MicroGuy (OP)
Legendary
Offline
Activity: 2506
Merit: 1030
Twitter @realmicroguy
|
|
June 26, 2015, 01:06:44 AM Last edit: June 29, 2015, 02:46:02 AM by MicroGuy |
|
Your days of placing PGP encrypted drug orders in public, and paying for those Darknet purchases in Bitcoin, might be numbered. Don’t look now, but there’s a hacker behind you sinking his jaws into a new crypto-robbing pita bread – and he wants your Bitcoin wallet for dessert. Researchers at Tel Aviv University and Israel’s Technion research institute have developed a palm-sized device that can wirelessly steal data from nearby laptops using the radio waves leaked by the machine’s processor. Team member Evan Tromer says his group is working to extend the device’s capabilities to include stealing bitcoin keys. Tromer says the group is also exploring whether the technique could be adapted and made more widely applicable, too, even allowing the theft of bitcoins by stealing the private keys created by users’ “wallet” programs.
The setup, which they’ve called the Portable Instrument for Trace Acquisition (PITA), fits inside an ordinary pita bread. While that may not make for the most common attack scenario, it is compact, works with both white and wheat, and operates untethered. This makes for a lethal weapon that can be easily hidden, especially inside sandwich shops. Their crusty spy bug, built for less than $300, is designed to allow anyone to “listen” to the accidental radio emanations of a computer’s electronics from 19 inches away and capture the user’s secret decryption keys, enabling attackers to read the user’s encrypted communications. The researchers have perfected a method for stealing keys from laptops running open source GnuPG within seconds. Their next experiments will involve perfecting a wireless Bitcoin wallet attack. Original Story: http://altcoinpress.com/2015/06/pita-bread-munchers-could-steal-bitcoins-from-public-laptops/
|
|
|
|
OROBTC
Legendary
Offline
Activity: 2940
Merit: 1863
|
|
June 26, 2015, 01:43:13 AM |
|
...
MicroGuy
That PITA threat looks like more of a threat to online wallets more than with cold storage hardware devices like Trezor and Ledger Nano.
If you keep your BTC holdings to a small amount in your hot wallet, then that seems to all that would be at risk.
[Correct me if I am wrong]
|
|
|
|
franky1
Legendary
Offline
Activity: 4396
Merit: 4760
|
|
June 26, 2015, 02:01:59 AM |
|
not sure if OP is trolling, or found an article wrote by a comedian..
|
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER. Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
pooya87
Legendary
Offline
Activity: 3626
Merit: 11020
Crypto Swap Exchange
|
|
June 26, 2015, 02:15:30 AM |
|
not sure if OP is trolling, or found an article wrote by a comedian..
it looks like this news is everywhere! http://www.bbc.com/news/technology-33229424it is not that impressive either, it is not actually that small and does not fit "inside the bread" it is the same size of a bread (see the pictures) it fits in the pocket and it need to be so close to do the stealing. i'll kick the ass of whoever stands in 50cm distance of my laptop! i am also skeptical about the way it steals the keys unless i read more about it's technical stuff, and the fact that what exactly on my laptop emits those signals.
|
|
|
|
SebastianJu
Legendary
Offline
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
|
|
June 28, 2015, 10:37:28 PM |
|
Pretty surely it only can steal anything that is worked on in the cpu. So when you send a bitcoin transaction in the sandwich shop and the scammy seller behind the bar has such a device, then he might get the private key for the sending address. Which should only be a problem as long as the address is still filled after that. So if you use change addresses then you are fine.
Unfortunately change addresses are a superb tool to connect all the addresses that belong to a wallet. Destroying anonymity on the way.
|
Please ALWAYS contact me through bitcointalk pm before sending someone coins.
|
|
|
QuestionAuthority
Legendary
Offline
Activity: 2156
Merit: 1393
You lead and I'll watch you walk away.
|
|
June 28, 2015, 11:19:04 PM |
|
You could put your laptop in a faraday cage. Or You could use this cooling mat to block the rf energy and save your twig and two berries from unnecessary radiation.
|
|
|
|
poncho32
|
|
June 29, 2015, 12:15:39 AM |
|
not sure if OP is trolling, or found an article wrote by a comedian..
it looks like this news is everywhere! http://www.bbc.com/news/technology-33229424it is not that impressive either, it is not actually that small and does not fit "inside the bread" it is the same size of a bread (see the pictures) it fits in the pocket and it need to be so close to do the stealing. i'll kick the ass of whoever stands in 50cm distance of my laptop! i am also skeptical about the way it steals the keys unless i read more about it's technical stuff, and the fact that what exactly on my laptop emits those signals. Years ago people could read what was on a computer screen by decoding the RF emissions it gave out. If all they are doing is reading what's visible on a screen then I'm not that impressed,. I'm not aware of any significant RF emissions given out by CPUs but I'm impressed if that's what they are decoding.
