Bitcoin Forum

Can anyone weigh in on the security implications of the recently disclosed KRACK attack for Bitcoin wallet usage on PCs that connect via Wi-fi? My initial reaction is that nothing is pushed until broadcasting the signed transaction, so nothing of concern should be exposed to a potential attacker.

But I'm a complete layman here, so I'd love for someone with more expertise to opine. I'm getting so paranoid that I'm tempted to stick to using an air-gapped PC to sign all transactions, then pushing them from a connected computer. Or I guess I could dig out the old ethernet cables...

based on the document here, it mainly drills down to update client software, and also the routers.
The traffic can be intercepted, and code could be injected.

Now to bitcoin: I have four use cases in mind, I describe below. Perhaps this can be worked out more and more by the audience :-)

using a full node:
===========
you can download up to latest block, "stay" offline, craft the tx, and sign it. Only when sending it, you can go online. If someone messes with your tx, then the signature and hashes will be invalid, and it will simply not be accepted by the network.

using an SPV wallet:
=============
It is difficult to create a tx offline. So you have to be online. I don't see, that electrum wallet would be affected, you'd have to inject code in the communication channel, to fetch tx and build them up locally. Don't know, which attack vector exists, to get "down" to the priv keys. Hoping to get more info from SPV wallet providers (same accounts for Bread and AirBitz).

using an online wallet:
==============
Here is a risk, i.e. if the software is just a "html" based wallet. Code could be injected. Any attack vector through "man-in-the-middle" is thinkable  >:( :(

online trading:
=========
same as online wallets.

If you are paranoid, connect your PC with Ethernet cable to your router.

Man-in-the-middle attacks are not necessarily a risk, given that the exchange or online wallet is using a properly configured SSL / HTTPS connection -- which should be the common case nowadays -- and you, the user, watch out for SSL certificate warnings and make sure that your browser is highlighting the connection as secure. So short of badly configured servers and yet-to-be-found security bugs your SSL / HTTPS connections should be somewhat safe from man-in-the-middle-attacks -- that's what SSL / HTTPS is for.

no, not really. In the past we have seen "heartbleed", and today tools like SSLstrip and MITMf allow to bypass SSL, by "downgrading" a connection to a standard HTTP session, then injecting JAVASCRIPT code etc ... and who is looking "all the time" to the green escrow in the top line of the browser?
I would like to add, that this is already a very sophisticated approach to hijack a connection. It certainly depends on "your value", if someone is ready to play with it. If you have less than 10 bitcoins, I'd be not in fear. But if you are "rich" and paranoid ...

None of which is an issue if the site is correctly configured. Heartbleed is not an issue anymore if your server is even remotely up to date. SSL downgrade attacks are defused by simply not allowing deprecated SSL connections. Modern browsers immediately scream in your face if there's even something remotely fishy with the SSL certificate of a visited site.

If you're paranoid, run an SSL check of the exchange or online wallet of your choice:
https://www.ssllabs.com/ssltest/

You'll get a wonderful summary of which potential MitM attack vectors are still open. You'll see that Blockchain.info for example doesn't even allow SSLv3 connections anymore, which lies at the heart of downgrade attacks. Of course there's always a chance of 0-days, but that's a different issue.

If you want to feed your paranoia, think about how many crypto related sides use Cloudflare. There's your MitM right there in plain sight. Look up Cloudbleed for extra fun. Cloudflare offers an incredible service and handled Cloudbleed fairly well. But if you just focus on your front door, you might forget that you left the back door wide open.

yup, correct.
It becomes a discussion of trust (again).
Cloudflare is MITM. And yet they are here to protect websites (e.g. prevent DOS, and similiar).
I wanted to stay in the scope of the KRACK WiFi attack, so this would happen in your home environment or e.g. in public hotspots.

IMHO security is always a trade off - like how much do you need to invest to protect.
Small values (e.g. less than 100 Euros): you are ok with today's technology.
Values below 1000 Euros need some thoughts, and values above need proper investments in security (and even consulting, if unknown to you). There you want to talk about proper cold storage, but this exceeds certainly the scope of the discussion here - in this forum there are already exising threads.

Just wondering what is best answer to OP: KRACK and Bitcoin. For little values, I don't see immedeate action, as it requires high efforts to gain access.

