However, the model Maple follows makes it impossible for them to not have access to their user’s chats without dropping password resets, upgrades without user approval and more:
quotingOkay, I managed to find the source code, which was in an awfully named repository on Github called “OpenSecretCloud/opensecret”
nevent1q…t6tm
The bad news:
- conversation contents are encrypted. Good.
- the encryption key for conversations is derived from an encrypted user key
- this is protected by the enclave secret, which is a fixed secret.
- this key is encrypted by a key in by AWS KMS 🤦
Anyone with the encrypted secret and a single second of access to AWS KMS can get the raw secret. This includes employees with IAM management access to push new builds
From there, you can decrypt any user’s conversations that were encrypted with this key, back to the last key rotation and until the next key rotation happens.
(Which seems that there is no implementation of)
A supply chain attack on a dependency of the backend or a malicious build pushed out by a privileged employee can also extract this secret.
The enclave also calls out to a lot of remote services, which could indicate that there is little-to-no firewalling to prevent exfiltration. Even then, many used APIs like the GitHub API can be used to exfiltrate data.
nevent1q…54xy