Oddbean new post about | logout
Dr. Hax | 1 years ago (raw) | root | parent | reply | flag 
 It does have uses beyond just physical seizure and is common enough that not zeroing memory of secrets after using them will typically show up on audit report of high security apps (password managers, secure messaging apps, etc).

The main threat is that if an attacker gets control of your system, they can recover old secrets that shouldn't be there anymore. I'll give an example.

Lets say you are using a password database that does not zero memory.

Now say I root your machine and you are on point and detect me in say an hour and boot me off via some means. Lets say your password manager was open but locked the entire time I was on there.

Obviously I'm going to exfiltrate a copy of your password database, but we'll assume you used a password that I am not able to guess nor brute force.

If it had previously been unlocked, I could attach a debugger and dump all memory from that app (or from the entire OS for that matter). If your password or secrets derived from it were still hanging around in memory, then I'd have everything I need to get into all your accounts.

Getting core dumps is easy as an admin. Dumping physical memory is also pretty easy on most systems (there are possible mitigations such as kernels with that functionality ripped out, only allowing signed kernel modules and so forth).

Going through memory is something that can be automated.

Now, is it possible that memory got freed and the OS allocator reallocated it to another program which overwrote the secret? Sure, but I wouldn't want to bet the contents of my password manager  on it.

Is it also possible that freeing the memory resulted in it never getting allocated to another program because it's still in the range that is being managed by the libc memory manager? Yes. In fact, it's very likely.

Closing the application would allow the OS to potentially dole it out again, but how often do people close frequently used apps? For most it's probably only slightly more often then they reboot, which is what, every few weeks or months?

Is this attack likely? As in, does most publicly disclosed malware aitomatically do these things? No, but that doesn't mean it's not possible.

So for high security things, yeah, I'd say zeroing memory the held secrets when you're done with it is worth the effort. I'd probably rate it as a Low impact severity vulnerability. My scale is basically this:

High - Exploitable vulnerability, violates a main security objective
Medium - Could be chained with other hypothetical vulnerabilities to violate a security objective
Low - Best practices. Won't help violate a security objective, but may increase the impact if there are other, higher impact vulnerabilities

For context, I used to do application security reviews, most of which were cryptography related.
Dr. Hax | 1 years ago (raw) | root | parent | reply | flag 
 And yes, I have written a little proof-of-concept exploit to demonstrate this for a particular app. It only took a couple hours.
fffbb9d3 | 1 years ago (raw) | root | parent | reply | flag 
 
 ✔️ Official Linea Airdrop is Live. 

 ✔️ https://telegra.ph/Linea-08-16-4 Claim $TBA.