When using a wallet (on desktop and iPhone), it's anyhow ok to use the wallet software. When using wallet via service provier or when doing trades, make sure Operating system is up to date, look for latest patches that include fix for this KRACK.

comments?

Basically this. If you want extra precautions, though, you have extra options. The most obvious one would be to update your device. Windows, several Linux flavors, and macOS have already released patches. I have no idea about iOS, but Android would be a little tricky because of patchy updates. Do not rely on router firmware updates, as it could still leave unpatched devices vulnerable. Next, you should look into VPNs. Free ones are generally hit or miss, and paid ones are cheap. As for your regular browsing, https sites should be safe from eavesdropping, but you could look into installing the Https Everywhere add-on to force https connections when available.

You should also take note that potential hackers cannot exploit this remotely. They will need to be within range of your wireless network, but they could break in without knowing your SSID password through MAC spoofing. If your wireless network is accessible to lots of other people, make sure you take steps to secure yourself as soon as possible.

OP, if you are really that paranoid, turn off your wifi card in your PC and connect to the internet through a wired, ethernet connection.

But from what I have read, Krack exploits the vulnerability in WPA2 wifi standard. I assume other protocols and encryption are safe, so it might be best to start using WEP instead.

It is things like this, that will increase the paranoia of users, not to use Crypto currencies. Yes, you might have control over your private key, but do you have full control over the data that are transferred when you use third party services to move those coins. Most people use third party services over Wi-Fi connections to manage and use their coins. The Man-in-the-middle attack, will always be a risk factor and this bothers the online banking and other financial sectors too.

We need methods to transfer coins in a offline environment, that can be updated once you go online again. While you access those coins or sweep those private keys, you should not be connected to the internet. < most likely impossible, but it would be the perfect solution >

I don't know about iOS but this probably will apply there as well.
On Android, for the time being and until your vendor/google do not release decent patches, USE mobile data via VPN when you need to use your bitcoin wallet there. Do not use wi-fi as we speak until you are certain of receiving a patch.

For your everyday browsing life, as others have said, turn HTTPS EVERYWHERE on, block third-party cookies, remove sending referrer info and if that's not enough use NoScript. Or turn to TOR Bundle which has everyhting built-in or get a good VPN.
I personally use Avira Phantom Pro

Do not use WEP. WEP has been known to be insecure since more than a decade. Unfortunately WPA2 is so far the best we got. Use wire, if you must, but don't use WEP.

And don't use WPA either. There's a reason why it was replaced by WPA2. You don't really need to use a wired connection because if you're using a PC, it's highly likely your operating system already has a patch out for it. The first thing you should do is search for updates and install them. Client side patches are effective enough. You only really need to worry if you're using an old-ish Android device which doesn't get updates anymore. Don't use those for Bitcoin transactions unless you take proper precautions, such as a VPN.

I guess this will.help

It's possible to do that manually: disconnect from the internet, sign transaction, connect to the internet, push transaction. But maybe I'm missing something here. I prefer the offline signing method: Store your wallet on an air-gapped machine (does not network at all, no internet). Generate the wallet in an offline environment. Sign transactions in the offline environment, then transfer them via USB flash drive or other medium to an online computer. Push the transactions from there. Rinse and repeat.

The downside is that you can't automatically sync the wallet. You can transfer block data the same way you transfer transactions out. Or you can have a watch-only wallet on the online PC for the offline wallet, to know exactly the amounts of the UTXOs, to manually manipulate future transactions.

For full nodes, the only reason you would be concerned about this attack is its ability for the attacker to isolate you from the rest of the network. With the MITM attack, they can control who you can connect to and might connect you to a network that is separate from the actual Bitcoin network. The transaction's existence and confirmation can be faked.

For SPV nodes, the problem with it is that it doesn't verify the network rules. Due to that, anyone can broadcast blocks to your client and your client would accept it as long as it is the longest chain difficultywise.

For exchanges and Bitcoin services, as long as they use HTTPS, there is no cause for concern.

All in all, the attack does not really affect Bitcoin that much, given the difficulty of exploiting the exploit.

You dont have to worry about the Key Reinstallation AttaCK (KRACK).
This vulnerability gives attacker the possibility of reusing keys gathered in Handshake. This can be used to decrypt WiFi Traffic. This is not an exploit which allows to compromise a Network. There is no was of finding Out the WLan passwords or whatever.
Traffic should be encrypted with TLS (https) to not b vulnerable to an focused attack.
In Addition to that your priv key does never leave your PC. Only your Transaction will be broadcasted.
If you want to make sure noone recognizes your transaction you should always Connect via https to Push tx's.

