|
dissipate (OP)
|
 |
August 30, 2012, 07:52:25 AM |
|
Has anyone considered a rather cheap but effective attack on someone using Bitcoin? It seems to me that all someone would need to do to potentially steal a bunch of coins from someone is to simply set up some kind of network sniffer that detects any Bitcoin addresses being sent, and rewrites them with an address from the attacker's wallet. For instance, if I am using Bitcoin at work, a malicious sysadmin could set up a proxy server that automatically rewrites all unencrypted Bitcoin addresses I am receiving with addresses from his own Bitcoin wallet. This wouldn't work for web sites that were loading with HTTPS, but it would work for any other unencrypted traffic it seems. This could be really bad if someone messaged me a Bitcoin address to send a bunch of BTC to and it got rewritten. I bet the opposite could be done as well, where the attacker rewrites all Bitcoin addresses going out. I try to submit a withdrawal address to someone or some site, and it gets rewritten with the attacker's address, so they receive any BTC that gets cashed out. Any way to stop this attack?
|
|
|
|
|
|
|
|
|
|
|
|
"The nature of Bitcoin is such that once version 0.1 was released, the
core design was set in stone for the rest of its lifetime." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
benjamindees
Legendary
 Offline
Activity: 1330
Merit: 1000
|
|
August 30, 2012, 07:59:04 AM |
|
Yes, you are correct that this is a weak point in performing a Bitcoin transaction. One way to mitigate it is with a vanity address.
1SLAND4JQt2mhypA6cR7TSh2UunW4NU4y
|
Civil Liberty Through Complex Mathematics
|
|
|
flyable
Newbie
Offline
Activity: 32
Merit: 0
|
|
August 30, 2012, 08:06:12 AM |
|
I think every message is signed with the private key. You can not modify it.
|
|
|
|
|
|
dissipate (OP)
|
|
August 30, 2012, 08:09:02 AM |
|
I think every message is signed with the private key. You can not modify it.
A Bitcoin transaction is signed with the private key, but public addresses can certainly be rewritten on the fly. |
|
|
|
|
Foxpup
Legendary
 Online
Activity: 4340
Merit: 3042
Vile Vixen and Miss Bitcointalk 2021-2023
|
|
August 30, 2012, 08:13:51 AM |
|
This problem isn't limited to Bitcoin, and applies to any kind of financial transaction conducted over an insecure channel, which is exactly why you're supposed to always use HTTPS for financial transactions. I thought everyone knew that already? I think every message is signed with the private key. You can not modify it.
True, you cannot modify a transaction after it has been sent, but the question is about changing a bitcoin address as it appears on, eg, a store's webpage, in order to trick users into sending coins to the wrong address. |
Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4I am not on the scammers' paradise known as Telegram! Do not believe anyone claiming to be me off-forum without a signed message from the above address! Accept no excuses and make no exceptions! |
|
|
flyable
Newbie
Offline
Activity: 32
Merit: 0
|
|
August 30, 2012, 08:18:30 AM |
|
This problem isn't limited to Bitcoin, and applies to any kind of financial transaction conducted over an insecure channel, which is exactly why you're supposed to always use HTTPS for financial transactions. I thought everyone knew that already? I think every message is signed with the private key. You can not modify it.
True, you cannot modify a transaction after it has been sent, but the question is about changing a bitcoin address as it appears on, eg, a store's webpage, in order to trick users into sending coins to the wrong address. The same logic for the paypal email, the bank account... |
|
|
|
|
|
dissipate (OP)
|
|
August 30, 2012, 08:19:22 AM |
|
This problem isn't limited to Bitcoin, and applies to any kind of financial transaction conducted over an insecure channel, which is exactly why you're supposed to always use HTTPS for financial transactions. I thought everyone knew that already? I think every message is signed with the private key. You can not modify it.
True, you cannot modify a transaction after it has been sent, but the question is about changing a bitcoin address as it appears on, eg, a store's webpage, in order to trick users into sending coins to the wrong address. In theory, every Bitcoin address received should be encrypted. However, in practice, this probably isn't going to happen. Just as an example, a lot of the sites here: https://en.bitcoin.it/wiki/Donation-accepting_organizations_and_projects have their donation Bitcoin address on an unencrypted web page. If I tried to send a large donation to one of those sites, the Bitcoin address could fairly easily be rewritten upon page load. |
|
|
|
|
|
luv2drnkbr
|
|
August 30, 2012, 08:25:31 AM |
|
No, transactions are signed with the private key of the sending address. This can be verified using the public key, ie the sender's address. Any alteration to the plain text would make the signature verification fail. This is standard public key cryptography.