|
|
|
|
jjacob
Legendary
Offline
Activity: 1554
Merit: 1026
★Nitrogensports.eu★
|
|
June 29, 2015, 12:53:08 AM |
|
It is nice to see that Bitcoin is deemed important enough by the developers.. so important that they are working on increasing the device's capabilities to steal Bitcoin private keys. This device would be more relevant in actual spying.
|
|
|
|
galbros
Legendary
Offline
Activity: 1022
Merit: 1000
|
|
June 29, 2015, 12:59:32 AM |
|
I think I'm going to file this under things I'm not going to worry about. Thanks for the info all the same, it does look like amazing technology.
|
|
|
|
scarsbergholden
|
|
June 29, 2015, 02:32:54 AM |
|
I'll just keep my hot wallet coins on my trezor or a carry around amount on my phone, I am not worried about it at all. People who keep all of their coins in a hot wallet on a laptop are crazy anyways.
pita breads hackers could take over your trezor no problem, beware of the pita group taking over bitcoin, lol jking but for real i have seen a few people with their bitcoin wallets open on coffee shops like is all good, is like putting your wallet open in a table just waiting to see whos gonna take a shot at it.
|
|
|
|
AGD
Legendary
Offline
Activity: 2070
Merit: 1164
Keeper of the Private Key
|
|
June 29, 2015, 04:59:16 AM |
|
not sure if OP is trolling, or found an article wrote by a comedian..
it looks like this news is everywhere! http://www.bbc.com/news/technology-33229424it is not that impressive either, it is not actually that small and does not fit "inside the bread" it is the same size of a bread (see the pictures) it fits in the pocket and it need to be so close to do the stealing. i'll kick the ass of whoever stands in 50cm distance of my laptop! i am also skeptical about the way it steals the keys unless i read more about it's technical stuff, and the fact that what exactly on my laptop emits those signals. Years ago people could read what was on a computer screen by decoding the RF emissions it gave out. If all they are doing is reading what's visible on a screen then I'm not that impressed,. I'm not aware of any significant RF emissions given out by CPUs but I'm impressed if that's what they are decoding. It was this one: http://www.tomsguide.com/us/airhopper-data-radio-waves,news-19865.htmlThese techniques are used by LE already for years. Tip: Instead of people wearing that tinfoil on their head, they can now use it to wrap their computer and monitor to be safe. To be even more secure, you can extend the tinfoil use against possible future attacks:
|
|
|
|
Gervais
|
|
June 29, 2015, 08:49:18 AM |
|
Did they really have to put it in a pitta bread? I mean seriously? Regardless, I think there's going to be a real issue with using your bitcoins over public wifi. Even an entry level hacker can get into your computer very easily when you use public wifi.
|
|
|
|
tokeweed
Legendary
Offline
Activity: 4130
Merit: 1461
Life, Love and Laughter...
|
|
June 29, 2015, 09:47:21 AM |
|
not sure if OP is trolling, or found an article wrote by a comedian..
A little of both.
|
|
|
|
R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | | | 4,000+ GAMES███████████████████ ██████████▀▄▀▀▀████ ████████▀▄▀██░░░███ ██████▀▄███▄▀█▄▄▄██ ███▀▀▀▀▀▀█▀▀▀▀▀▀███ ██░░░░░░░░█░░░░░░██ ██▄░░░░░░░█░░░░░▄██ ███▄░░░░▄█▄▄▄▄▄████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | █████████ ▀████████ ░░▀██████ ░░░░▀████ ░░░░░░███ ▄░░░░░███ ▀█▄▄▄████ ░░▀▀█████ ▀▀▀▀▀▀▀▀▀ | █████████ ░░░▀▀████ ██▄▄▀░███ █░░█▄░░██ ░████▀▀██ █░░█▀░░██ ██▀▀▄░███ ░░░▄▄████ ▀▀▀▀▀▀▀▀▀ |
| | | | | | .
