MetaMask Demonic Vulnerability Analysis
On June 15, 2022, MetaMask announced the white hat hackers from Halborn have discovered a security vulnerability codename “Demonic”. The vulnerability is known to affect only versions before 10.11.3. Given MetaMask’s popularity and the prevalence of derivatives that utilize it as a wallet’s foundation, MetaMask rewarded the team a prize of 50,000 USD for discovering the issue. After our team communicated the vulnerability to me, I immediately started analyzing and recreating it myself.
Analysis of Demonic Vulnerability
This vulnerability was assigned the nickname “Demonic” vulnerability by the white hats. A detailed explanation of the vulnerability is difficult to understand, so to help everyone better comprehend the situation, I’ll attempt to describe it using simple language. If you press the “Show Secret Recovery Phrase” button while using the MM browser extension wallet to import the mnemonic, the browser will store the plaintext of the inputted mnemonic on the local disk using the mechanism of the browser itself. When the browser is used, the Text in the tabs page will be saved from memory to the local storage device. This allows the current state of the page to be saved while the browser is being used, and it also allows the previous state of the page to be restored when the page is opened the following time.
After gaining some insight into this vulnerability, I set out to recreate it for myself. Due to the fact that MetaMask just provided a basic description of the vulnerability and did not reveal any specifics, I ran into the following issues when attempting to reproduce the vulnerability:
- It’s unclear which file on the hard drive stores the cache.
- It’s unclear when the cache is recorded to the disk.
To address problem no. 1, I dug into the browser’s cache directory structure, where I discovered that the Chrome browser stores its Tabs cache in the following directory:
Tabs cache file path: /Users/$(whoami)/Library/Application Support/Google/Chrome/Default/Sessions/
Moving on to solving problem no. 2: The Sessions directory will keep a record of the Tabs cache. To find the time parameter when the cache is written, I dissected the whole process of importing mnemonics and looked at how the data of sessions changed after each step. It has been discovered that after entering the mnemonic data on the subsequent page, one must wait for ten to twenty seconds, before closing the browser and the plaintext mnemonic information.
For regular usage, users of MetaMask store mnemonic-related data in memory, which is widely thought to be secure (at least in the older Hacking Time of SlowMist). When people use MM regularly, I discovered that the plaintext mnemonic can be recovered using hook technology, but that’s only possible if a malicious software is in control of the user’s machine. Nevertheless, the demonic vulnerability mnemonic will be stored on the local disk, therefore allowing new utilization scenarios:
- The mnemonic data is stored in plaintext on the local disk and may be read by other programs. Securing the Sessions cache file on a PC from being accessed by other programs is a challenging task.
- Data containing mnemonics in plaintext are stored in a local cache. The mnemonic may be retrieved by direct contact if the disk is not encrypted. The mnemonic data may be read from the hard drive in situations when unauthorized parties have physical access to the machine, such as during periods of maintenance.
If you are a regular user of MetaMask that imported the mnemonic using version 10.11.3 or below and you selected Show Secret Recovery Phrase, your mnemonic may have been compromised. To learn how to encrypt the disk, refer to the MetaMask article. Make sure to migrate your digital assets to a replacement wallet.
As a third-party extension wallet application, you will become susceptible to the demonic vulnerability if you import the wallet using the mnemonic phrase in the form of Text on the Tabs page. You can implement a MetaMask version greater than or equal to 10.11.3 to provide each mnemonic phrase, define a separate input box, and the type of password for the input box.
Many extended wallet projects have benefited from the expertise of the SlowMist security team in finding vulnerabilities and implementing solutions. For advice on how to handle the demonic vulnerability, users may reach out to the SlowMist security team.