Bitcoin Forum

Bitcoin => Hardware wallets => Topic started by: Z390 on March 24, 2023, 01:06:55 PM



Title: A virus infected laptop, how safe?
Post by: Z390 on March 24, 2023, 01:06:55 PM
I want to know if something bad could happen to a hardware wallet that's been plugged into a laptop with a detected virus using an antivirus software, is there any possible treat using an hardware wallet on such laptop? What and what can someone do next to be able to operate the hardware wallet on the Laptop.


Title: Re: A virus infected laptop, how safe?
Post by: Charles-Tim on March 24, 2023, 01:10:44 PM
Reinstalled the OS like you have a new laptop is the best solution. Know that anti-malware can be outdated and also may not be strong enough to detect a malware.

If you want to be using your device to connect to a hardware wallet, you need to have safety practice to avoid malware, like the use of ad blocker like ublock origin, not clicking on ads and also not visiting just any site, visit the legit ones with the correct URL.


Title: Re: A virus infected laptop, how safe?
Post by: Beparanf on March 24, 2023, 01:19:03 PM
You should not put risk on your hardware wallet especially that you knew there’s an active threat on your laptop. I’m not an expert with laptop security but I will never dare to plugin my hardware wallet that holds my savings on laptop that infected by virus.

Don’t risk and report immediately your laptop.


Title: Re: A virus infected laptop, how safe?
Post by: xSkylarx on March 24, 2023, 01:27:46 PM
First of all, if you noticed any virus in your laptop or someone else's laptop (but don't connect to a laptop or PC that you don't own), do not ever connect your hardware wallet if you don't want to lose your assets because the worst case scenario is that your assets will get hacked and transferred to another wallet. That is why it is best to connect only on your own laptop or PC, and if ever you see that your antivirus detected something, it is best to reinstall the OS rather than treat only with scanning using antivirus.


Title: Re: A virus infected laptop, how safe?
Post by: BitMaxz on March 24, 2023, 01:28:41 PM
If your laptop is infected with viruses do not trust that the hardware wallet can protect you from any virus attack even if they said it's protected and it's far from any attack there is still a possibility that the virus can hack your wallet not today but in the future, if hackers develop a virus that can hack your wallet due to some leaks.
Always remember technology and programs like viruses and malware are developing and they can evolve so make sure to use a device that you know is clean.


Title: Re: A virus infected laptop, how safe?
Post by: Nwada001 on March 24, 2023, 10:32:14 PM
since you have already noticed virus warning signals on your wallet. It's never really advised for you to even plug in your hardware wallet into that PC again. Not until you have completely wiped the system, just as Charles-Tim have recommended.

If you have important files on that laptop, then you have to look for an external hard drive and backup your files, then completely install a new OS. When installing the new OS, make sure you get it from a direct dealer who is licensed to sell them. Their are lots of infected OS out their which when you install it you can also be affect by clipboard virus which are hardly detected by anti virus. 


Title: Re: A virus infected laptop, how safe?
Post by: dkbit98 on March 24, 2023, 10:33:44 PM
I want to know if something bad could happen to a hardware wallet that's been plugged into a laptop with a detected virus using an antivirus software, is there any possible treat using an hardware wallet on such laptop? What and what can someone do next to be able to operate the hardware wallet on the Laptop.
It all depends what type of hardware wallet you are using and what software wallet is connected with your device to make transactions.
Virus can't infect your hardware wallet from computer, but there is a chance keylogger can detect what you are typing on keyboard and use that to collect information they can use against you.
For example, Trezor One hardware wallet must use computer keyboard for certain operations, and that could potentially expose passphrases or pins.
That is one of the reasons I won't suggest anyone to buy Trezor, but any closed source hardware wallet can be even worse black box.

My suggestion is to use dedicated laptop with LinuxOS (best if offline)and use it only for crypto, that way you have minimal chances of infecting anything.
Most viruses are made for wInd0ws OS, that is why I recommend everyone to switch to some Linux distribution like Fedora, Debian or Mint for beginners.


Title: Re: A virus infected laptop, how safe?
Post by: Hispo on March 25, 2023, 12:44:46 AM
In theory, the worst case scenario while using an infected computer with a hardware wallet, it would be the attacker getting information like: the brand of your wallet, a list of your derivation paths, probably your master public keys, passphrases and if the malware is specialized, it could try to swap your address if your copy-paste it, with an attacker's address. But if you can check the address on the display of your HW, it would be a problem easy to counter.

the Bitcoins would be safe, but the attacker may have enough information about your wallet to try to fish you in other ways (if he believes your holdings are worth the effort).

