoughts from the 1Password Windows Security Team?
1Password Version: 18.104.22.1686
Extension Version: Not Provided
OS Version: Windows 10 Build 14393.351
Sync Type: Not Provided
Here's another treatise on the topic. This one attempts to demonstrate how you can pull off the vulnerability.
Hi @laugher! Thanks for asking.
We haven't had a chance to look closely at this particular windows malware, but it does initially appear to hard to stop and allows for the compromise of nearly any process.
If you are running 1Password (or anything else) on a compromised operating system all bets are off. There are steps that we can (and do) take to defend against some common and superficial malware attacks, but ultimately we have to acknowledge the truth of the slogan: once the operating system on your computer is compromised it is no longer your computer. Anything that is available to you (such as your passwords after you have unlocked 1Password) is available to the operating system. If that operating system is "owned" by an attacker, then you are in trouble.
As I said, where there are simple things that we can do that make things harder for attackers who have some power over your computer, we do. See for example Watch what you type: 1Password's defenses against keystroke loggers
What that article concluded with two years ago still holds true today: