Finding & exploiting local attacks on 1Password Mac desktop app
J. Hoffman, C. Morgan
DEF CON 32 Main Stage · Day 1 · Main Stage
This talk, presented by Colby Morgan and Jeffrey Hoffman, offensive security engineers at Robin Hood, delves into their research on identifying and exploiting local vulnerabilities within the 1Password for Mac desktop application. Their primary objective was to uncover methods for local attackers to dump sensitive vault contents, recognizing that credential exfiltration is a top priority for advanced persistent threats (APTs) and red teams upon gaining initial endpoint access. The research highlights the critical importance of understanding the local security model of applications that safeguard high-value data, even when traditional remote exploitation vectors are well-defended.
AI review
This talk by Colby Morgan and Jeffrey Hoffman presents a meticulously researched local attack against the 1Password for Mac application. It demonstrates how, despite 1Password's robust internal defenses like correctly configured Electron fuses, a determined local adversary can leverage inherent browser functionalities such as Chromium's remote debugging port and extension ID spoofing to exfiltrate sensitive vault data. The research highlights critical blind spots in the local security model, particularly at the intersection of applications and their browser extensions, offering invaluable…