If would move my funds to a new wallet as soon as I realized there was a virus on my PC, though. And also notify the exchanges I have interacted with, so they would provide me with new deposit addresses.


Title: Re: A virus infected laptop, how safe?
Post by: Pmalek on March 25, 2023, 10:44:06 AM
I wanted to say something similar to dkbit98 concerning the Trezor One, but he was quicker this time.

Not all viruses are the same and can't cause the same harm to your device and software. Maybe your AV detected some ad trackers. Those won't cause you any loss of your crypto. On the other hand, maybe it's something much more serious, like a keylogger.

As dkbit98, mentioned, you can't enter your PIN or a passphrase on a Trezor One. You have to use the Trezor Suite for that. A keylogger tracking your keyboard entries and recording your screen could be a real danger because of that. On the other hand, if you use a Trezor T or a Ledger device, than the mentioned entries are done on the hardware wallet itself. The keylogger wouldn't have any data to log. Unless you have saved your PIN/seed/passphrase somewhere digitally, and you are opening that file. But that's something you shouldn't be doing anyways.


Title: Re: A virus infected laptop, how safe?
Post by: Charles-Tim on March 25, 2023, 11:08:36 AM
My suggestion is to use dedicated laptop with LinuxOS (best if offline)and use it only for crypto, that way you have minimal chances of infecting anything.
Most viruses are made for wInd0ws OS, that is why I recommend everyone to switch to some Linux distribution like Fedora, Debian or Mint for beginners.
People that are using Linux are security conscious. There may also be less attack on Linux. Also that Windows is close source while Linux is open source. But if used offline and correctly, malware will not be able to penetrate any device.

Also malware have a mean of infecting any devices, someone can be expert enough to know the source like ads, fake URL and many others to avoid malware installation.

You are correct that Linux is better, because it is open source, but if online security and safety is taken for granted, such person should not be surprised if his device is infected and his wallet compromised. But Linux users are not as many as Windows users, making Linux malware to be less numberous. And also most of the people that are using Linux are securities conscious.

Not all viruses are the same and can't cause the same harm to your device and software. Maybe your AV detected some ad trackers. Those won't cause you any loss of your crypto. On the other hand, maybe it's something much more serious, like a keylogger.
You mean malware? You are right. Antivirus companies today's makes people to think that anything infecting devices are viruses, but they are malware. Viruses infection today are not more than 20% while hackers have seen malware like Trojan, Rootkit, some others and in combination to be more useful. Viruses do not do more than interrupting device functioning, making it to become slow, hot or not working at as it supposed to.


Title: Re: A virus infected laptop, how safe?
Post by: Husires on March 25, 2023, 02:47:24 PM
Do not rely on antiviruses to make your security decisions, and it is better to reinstall the operating system or install a new separate open source OS dedicated only to cryptocurrency transactions.

Some of the notifications that antiviruses give you can be misleading or incorrect, and not giving you a notification may not mean that you are safe.



Title: Re: A virus infected laptop, how safe?
Post by: Woodie on March 25, 2023, 08:55:38 PM
I want to know if something bad could happen to a hardware wallet that's been plugged into a laptop with a detected virus using an antivirus software, is there any possible treat using an hardware wallet on such laptop?
Usually computer viruses have target's to the system, if it's out there looking for text files or setups that will be it's target and if the hardware wallet does have such files then it will be infected but again this is rare as not so many people have invested in these kind of wallets .


What and what can someone do next to be able to operate the hardware wallet on the Laptop.
The problem is on your PC and your best solution is to get the PC cleaned/disinfected and this should be done with a genuine antivirus not the cracked softwares as these could be the source of the problem, and also run your Malwarebytes as it's one of those reliable antiviruses that kick a**...Once all this is done you could choose to reset your wallet too provided you have a backup and you should be safe going forward.

