Robert Paulson (OP)
|
|
May 12, 2014, 12:18:37 PM |
|
before bitcoin having a 0day in windows/Linux meant you could steal information, which wasn't all the profitable as you probably had to find someone willing to buy it. today having a 0day in windows/Linux means you can anonymously rob a bitcoin exchange/whale and instantly become a millionaire. sure you could say hackers could always steal banking credentials and steal money that way. but banks usually call their customers when they attempt to make large wire transfers, no such luck with bitcoin.
|
|
|
|
Aswan
Legendary
Offline
Activity: 1734
Merit: 1015
|
|
May 12, 2014, 12:20:49 PM |
|
before bitcoin having a 0day in windows/Linux meant you could steal information, which wasn't all the profitable as you probably had to find someone willing to buy it. today having a 0day in windows/Linux means you can anonymously rob a bitcoin exchange/whale and instantly become a millionaire. sure you could say hackers could always steal banking credentials and steal money that way. but banks usually call their customers when they attempt to make large wire transfers, no such luck with bitcoin.
Exchanges / Whales have the private keys to most of their bitcoins on devices that have never been connected to the internet. It's more like they can rob a few people that are too ignorant to secure their coins.
|
|
|
|
Robert Paulson (OP)
|
|
May 12, 2014, 12:22:31 PM |
|
before bitcoin having a 0day in windows/Linux meant you could steal information, which wasn't all the profitable as you probably had to find someone willing to buy it. today having a 0day in windows/Linux means you can anonymously rob a bitcoin exchange/whale and instantly become a millionaire. sure you could say hackers could always steal banking credentials and steal money that way. but banks usually call their customers when they attempt to make large wire transfers, no such luck with bitcoin.
Exchanges / Whales have the private keys to most of their bitcoins on devices that have never been connected to the internet. It's more like they can rob a few people that are to ignorant to secure their coins. even if the device isn't connected to the internet transactions have to go in and out of it to be signed. if there is a vulnerability in the code that does the signing a hacker could steal the private keys from the signing device.
|
|
|
|
Aswan
Legendary
Offline
Activity: 1734
Merit: 1015
|
|
May 12, 2014, 12:30:36 PM |
|
before bitcoin having a 0day in windows/Linux meant you could steal information, which wasn't all the profitable as you probably had to find someone willing to buy it. today having a 0day in windows/Linux means you can anonymously rob a bitcoin exchange/whale and instantly become a millionaire. sure you could say hackers could always steal banking credentials and steal money that way. but banks usually call their customers when they attempt to make large wire transfers, no such luck with bitcoin.
Exchanges / Whales have the private keys to most of their bitcoins on devices that have never been connected to the internet. It's more like they can rob a few people that are to ignorant to secure their coins. even if the device isn't connected to the internet transactions have to go in and out of it to be signed. if there is a vulnerability in the code that does the signing a hacker could steal the private keys from the signing device. But that doesn't have anything to do with 0day Windows/Linux vulnerabilities, which is what you asked for. It's rather a problem of the wallet software used on the device, but thats a general problem which is unrelated to Windows/Linux vulnerabilities. Also, transactions do not necessarily have to go in to be signed. It is possible to feed the device the necessary information about previous outputs without connecting it to the internet. This allows the device to create and sign transactions in one go. They can then be put on an unused USB stick and taken to an Internet connected computer to be broadcast.
|
|
|
|
Robert Paulson (OP)
|
|
May 12, 2014, 12:35:11 PM |
|
before bitcoin having a 0day in windows/Linux meant you could steal information, which wasn't all the profitable as you probably had to find someone willing to buy it. today having a 0day in windows/Linux means you can anonymously rob a bitcoin exchange/whale and instantly become a millionaire. sure you could say hackers could always steal banking credentials and steal money that way. but banks usually call their customers when they attempt to make large wire transfers, no such luck with bitcoin.
