What does Bitwarden do to prevent malicious software updates?

In the light of the Passwordstate scandal, in which 29,000 users had their entire vaults decypted and sent off to an attacker due to malicious update, I am wondering what Bitwarden does to prevent failures in the supply chain.

Can I trust Bitwarden software updates to not contain a backdoor decrypting and sending my vault to an attacker or security agency?

2 Likes

This doesn’t touch anything of what I just said. Self-hosting doesn’t prevent a malicious software update from being pushed.

Now, Bitwarden uses Github Actions Bot to deploy the updates. I think this bot build/compile the desktop application automatically upon request from a developer. So such an attack may not be possible.

I think using Github to compile increases the risk of such an attack. My thoughts are that an attack could be made on Github to insert code without the Bitwarden developers having visibility. Hopefully the Bitwarden team at least has some monitoring to confirm that no unapproved changes have been made to the code before they run the compile.

I think the solution would be to decentralise compilation and distribution of new updates. Have a bunch of independent systems that compiles the code instead of just relying on GitHub to do everything.

Only people with write access to the repository can add new code and merge other people’s code into it. Github also provides a line by line change of any files that have been altered as you can see below:

image

The code changes are scanned by snyk for anything potentially malicious.

There’s still a risk of course, but the risk is the repository writers not understanding the code they’re merging which they wouldn’t allow. The next risk is the unlikely, but possible, case of bribery/blackmail forcing the writers to merge malicious code. In which case the other reviewers would see this and undo it

1 Like