Bitcoin Forum

At this point do you think the incentive is large enough so someone in the supply chain has included in hardware, eg in Apple silicon or similar that looks for and sends crypto-sensitive info back?

eg screenshots, privkeys, passwords to unlock encrypted wallets, keystrokes, copy buffer or something.


Eg even if you turn the wifi off it stores keystrokes and compy buffers are stored and set or similar.


Or it is written to a USB that you plug and that usb broadcasts when it has a chance. Eg, the same supply chain provides borh.


is a solution to use a pi and tails? or similar.

On the hardware level? I don't think so, especially on a corporate level.

On the software level? 100% every second trojan tries to access private keys and everything else with even a tiny value.

If we remember how the Chinese allegedly spied on the whole world for years by installing spy chips on the hardware they produced, then it's not impossible for such things to happen to personal computers - perhaps even without the manufacturer being directly involved. Such things are difficult to detect, especially for an ordinary customer who is not even allowed to open the device because they will lose the warranty.

Gathering information is a very lucrative business today, and when large hardware manufacturers [1] leave such vulnerabilities in their chips, we need to ask ourselves whether it is possible that this is something they did not know about, or that they did it on purpose all the time?

The only thing that makes sense when it comes to cryptocurrencies and larger amounts of coins are real cold wallets (airgapped devices), or hardware wallets - although they are also full of vulnerabilities and should not be considered the ultimate solution for crypto security problems.

[1] How a researcher hacked his own computer and found 'worst' chip flaw (https://www.reuters.com/article/us-cyber-intel-researcher-idUSKBN1ET1ZR)

HP's security advisory related to this story:  https://support.hp.com/us-en/document/c05827409 (https://support.hp.com/us-en/document/c05827409)

....


As an example of this happening in the real world: synaptics touchpad drivers have been known to contain keyloggers for years.

Worse case scenario: system utilities, drivers and libraries may contain keyloggers or backdoors of some type. Windows itself has been known to harvest user data as far back as windows 98. There was an old index.dat file many would periodically open, clear and save to erase collection of end user data. I would have to guess the amount of data today's distros log are far more comprehensive and detailed.

Long story short: windows is known to collect and log user data as far back as 1997. Maybe its time to switch to linux? If only linux had better gaming support. Confirmed backdoors have been found in many things ranging from routers to smartphones. Even supposedly secure crypto hardware wallets have been found to have them.

The motherboard is the basement of your CPU or laptop. So it should be physically strong and compatible with the processor, ram, hard drive, and other hardware, etc. So there is no full stop in the field of technology . If we will not keep ourselves updated with these developments we will be far behind with this world. So new laptops and new mainboard should be replaced regarding new software.

It depends on the device, a phone or laptop is easy to temper with and install some sort of backdoor and spy hardware to send out personal information but it is not as easy to do the same to desktop computers considering you can buy each part (CPU, MB, RAM, SSD,...) and assemble them yourself.

Additionally when it comes to exploits you have to see what options are available and which one is easier to achieve, costs less and is not going to backfire. For example when a hardware backdoor would damage the reputation of the company and has the potential of bankrupting them. But a software exploit is so much easier and you can never blame the manufacturer or anyone else.