Exchanges / Whales have the private keys to most of their bitcoins on devices that have never been connected to the internet. It's more like they can rob a few people that are to ignorant to secure their coins. even if the device isn't connected to the internet transactions have to go in and out of it to be signed. if there is a vulnerability in the code that does the signing a hacker could steal the private keys from the signing device. But that doesn't have anything to do with 0day Windows/Linux vulnerabilities, which is what you asked for. It's rather a problem of the wallet software used on the device, but thats a general problem which is unrelated to Windows/Linux vulnerabilities. Also, transactions do not necessarily have to go in to be signed. It is possible to feed the device the necessary information about previous outputs without connecting it to the internet. This allows the device to create and sign transactions in one go. They can then be put on an unused USB stick and taken to an Internet connected computer to be broadcast. if you feed the device any information its possible, some would even say probable, that the code that parses this information has a vulnerability somewhere which would allow an attacker to take control of the signing device and leak the private keys into the USB stick. obviously exploiting custom embedded systems takes more effort than commonly used windows or linux machines, but it can be done and considering the reward seems even probable.
|
|
|
|
franky1
Legendary
Offline
Activity: 4410
Merit: 4766
|
|
May 12, 2014, 12:48:55 PM |
|
if you have a hardware wallet that makes its own private key away from windows/linux and the internet. a person funds it through the public key,
and all the hardware wallet has is a camera(read QR code for destination) and a numeric keypad (type in amount).
then a hardware wallet will only ever ask for initial balance update (typed in), how much to spend (typed in), destination(scan QR code). and display a signed transaction as a easy to display QR code.(on screen)
it would not need to go to the internet to check balance. it would send the 'change' back to address it owns.
the only information in would be destination and amounts. and the only information coming out is a signed TX
.. oh and the sourcecode never gets updated, so no worries of trojaned firmware updates.
.. now thats how i perceive a true hardware wallet.
|
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER. Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
Aswan
Legendary
Offline
Activity: 1734
Merit: 1015
|
|
May 12, 2014, 01:23:17 PM |
|
before bitcoin having a 0day in windows/Linux meant you could steal information, which wasn't all the profitable as you probably had to find someone willing to buy it. today having a 0day in windows/Linux means you can anonymously rob a bitcoin exchange/whale and instantly become a millionaire. sure you could say hackers could always steal banking credentials and steal money that way. but banks usually call their customers when they attempt to make large wire transfers, no such luck with bitcoin.
Exchanges / Whales have the private keys to most of their bitcoins on devices that have never been connected to the internet. It's more like they can rob a few people that are to ignorant to secure their coins. even if the device isn't connected to the internet transactions have to go in and out of it to be signed. if there is a vulnerability in the code that does the signing a hacker could steal the private keys from the signing device. But that doesn't have anything to do with 0day Windows/Linux vulnerabilities, which is what you asked for. It's rather a problem of the wallet software used on the device, but thats a general problem which is unrelated to Windows/Linux vulnerabilities. Also, transactions do not necessarily have to go in to be signed. It is possible to feed the device the necessary information about previous outputs without connecting it to the internet. This allows the device to create and sign transactions in one go. They can then be put on an unused USB stick and taken to an Internet connected computer to be broadcast. if you feed the device any information its possible, some would even say probable, that the code that parses this information has a vulnerability somewhere which would allow an attacker to take control of the signing device and leak the private keys into the USB stick. obviously exploiting custom embedded systems takes more effort than commonly used windows or linux machines, but it can be done and considering the reward seems even probable. The probability that any code has a vulnerability is always there. Again thats nothing specific to a Windows/Linux vulnerability or any vulnerability of any code that runs on specific device. Of course you are right that such a vulnerability could result in a loss of coins but thats a vulnerability of software specifically made for a device specifically made for keeps your coins secure. It's not a general 0 day Windows/Linux vulnerability. In your example one simply shouldn't connect the USB stick to a device connected to the Internet before deleting the additional information that has been leaked on the USB stick. It's not like you can hide it so there shouldn't be a problem just deleting it. This can add an additional level of security. Also it isn't necessary to use the USB stick at all. You can just type in the whole Tx Hex while reading it from the device (might take a few tries but it would definitely work). You can always be sure nothing has been leaked by just examining the data you are about to carry over from the device to an online computer before you feed them to the online computer - not the hardest of things to do. if you have a hardware wallet that makes its own private key away from windows/linux and the internet. a person funds it through the public key,
and all the hardware wallet has is a camera(read QR code for destination) and a numeric keypad (type in amount).
then a hardware wallet will only ever ask for initial balance update (typed in), how much to spend (typed in), destination(scan QR code). and display a signed transaction as a easy to display QR code.(on screen)
it would not need to go to the internet to check balance. it would send the 'change' back to address it owns.
the only information in would be destination and amounts. and the only information coming out is a signed TX
.. oh and the sourcecode never gets updated, so no worries of trojaned firmware updates.