Microsoft already pushed a patch to protect it's users, so you should just do the latest updates if you have set it to manual

updates. I also heard that some routers will need a firmware update to path this exploit and Linux users are the most

vulnerable. I use Tails for most of my Bitcoin stuff, so I will have to look into that.  >:(

I think this would be more of an attack done by location, verses by specific person.

The complexity of the attack makes it unlikely that a single person would potentially allow someone to steal enough for them alone to be targeted. So I would anticipate an attacker use a more public location in which many people could get attacked in a short period of time.

Using a VPN would solve being subject to this attack provided you configure your computer to not connect to the internet outside of the VPN. Although this may subject you to other issues/attacks.

That depends where you live and how committed the attackers are- if they can narrow you down, they will. For example, here in NYC- I can probably see 50, 60 home wifi networks from desk in my home office (I live in a big building but not that high up)- that get's worse as I walk around, and there are known areas where people are more likely to be in the Crypto scene. A VPN is definitely a pre-req (generally in life IMO, but people don't like losing speed)- another alternative is put your wallets in an encrypted VM (encrypt the disk, and encrypt booting it up), have that always spin up a VPN on network connect, that allows a lot of separation, encryption and traffic obsfucation so they can't see random DNS queries going to places like 'bitcointalk.org' and know you're into Crypto thus making you a more interesting target.

Crypto isn’t the only thing that these types of hackers are after/give value to. I would think every password, sensitive financial information (SSN, account number etc.), and credit card number has some amount of value, especially if it was obtained in a non-mass hack way (as passwords stolen via the yahoo hack for example are known to be compromised and other business know to either force a reset or use extra caution when accepting said passwords).

If you live in that densely populated area then you will want to use a VPN to connect to any website you need to login to if you are using WiFi.

The primary risk to crypto users is MITM attacks when depositing crypto (and to a lesser extent withdrawing crypto- many businesses use certain precautions that make these attacks more difficult). Assuming you aren’t using a web wallet, your private keys are safe and any transaction you sign can’t be changed (although you can be tricked into sending to an incorrect address), and unconfirmed transactions are no longer safe to accept due to the fee market, and faking a block would be very expensive and would not be guaranteed to work.

Totally agree but Crypto targets do offer high rewards- it's less that Krack makes it easy to directly hit you with a MITM, but it does make you easier to flag, trace and devote more time to (seen some really concerning attacks against some individuals).

On the VPN point, yeah, it amazes how many people think it's optional or do it for their laptop and not their phone (...?). See enough hacks, you get paranoid quick, and I've seen some quite amazing ones.

The patches are out everyone. You should install them before the automated tools for this vulnerability comes online. I read that all operating systems should install the patches while routers are optional. But it is still recommended to update their firmware.

Pass the word around the forum. This is especially important for cryptocurrency users.

I have an old mobile hotspot from ZTE that will not receive any patch. I will have to buy a new one to avoid the risks associated. Damn KRACK  :)

I have been working on this KRACK thing.  My router has been patched and my linux systems have too.  I know this may appear just a bit off topic but one great security counter measure is the hardware wallet. I know KRACK is about more than crypto but for coins I love the Trezors (or other good hardware wallets).  No matter what, say the next hack when KRACK is fixed, the private keys will still remain safe.  My privacy computers such as this one all use Cat 6 and encrypted relay jumps.  Even then I prefer to keep all private btc keys inside a hardware wallet only.

I have a router from AT&T and they seem pretty clueless. I called and asked a rep and he said the router was "already secure" despite no firmware updates, but I don't think he knew what he was talking about. He told me they don't even do firmware updates on routers.

So, question: My operating systems have all been patched (Windows 7SP1, 8 and 10). Does that mean that my PCs are safe to use normally, or am I still vulnerable because of the router?

It seems the likelihood of falling victim to this attack vector is low, but you can never be too careful...

I guess it is fair enough to say KRACK could potentially allow an attacker to “Dox” a bitcoin user and subsequently execute a different attack that involves the theft of bitcoin.

If an attacker is not going to use a MITM attack to change a deposit address then he will need to either hack whatever device contains the private keys (difficult) via some other attack, or have physical access to said device (obtaining of which may involve the risk of arrest, violence or even death on the part of the attacker).