Public key cryptography means that one address can send a message aka a transaction out to the network and everybody can verify that the message has not been altered. So a man in the middle attack could only stop the transaction from being sent out in the network by blocking it (or altering it so it would be rejected and never get in a block). Just changing the sent to address is not possible.
|
|
|
|
Foxpup
Legendary
Online
Activity: 4340
Merit: 3042
Vile Vixen and Miss Bitcointalk 2021-2023
|
|
August 30, 2012, 08:35:09 AM |
|
The same logic for the paypal email, the bank account...
...implies that PayPal sucks (as if we didn't already know that) and that if your bank sends you sensitive information in emails or allows online banking without HTTPS, then there is something dreadfully wrong with their security and you should withdraw all your money immediately and take it somewhere else... before someone else does.  In theory, every Bitcoin address received should be encrypted. However, in practice, this probably isn't going to happen. Just as an example, a lot of the sites here: https://en.bitcoin.it/wiki/Donation-accepting_organizations_and_projects have their donation Bitcoin address on an unencrypted web page. If I tried to send a large donation to one of those sites, the Bitcoin address could fairly easily be rewritten upon page load. You mean signed, not encrypted, but otherwise you are correct. Of course, it's not necessary to use HTTPS for this - GPG and Web of Trust works too, assuming people are diligent about verifying signatures. Though obviously you shouldn't sign your Bitcoin address with itself and think you've done something useful... No, transactions are signed with the private key of the sending address. This can be verified using the public key, ie the sender's address. Any alteration to the plain text would make the signature verification fail. This is standard public key cryptography.
Public key cryptography means that one address can send a message aka a transaction out to the network and everybody can verify that the message has not been altered. So a man in the middle attack could only stop the transaction from being sent out in the network by blocking it (or altering it so it would be rejected and never get in a block). Just changing the sent to address is not possible.
Please re-read the original post. This question has nothing to do with modifying Bitcoin transactions, it is about modifying Bitcoin addresses as they appear on a webpage, before a transaction is made in order to trick users into sending coins to the attacker's address. |
Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4I am not on the scammers' paradise known as Telegram! Do not believe anyone claiming to be me off-forum without a signed message from the above address! Accept no excuses and make no exceptions! |
|
|
|
Herodes
|
|
August 30, 2012, 08:37:43 AM |
|
Has anyone considered a rather cheap but effective attack on someone using Bitcoin? It seems to me that all someone would need to do to potentially steal a bunch of coins from someone is to simply set up some kind of network sniffer that detects any Bitcoin addresses being sent, and rewrites them with an address from the attacker's wallet. For instance, if I am using Bitcoin at work, a malicious sysadmin could set up a proxy server that automatically rewrites all unencrypted Bitcoin addresses I am receiving with addresses from his own Bitcoin wallet. This wouldn't work for web sites that were loading with HTTPS, but it would work for any other unencrypted traffic it seems. This could be really bad if someone messaged me a Bitcoin address to send a bunch of BTC to and it got rewritten. I bet the opposite could be done as well, where the attacker rewrites all Bitcoin addresses going out. I try to submit a withdrawal address to someone or some site, and it gets rewritten with the attacker's address, so they receive any BTC that gets cashed out. Any way to stop this attack?
That's why you use PGP, HTTPS or other encryption methods. |
|
|
|
|
flyable
Newbie
Offline
Activity: 32
Merit: 0
|
|
August 30, 2012, 08:53:53 AM |
|
...implies that PayPal sucks (as if we didn't already know that) and that if your bank sends you sensitive information in emails or allows online banking without HTTPS, then there is something dreadfully wrong with their security and you should withdraw all your money immediately and take it somewhere else... before someone else does. The thief can modify the "paypal donate button" on the website which is not using SSL to protect it... Yes, it is a problem for bitcoin(a P2P coin). There is no "complaint process" like paypal. Only the bitcoin address on the HTTPS site is trustable. I think most of people(include me) do not aware about this. Thanks for your post! |
|
|
|
|
|
repentance
|
|
August 30, 2012, 09:33:52 AM |
|
Didn't this actually happen on some website last year when people were C&Ping their Bitcoin address? I'm sure there was a thread about it and people were being advised to double check the address in the field before hitting submit because it was being changed.
|
All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
|
|
|
Mike Hearn
Legendary
Offline
Activity: 1526
Merit: 1128
|
|
August 30, 2012, 10:48:03 AM |
|
Yes, this is an obvious problem that the team has known about for a long time. Related: a virus on your computer that rewrites addresses.