.. now thats how i perceive a true hardware wallet.
What do you mean by "initial balance update"? If you mean you tell the device how much money are on the address (addresses?), then that won't work. In order to create a transaction you do not need to know the balance of an address. The only thing you need to know is the output of the transaction that has send the money to the address because this is what has to be referenced in a transaction in order for it to be valid. So what you'd need to make the device know is what unspent outputs are on the addresses it uses. Theres an easy way to do this... by just using SPV data which is very small and therefore can be easily fed to the device.
|
|
|
|
franky1
Legendary
Offline
Activity: 4410
Merit: 4766
|
|
May 12, 2014, 01:32:35 PM |
|
if you have a hardware wallet that makes its own private key away from windows/linux and the internet. a person funds it through the public key,
and all the hardware wallet has is a camera(read QR code for destination) and a numeric keypad (type in amount).
then a hardware wallet will only ever ask for initial balance update (typed in), how much to spend (typed in), destination(scan QR code). and display a signed transaction as a easy to display QR code.(on screen)
it would not need to go to the internet to check balance. it would send the 'change' back to address it owns.
the only information in would be destination and amounts. and the only information coming out is a signed TX
.. oh and the sourcecode never gets updated, so no worries of trojaned firmware updates.
.. now thats how i perceive a true hardware wallet.
What do you mean by "initial balance update"? If you mean you tell the device how much money are on the address (addresses?), then that won't work. In order to create a transaction you do not need to know the balance of an address. The only thing you need to know is the output of the transaction that has send the money to the address because this is what has to be referenced in a transaction in order for it to be valid. So what you'd need to make the device know is what unspent outputs are on the addresses it uses. Theres an easy way to do this... by just using SPV data which is very small and therefore can be easily fed to the device. imagine today you deposited 3btc. even without the hardware wallet needing to know how much is already there.. its a user friendly 'benifit' just for estimating balance before and after each tx, purely so the user can on different days get a rough idea of how much is left or the wallet prompt that funds are getting low, to ensure the transaction occurs based on a basic balance total calculator. there is no point someone wasting a few seconds either checking the blockchain with their eyes before then using the hardware wallet. there is no point making a signed tx without atleast the person knowing for sure that there are funds remaining. thus typing in an initial figure now and again atleast allows a guestimate balance to be displayed (more of a benefit then a required function)
|
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER. Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
Robert Paulson (OP)
|
|
May 12, 2014, 01:46:58 PM |
|
Also it isn't necessary to use the USB stick at all. You can just type in the whole Tx Hex while reading it from the device (might take a few tries but it would definitely work). You can always be sure nothing has been leaked by just examining the data you are about to carry over from the device to an online computer before you feed them to the online computer - not the hardest of things to do.
what if the private key has been leaked in the signature itself, you won't know its been leaked unless you compute the signature yourself first using pen and paper and then compare it to the output of the signed transaction. i bet no one at bitstamp or any other big exchange works like this anyway, the only hardware wallet (that at least i know of) that exists today is trezor and it actually connects to a pc using usb so there are alot of attack vectors there just by exploiting the usb code. and unless the big exchanges pre-ordered a trezor they probably don't even use a hardware wallet so in practice their cold storage is most likely a Linux/windows pc that signs the cold storage transactions. and so basically its very possible that tens of millions are at the mercy of the security of common Linux/windows computers.
|
|
|
|
Aswan
Legendary
Offline
Activity: 1734
Merit: 1015
|
|
May 12, 2014, 01:47:41 PM |
|
if you have a hardware wallet that makes its own private key away from windows/linux and the internet. a person funds it through the public key,
and all the hardware wallet has is a camera(read QR code for destination) and a numeric keypad (type in amount).
then a hardware wallet will only ever ask for initial balance update (typed in), how much to spend (typed in), destination(scan QR code). and display a signed transaction as a easy to display QR code.(on screen)
it would not need to go to the internet to check balance. it would send the 'change' back to address it owns.
the only information in would be destination and amounts. and the only information coming out is a signed TX
.. oh and the sourcecode never gets updated, so no worries of trojaned firmware updates.
