Bitcoin Forum

I think all we bitcoiners must become more aware of the dangers of USB, after reading this article:
http://www.wired.com/2014/07/usb-security/?mbid=social_fb (http://www.wired.com/2014/07/usb-security/?mbid=social_fb)

Interesting article. Also a bit worrying.  :-\

Thanks for linking that article.  Very interesting to see what they release at BlackHat and how the USB community reacts.

This is why you use a HDD or SSD as cold storage. I always figured that something used so widely would cause a lot of problems if an vulnerability was found in it.

But what kind of usb has that? Just to be aware.

The problem here is that you shouldnt be plugin random usb drives that you find haha.
Isnt there a "USB" condom out there that we could use to prevent this type of crap from happening?

That would actually be a really good invention...like some sort of adapter that you plug the usb drive into before plugging it into your computer (to run it in sandbox or whatever)

duplicate thread.

someone else beat you to it by 3 hours
https://bitcointalk.org/index.php?topic=718817.0

but its old news as of 2006-2008..
http://seattletimes.com/html/microsoft/2004379751_msftlaw29.html

so dont panic shouting about new threat and the world ending as of today.. as this is just making people aware of an old threat. so calm down and just be more careful with your computer, the world is not ending, tomorrow is just another day, same as yesterday

Dangit, now we gotta worry about USB Ebola viruses!   :'(

I use 3 different USB devices to backup my wallet.dat too.  Next thing you know our PC's are going to be acting like "Infected" like "The Last of Us" or walkers from "The Walking Dead"... :-\  Start DDoS'ing and phishing like a muthafucka...

Watching this thread for sure.

Everything described in this article is possible to do with a HDD or SDD.

And this problem isn't just limited to storage devices, it encompasses ALL of your computer hardware. Similar attacks have been done by modifying a motherboards BIOS, firmware on network cards, and this has been known for a LONG time.

http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/

Think about it: even your mouse could have a tiny wireless receiver in it that would allow an attacker to move it remotely, or be pre-programmed with a macro that executes when you're not using it.

Or how about your Trezor (hardware Bitcoin wallet)?

Even the NSA leaks showed us that the NSA intercepts computer hardware in the mail going to "targets" and make modifications to it:

http://theblot.com/wp-content/uploads/2014/05/nsa-cisco-agents.jpg
http://www.theverge.com/2013/12/29/5253226/nsa-cia-fbi-laptop-usb-plant-spy


How do you prevent it? If you feel that an adversary would try these kind of attacks on you, source all your hardware from reputable sources that you trust and if you know how, check it hasn't been modified in any obvious way - just like you should do with software you install on your machine.

Interesting reading, thanks for sharing.

Personally I've got nothing to worry about until USB can plug into my brain.

What about when you go to spend your brainwallet? You remember and verify all of the blockchain data in your head? and you do all the ECC math to sign transactions in your head?

The BTC in my brain is for long term storage. By the time I need to spend it, there will be wearable tech that detects my unique heartbeat (we all have unique heartbeats) to secure my transactions. Ask me again in 5-10 years and I'll let you know if it's a problem.

This has already been posted here today https://bitcointalk.org/index.php?topic=718817.msg812051

Seems nothing is safe from anyone when it comes to computers.

Let the paranoia begin!!!!!!

I'm not afraid of this because I don't use USB ports .... they are disabled from BIOS :)


Yeah I know I'm a Bad Mother Fucker!

Oh no! your wearable tech contains a backdoor that transmits your heartbeat data to an attacker each time your heart beats. Bye bye BTC...  ;D


Until your BIOS has a backdoor that enables them or just steals the BTC itself. BTC gone. Unlike the above one these are actually not uncommon.
http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/

PS. I know I'm being silly but everything I said is not that difficult to do in the grand scale of things. In reality an attacker who wants to get your BTC/data that bad will just drug you and hit you with a wrench until you give it up.

This is very worrying to say the least but with something that is used worldwide quite frequently something like this was bound to happen in the end. It's a lot safer to use hard drives I feel to be honest than it is to use USB pendisks, making a constant check on anything you use as well is something that can help prevent any problems occurring.

Technology is almost advancing too quickly for our own good.  If you really think about it, the amount of technological advances in the last 20 years alone, is probably more than the past 100 years combined...

Thats a little distubing to know since I used to have (actually still do have) alot of USB sticks that I got from people or found.   I thought "oh since i format I'll be fine" and then reading that. my trashcan got a little fuller.

If you didn't throw away your trashcan yet: take those USB sticks out, clean them and donate them to a local charity. They are still useful for non-paranoid people.

The nuke was really the epitome of this truth. What will the next super-weapon be? What will the world look like in the post-atomic era, if we don't find a way to stop governing our world with violence and start governing it with reason?

Hmm, that's actually a fair point, and scary thought. Fine then, 1 brain wallet -> 50 paper wallets.

in 5-10  years some people will be getting old.
Alzheimer's will make you forget your brain wallet and the heart arrhythmia will give you an irregular heartbeat. biology may not be theanswer to solving technology, especially for security.

most issues in life can be put down to biological reasons why they went wrong.

EG most computer errors are due to 'human input'
most wars are not due to guns but tyrants decisions and emotions

It has nothing to do with flash disks per se.

The USB protocol itself isnt secure.

What about those people who run their OS from USB stick?

All I have to say is this:

Rocket powered goat combat!

Thanks for sharing it was an interesting article
Personally I use my own usb sticks and buy my own so not really scared of a share risk
That said got to be careful especially since if it was in the Firmware I don't know who could have messed with that data

That said from the comments seems it's half true still best be cautious with the USB device you use, and when in doubt code it yourself lol.... perhaps

One possible way to minimize the danger is to connect the pendisk to external USB NAS adapter and then access it via network interface.

Interesting read but everything you've stated is all baseless (NSA not BadBIOS).

You can use a Barcode-Scanner for your cold-wallet to hot-wallet transactions, then you avoid the danger of usb-sticks.
Or you use a camera and a QR-Code. Then you avoid the USB-Stick danger.

interesting
does it exist any secure usb?

Woah, wasn't aware of this. Pretty scary that even reformatting the driive doesnt work. Cant trust any company nowadays.

In actual fact it's more likely that BadBIOS is fake (that strain of malware in particular of course others exist).

The NSA hardware interdiction has been confirmed by the NSA leaks, the NSA and Cisco.

http://techcrunch.com/2014/05/18/the-nsa-cisco-and-the-issue-of-interdiction/

http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969-3.html


http://www.forbes.com/sites/erikkain/2013/12/29/report-nsa-intercepting-laptops-ordered-online-installing-spyware/

I don't have time to find the particular NSA slide, maybe someone will help you or I may find it later. That picture I posted is in it however. This was an actual picture of the NSA interdicting a Cisco router.