The solution is to move the community away from putting raw addresses into text and documents in favor of bitcoin: URLs, which contain the address but also a verification endpoint like "amazon.com" or "my-social-network.com/user1234". Then there is a simple protocol to prove ownership of a given address by signing a nonce with the associated private key. What you then see in your software/second-factor/phone/etc is not the address (which is meaningless anyway) but the domain name/path, or verified identity string of the receipient (eg EV SSL can do this).
|
|
|
|
|
|
n8rwJeTt8TrrLKPa55eU
|
|
August 30, 2012, 12:34:58 PM |
|
Not sure if this is what Mike is referring to, but there was another thread somewhere proposing adding Bitcoin address records to DNS, whereby domains could self-associate valid receiving addresses, deprecate old addresses, and do other kinds of nifty things. That could also be used as a cheap second level address verification system by clients, presenting additional info to users as to what associated domain their funds are being sent to, prior to approving the transaction. Not perfect, subject to all the caveats about DNS spoofing and such, but still better than the current situation.
|
|
|
|
|
|
dissipate (OP)
|
|
August 30, 2012, 11:13:45 PM |
|
It looks like Satoshi Dice would be a prime candidate for this attack, their page doesn't use SSL: http://satoshidice.com/Yikes! |
|
|
|
|
ElectricMucus
Legendary
Offline
Activity: 1666
Merit: 1057
Marketing manager - GO MP
|
|
August 30, 2012, 11:22:15 PM |
|
You are speaking of a man-in-the middle attack which is not surprising that it would be possible to exploit it. It's not an exploit to bitcoin per se but to the way people share addresses. It looks like Satoshi Dice would be a prime candidate for this attack, their page doesn't use SSL: http://satoshidice.com/Yikes! You can connect to satoshidice using their selfsigned ssl though. |
|
|
|
|
|
dissipate (OP)
|
|
August 30, 2012, 11:23:55 PM |
|
You are speaking of a man-in-the middle attack which is not surprising that it would be possible to exploit it. It's not an exploit to bitcoin per se but to the way people share addresses. It looks like Satoshi Dice would be a prime candidate for this attack, their page doesn't use SSL: http://satoshidice.com/Yikes! You can connect to satoshidice using their selfsigned ssl though. That triggered a security alert in my browser. Not good.  |
|
|
|
|
ElectricMucus
Legendary
Offline
Activity: 1666
Merit: 1057
Marketing manager - GO MP
|
|
August 30, 2012, 11:28:37 PM |
|
You are speaking of a man-in-the middle attack which is not surprising that it would be possible to exploit it. It's not an exploit to bitcoin per se but to the way people share addresses. It looks like Satoshi Dice would be a prime candidate for this attack, their page doesn't use SSL: http://satoshidice.com/Yikes! You can connect to satoshidice using their selfsigned ssl though. That triggered a security alert in my browser. Not good. That's normal, because it's self signed alas no trusted 3rd party authority. If I am correct in theory if an attacker can intercept the whole connection he can break it but not if you establish the thrust using a secure connection. (lets say your home internet access) and use it (lets say you connect your notebook to your work lan) at an untrusted location afterwards. |
|
|
|
|
|
dissipate (OP)
|
|
August 30, 2012, 11:31:48 PM |
|
You are speaking of a man-in-the middle attack which is not surprising that it would be possible to exploit it. It's not an exploit to bitcoin per se but to the way people share addresses. It looks like Satoshi Dice would be a prime candidate for this attack, their page doesn't use SSL: http://satoshidice.com/Yikes! You can connect to satoshidice using their selfsigned ssl though. That triggered a security alert in my browser. Not good. That's normal, because it's self signed alas no trusted 3rd party authority. If I am correct in theory if an attacker can intercept the whole connection he can break it but not if you establish the thrust using a secure connection. (lets say your home internet access) and use it (lets say you connect your notebook to your work lan) at an untrusted location afterwards. In my opinion this is pretty bad. People probably aren't exploiting this now because they don't know about Bitcoin, but who knows in the future. These sites should definitely be using SSL with 3rd party certs. |
|
|
|
|
ElectricMucus
Legendary
Offline
Activity: 1666
Merit: 1057
Marketing manager - GO MP
|
|
August 30, 2012, 11:34:46 PM |
|
You are speaking of a man-in-the middle attack which is not surprising that it would be possible to exploit it. It's not an exploit to bitcoin per se but to the way people share addresses. It looks like Satoshi Dice would be a prime candidate for this attack, their page doesn't use SSL: http://satoshidice.com/Yikes! You can connect to satoshidice using their selfsigned ssl though. That triggered a security alert in my browser. Not good. That's normal, because it's self signed alas no trusted 3rd party authority. If I am correct in theory if an attacker can intercept the whole connection he can break it but not if you establish the thrust using a secure connection. (lets say your home internet access) and use it (lets say you connect your notebook to your work lan) at an untrusted location afterwards. In my opinion this is pretty bad. People probably aren't exploiting this now because they don't know about Bitcoin, but who knows in the future. These sites should definitely be using SSL with 3rd party certs. You have to pay for those though, they are not cheap and depending on your webhost this is even somewhat of a hassle. Generally I agree. If you are concerned as said above sign your message with your privkey using the bitcoin client and point your trade partner to verify it. |
|
|
|
|
|