.. now thats how i perceive a true hardware wallet.
What do you mean by "initial balance update"? If you mean you tell the device how much money are on the address (addresses?), then that won't work. In order to create a transaction you do not need to know the balance of an address. The only thing you need to know is the output of the transaction that has send the money to the address because this is what has to be referenced in a transaction in order for it to be valid. So what you'd need to make the device know is what unspent outputs are on the addresses it uses. Theres an easy way to do this... by just using SPV data which is very small and therefore can be easily fed to the device. imagine today you deposited 3btc. even without the hardware wallet needing to know how much is already there.. its a user friendly 'benifit' just for estimating balance before and after each tx, purely so the user can on different days get a rough idea of how much is left or the wallet prompt that funds are getting low, to ensure the transaction occurs based on a basic balance total calculator. there is no point someone wasting a few seconds either checking the blockchain with their eyes before then using the hardware wallet. there is no point making a signed tx without atleast the person knowing for sure that there are funds remaining. thus typing in an initial figure now and again atleast allows a guestimate balance to be displayed (more of a benefit then a required function) I can see how it's good for an estimate of how much money is on the device. However, I think it would be preferred to have the exact balance plus the ability to produce transactions by simply feeding it SPV data now and then. Unfortunately, no hardware wallet I am aware of offers this option as of today (and certainly not the portable ones which often require you to carry a tracking device [Smartphone?] in order to produce transactions)
|
|
|
|
Aswan
Legendary
Offline
Activity: 1734
Merit: 1015
|
|
May 12, 2014, 01:56:55 PM |
|
Also it isn't necessary to use the USB stick at all. You can just type in the whole Tx Hex while reading it from the device (might take a few tries but it would definitely work). You can always be sure nothing has been leaked by just examining the data you are about to carry over from the device to an online computer before you feed them to the online computer - not the hardest of things to do.
what if the private key has been leaked in the signature itself, you won't know its been leaked unless you compute the signature yourself first using pen and paper and then compare it to the output of the signed transaction. i bet no one at bitstamp or any other big exchange works like this anyway, the only hardware wallet (that at least i know of) that exists today is trezor and it actually connects to a pc using usb so there are alot of attack vectors there just by exploiting the usb code. and unless the big exchanges pre-ordered a trezor they probably don't even use a hardware wallet so in practice their cold storage is most likely a Linux/windows pc that signs the cold storage transactions. It could be encoded in the signed Tx which is why you'd have to examine everything (you could use an additional device checking it, but then again this one could be compromised as well). All in all there will never be a 100% secure method of storing bitcoins but thats the case with everything digital - nothing is 100% secure. There are however things that can be done to increase security. I agree that the big exchanges probably don't do all that and I agree that trezor offers way too many attack vectors. I wouldn't ever use such a thing and I think it doesn't have a future either. Bitcoin security is really tricky and I love brainstorming about it but theres always a way around all that security that I can either come up with, or someone else can, or future technologies can. But then again you only need enough security to make circumventing it unprofitable.
|
|
|
|
Robert Paulson (OP)
|
|
May 12, 2014, 02:24:30 PM |
|
But then again you only need enough security to make circumventing it unprofitable.
I agree, so that limits how much money one should keep in bitcoin. at Pwn2Own 2014 VUPEN used 11 distinct 0day vulnerabilities to compromise fully updated Internet Explorer 11, Adobe Reader XI, Google Chrome, Adobe Flash, and Mozilla Firefox on a 64-bit version of Windows 8.1 for a reward of 400,000$. https://en.wikipedia.org/wiki/Pwn2Own#Contest_2014I'd say developing vulnerabilities to compromise all of that should be at least as expensive as developing 2-3 0days to compromise bitstamp for example. so as a rule of thumb I'd say anyone who has more than 400,000$ in bitcoin and uses the usual hot-cold pc cold sotrage method is a profitable target.
|
|
|
|
|
|