But in the first place why plug in your hardware wallet into an infected PC when you can avoid the risk  ::)


Title: Re: A virus infected laptop, how safe?
Post by: dkbit98 on March 25, 2023, 11:07:04 PM
As dkbit98, mentioned, you can't enter your PIN or a passphrase on a Trezor One. You have to use the Trezor Suite for that. A keylogger tracking your keyboard entries and recording your screen could be a real danger because of that. On the other hand, if you use a Trezor T or a Ledger device, than the mentioned entries are done on the hardware wallet itself. The keylogger wouldn't have any data to log. Unless you have saved your PIN/seed/passphrase somewhere digitally, and you are opening that file. But that's something you shouldn't be doing anyways.
That being said, I never heard a single case of someone getting scammed with Trezor model One like this, but in theory it could happen.
I wouldn't trust anything coming from Ledger since they are closed source black box and they could have several flaws related with this and we never heard about it because they have signed NDA.
There are several forks of Trezor One (OneKey, ProKey, KeepKey, etc), and I am not sure how they are dealing with this issue with infected laptop.

Here is one interesting Unciphered talk Cryptocurrency Hacks! What You Need to Know:
https://www.youtube.com/watch?v=bV6JcPH94AY


Title: Re: A virus infected laptop, how safe?
Post by: Pmalek on March 26, 2023, 07:09:28 AM
There are several forks of Trezor One (OneKey, ProKey, KeepKey, etc), and I am not sure how they are dealing with this issue with infected laptop.
Based on recent history and findings, do you think that OneKey and their team seem like competent and knowledgeable developers because they are working with open-source software? Unencrypted and obtainable communication between OneKey chips shows they weren't up to the task. Luckily, the right people found the vulnerability and helped in patching it.


Title: Re: A virus infected laptop, how safe?
Post by: hZti on March 26, 2023, 08:40:32 AM
Depends on the hardware wallet and how much you have to do on the computer to send coins. The virus could steal you public keys and remove your anonymity. That it can get on your wallet requires a very specific virus that you will probably not have on your device.


Title: Re: A virus infected laptop, how safe?
Post by: salad daging on March 27, 2023, 08:27:56 PM
If that is a doubt then never connect hardware to a Laptop which has been detected with a virus it will be very dangerous and of course no one will know what will happen but for the sake of security do what other people suggest like reinstalling the OS or as suggested @Husires doing two OS operations in 1 laptop and it's probably much safer and the other OS has to be specialized right.

Once again, I have never encountered anything like this, if I feel that there is a virus detection that is known by the antivirus software, then I will reinstall the OS again or not connect the hardware at all, even though the PIN is typed in the hardware but I don't know how the virus was work and entered in the records they kept for stealing.


Title: Re: A virus infected laptop, how safe?
Post by: hZti on March 28, 2023, 06:59:23 PM
What would be interesting is if there are actually are working viruses that can affect popular hardware wallets?
I would also never connect if I don’t have to, since I don’t want to find out if the virus exist on my own, but actually I would be interested to see how the virus works.


Title: Re: A virus infected laptop, how safe?
Post by: dkbit98 on March 28, 2023, 10:53:37 PM
Based on recent history and findings, do you think that OneKey and their team seem like competent and knowledgeable developers because they are working with open-source software? Unencrypted and obtainable communication between OneKey chips shows they weren't up to the task. Luckily, the right people found the vulnerability and helped in patching it.
We know about this bug ONLY because this is open source software.
In case of ledger and other closed source devices this could happen 100 times and we would never hear anything about this because of signed NDA's.
OneKey so far mostly copied work from Trezor, but they recently started to move their own direction, they released new software wallet, and it was expected for bugs to happen.
I recently listened one OneKey Classic review and interview with OneKey team member,  so it's not a bad ide to spend some time to watch this:
https://www.youtube.com/watch?v=dfk4POv9wKk


Title: Re: A virus infected laptop, how safe?
Post by: Pmalek on March 29, 2023, 04:05:57 PM
We know about this bug ONLY because this is open source software.
In case of ledger and other closed source devices this could happen 100 times and we would never hear anything about this because of signed NDA's.
True, but what you don't see, you also don't know. The good and the bad. The biggest advantage of open-source is also its greatest weakness depending on who is looking at the code. If this was a more popular open-source product, like Trezor, maybe someone with nastier motives could have noticed what was going on. At the same time, maybe it would have been discovered earlier. "its" and "when's". It still requires physical access to a faulty device, which shouldn't be overlooked and significantly limits the attack options.