MetaMask browser extension wallet demonic vulnerability analysis
On June 16, 2022, MetaMask (MM) officially announced a security issue called demon vulnerability discovered by white hats. The version affected by the vulnerability is < 10.11.3. Due to the large number of MM users, and There are also many wallets developed based on MM, so the impact of this vulnerability is quite large, so MM also generously paid a white hat bounty of 50,000 dollars. After the team synced the vulnerability with me, I started to analyze and reproduce the vulnerability.
The white hat named this vulnerability as demonic vulnerability. The specific vulnerability description is more complicated. In order to let everyone better understand this problem, I will try to explain this problem with simple expressions. When using the MM browser extension wallet to import the mnemonic, if you click the "Show Secret Recovery Phrase" button, the browser will cache the plaintext of the entered complete mnemonic in the local disk, which uses the mechanism of the browser itself, namely The browser will save the Text text in the Tabs page from the memory to the local, so that the state of the page can be saved in time when the browser is used, and the previous page state can be restored when the page is opened next time.
Based on my understanding of this vulnerability, I started to reproduce the vulnerability. Since MM only briefly described the vulnerability and did not disclose the details of the vulnerability, I encountered the following problems when reproducing:
1. The file path where the cache is recorded to disk is unknown
2. When the cache is logged to disk is unknown
In order to solve problem 1, I started to analyze and test the cache directory structure of the browser, and found that when using the browser (chrome), the relevant Tabs cache is recorded in the following directory:
Tabs cache path:
When users use MM normally, they put the data related to mnemonics into memory for storage, which is generally considered to be relatively safe (in the earlier Hacking Time of SlowMist, I found that when users use MM normally, it is The plaintext mnemonic can be extracted through the hook technology, which can only be used when the user's computer is controlled by a malicious program), but due to the demonic vulnerability, the mnemonic will be cached to the local disk, so there will be The following new utilization scenarios:
1. The plaintext mnemonic data is cached on the local disk and can be read by other applications. It is difficult to ensure that other applications do not read the Sessions cache file on the PC.
2. The plaintext mnemonic data is cached on the local disk. If the disk is not encrypted, the mnemonic can be recovered through physical contact. For example, in scenarios such as computer maintenance, when others physically touch the computer, the mnemonic data can be read from the hard disk.