| | | ▄▄████▄▄ ▀█▀▄▀▀▄▀█▀ ▄▄░░▄█░██░█▄░░▄▄ ▄▄█░▄▀█░▀█▄▄█▀░█▀▄░█▄▄ ▀▄█░███▄█▄▄█▄███░█▄▀ ▀▀█░░░▄▄▄▄░░░█▀▀ █░░██████░░█ █░░░░▀▀░░░░█ █▀▄▀▄▀▄▀▄▀▄█ ▄░█████▀▀█████░▄ ▄███████░██░███████▄ ▀▀██████▄▄██████▀▀ ▀▀████████▀▀ | . ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ░▀▄░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄░▄▀ ███▀▄▀█████████████████▀▄▀ █████▀▄░▄▄▄▄▄███░▄▄▄▄▄▄▀ ███████▀▄▀██████░█▄▄▄▄▄▄▄▄ █████████▀▄▄░███▄▄▄▄▄▄░▄▀ ████████████░███████▀▄▀ ████████████░██▀▄▄▄▄▀ ████████████░▀▄▀ ████████████▄▀ ███████████▀ | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀▄▄███████▄▄▀███▄ ▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄ ▄██▀▄███░░░▀████░███▄▀██▄ ███░████░░░░░▀██░████░███ ███░████░█▄░░░░▀░████░███ ███░████░███▄░░░░████░███ ▀██▄▀███░█████▄░░███▀▄██▀ ▀██▄▀█▄▄▄██████▄██▀▄██▀ ▀███▄▀▀███████▀▀▄███▀ ▀████▄▄▄▄▄▄▄████▀ ▀▀███████▀▀ | | OFFICIAL PARTNERSHIP SOUTHAMPTON FC FAZE CLAN SSC NAPOLI |
|
|
|
S4VV4S
|
|
June 29, 2015, 10:17:54 AM |
|
Did they really have to put it in a pitta bread? I mean seriously? Regardless, I think there's going to be a real issue with using your bitcoins over public wifi. Even an entry level hacker can get into your computer very easily when you use public wifi.
I don't think they put it in a pitta bread. They just said it fits in a pitta bread
|
|
|
|
gmaxwell
Staff
Legendary
Offline
Activity: 4270
Merit: 8805
|
|
June 29, 2015, 11:12:45 AM |
|
Bitcoin Core uses signing which is constant time, constant memory access, and hardened in several other ways against side-channel private key leaks-- and specifically designed to resist these attacks. Actually being leak free also depends on the hardware, but at least in Bitcoin Core the software side of it is much more robust than the kinds of systems they were attacking here.
|
|
|
|
Yeah?
Member
Offline
Activity: 79
Merit: 10
|
|
June 29, 2015, 11:44:06 AM |
|
Seems like fud. No doubt we'll get a load of trolls panicking about this now.
|
|
|
|
Gervais
|
|
June 29, 2015, 11:45:30 AM |
|
Did they really have to put it in a pitta bread? I mean seriously? Regardless, I think there's going to be a real issue with using your bitcoins over public wifi. Even an entry level hacker can get into your computer very easily when you use public wifi.
I don't think they put it in a pitta bread. They just said it fits in a pitta bread I think they could have used something better as an example or to compare it to. Nobody measures the sizes of things in pittas.
|
|
|
|
SebastianJu
Legendary
Offline
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
|
|
June 29, 2015, 12:37:28 PM |
|
Bitcoin Core uses signing which is constant time, constant memory access, and hardened in several other ways against side-channel private key leaks-- and specifically designed to resist these attacks. Actually being leak free also depends on the hardware, but at least in Bitcoin Core the software side of it is much more robust than the kinds of systems they were attacking here.
A core developer saying that should lay worries to rest. Though even though you say bitcoin is more secure against such potential attacks i wonder if one shouldnt be worried because they claim they perfected stealing pgp-keys. pgp should be really secure too, because of their use cases. Ok, ill believe you on that anyway. Only wondering why PGP is vulnerable. Its a security software. And they sound pretty confident to being able hack private keys. Why would they when they dont see a chance or tested, before they release it to the press, that they work on it? Maybe they mentioning bitcoin private keys is only a help for spreading the news.
|
Please ALWAYS contact me through bitcointalk pm before sending someone coins.
|
|
|
S4VV4S
|
|
June 29, 2015, 12:47:32 PM |
|
Did they really have to put it in a pitta bread? I mean seriously? Regardless, I think there's going to be a real issue with using your bitcoins over public wifi. Even an entry level hacker can get into your computer very easily when you use public wifi.
I don't think they put it in a pitta bread. They just said it fits in a pitta bread I think they could have used something better as an example or to compare it to. Nobody measures the sizes of things in pittas. That's the machine? It's still not IN the pitta though Yeah, they could have used a better comparison.
|
|
|
|
gmaxwell
Staff
Legendary
Offline
Activity: 4270
Merit: 8805
|
|
June 29, 2015, 01:13:53 PM |
|
A core developer saying that should lay worries to rest. Though even though you say bitcoin is more secure against such potential attacks i wonder if one shouldnt be worried because they claim they perfected stealing pgp-keys. pgp should be really secure too, because of their use cases. Ok, ill believe you on that anyway. Only wondering why PGP is vulnerable. Its a security software. And they sound pretty confident to being able hack private keys. Why would they when they dont see a chance or tested, before they release it to the press, that they work on it? Maybe they mentioning bitcoin private keys is only a help for spreading the news. Read the actual report, in particular http://www.tau.ac.il/~tromer/radioexp/ Q11 and Q8.
|
|
|
|
|