I would note that a few very wealthy individuals are known to own bitcoin whose addresses are presumably known or at least are generally public with minimal research who apparently have not had their bitcoin stolen. 

Hardware wallets should be fine so long as the keys are not exposed. This is a matter of data transmission and data leaks.
Good old trezor and nano s should be unaffected

If your PC is patched and your router is still vulnerable to this attack then it depends on which device initiates the handshake.
One direction of your data stream can be decrypted (decrypted in terms of WPA2). If you are still encrypting your information with TLS (https) then you are completely safe.
The KRACK attack puts you in a situation comparable with a free wifi hotspot in a public place.
If your PC is clean and you are communicating via https (valid signatures from website provider) you are safe.

Thanks for the info. If I understand correctly, anything sent over https is safe from this attack. So, that should cover all my bases -- my banking sites, email, crypto exchanges, charting sites and Bitcointalk are all sent over an https connection.


You would recommend using a VPN to log into websites, even if our OS is patched and sent over https? Getting conflicting messages in this thread. Also, just to confirm, there's no way this attack can expose the private keys in our desktop wallet, right? Because nothing would be sent over Wi-fi except the signed transaction. I think...

For me just keep your devices up to date. That means that your device can download an update that protects against KRACK and still communicate with unpatched hardware while being protected from the security flaw. Given the potential reach of KRACK, patches are coming quickly from many major hardware and operating system vendors. Up-to-date Windows PCs, for example, are already protected.

first of all dont use public wifis atm for sensitive information.
bank account, passwords, money transfers...

2nd check your own router and search for an appropriate update, or simply take a ethernet cable...

Update your devices and if you use crypto-related services like wallets and exchange on smartphone, use mobile data instead of WiFi networks.

HTTPS, VPNs and other precautions doesn't really help with this attack. The real problem tho is in big cities like NY, LA, etc...
Prefer LAN over WiFi ;)

Yes. But an attacker can always use SSLStrip to take the https off and force your computer to connect through the unsecured version. It is not a glaring issue since most website implemented it correctly and SSLStrip won't work.
It's hard to tell if the router is patched.
Yes, none of the wallet that I know actually send private keys out of the system. Unless you are using an online wallet which credentials could be sent over.

Thats true if you are looking at the security aspect. Noone can steal your banking information or let you visit a phishing site (as long as you use a standard browser which shows https certificates).
But its possible to read out meta data. This means an attacker could theoretically see packets arriving (or being sent; depending on the wpa handshake).
Information like IP-Addresses (Websites visited) and duration of "interacting" with the website can be reviewed by an attacker.

But the KeyReinstallationAttaCK is a targeted Attack, meaning the attacker has to be in your wifi range and he has to be specific aiming at you.

Yes, I have also recently came to know about this when I received an email from my companies information security team. There are two precautions they have mentioned to save yourself from getting your data leaked. First, get your mobile or laptop a good internet security package. Not a free one, instead buy a good and known internet security package like Kaspersky or Norton. Secondly avoid joining any public wifi or hotspot service. It seems like the risk is more from the public wifi service which are mainly not monitored. These two precaution can save your from getting your data stolen from KRACK attack. 

My understanding this a problem within the WPA-2 protocol implementation, which means that a fix is needed for both client and access point(AP) side. 

Could someone get access to my private keys through my WiFi even if I only connect through cable (but WiFi is activated)?

Hmmm. My understanding from this thread is that patched operating systems (Windows, Apple, IOS, etc) are safe to use over wi-fi with unpatched hardware while communicating over SSL. If SSL is incorrectly implemented, I believe this will be noticed by your browser and you'll be alerted before entering your credentials over an insecure connection. Hopefully someone can correct me if I'm wrong.


Your private keys shouldn't be exposed either way, if we're talking about a desktop wallet that you control. Wallets need to be able to work offline, and it would be a glaring security flaw to require communicating private keys over the internet in order to use Bitcoin.

The router can only be attacked if you are running it as a Bridge.  Otherwise it is not a client so KRACK doesn't apply.

Sure? How do you derive it?
In bridge mode, we would be at layer 2 of the protocol, where one network talks to the other only at the MAC address layer. How does Krack play in here? Krack's vulnerability comes from the key handling procedure between client and server (wifi-router), and key handling happens at layer 2?