Bluetooth has a 10 year old flaw. [this does not affect 1Password]

wkleem
wkleem
Community Member
edited August 2018 in Lounge

First KRACK and now this:

https://arstechnica.com/information-technology/2018/07/decade-old-bluetooth-flaw-lets-hackers-steal-data-passing-between-devices/

The concern if it relates to 1Password is the pairing of two devices for Personal Hotspot?

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    Oh, that's a clever trick! By now we should be used to attacks on the initial negotiation to set attacker chosen crypto parameters.

    But no, this does not affect 1Password as the data that 1Password transmits is all encrypted with keys derived from your Master Password.

    An attacker might be able to mess up your synching so that it fails for some items. And if you are still using the very outdated Agile Keychain Format, then they could damage your data in ways that may not be immediately detected by 1Password. (All our later data formats use authenticated encryption). But they are not going to get at your secrets.

    We've looked at various things like unlocking 1Password over Bluetooth, but we've always decided that Bluetooth security wasn't enough on its own. We need another layer of encryption and authentication on top of Bluetooth.

This discussion has been closed.