Bitcoin Forum
December 16, 2017, 08:09:48 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Dangers in using USB Stick to get signed transactions offline?  (Read 298 times)
adaseb
Legendary
*
Offline Offline

Activity: 1442



View Profile
December 16, 2016, 12:21:00 PM
 #1

Was doing some reading about "BadUSB" and have a hard time finding out exactly how it works.

Does it need to be some infected firmware USB stick that you bought from a 3rd party or can it be a regular brand new USB Stick from a retail store which gets infected if your computer has some virus.

There was one guy who had like 4 CDROMs and he burned the unsigned transaction on a CD-Writer, put in the CD-Reader on the offline computer and burned the signed transaction with the CD-Writer, and later on with the online computer put it back into the CD-Reader to get the transaction broadcasted. This seems a little tedious to me.

Any safer methods on getting the transactions signed or is this "BadUSB" just something that rarely happens with Bitcoin?

FORTUNEJACK.COM[
                            
5 BTC WELCOME PACK FOR 1ST 5 DEPOSITS
FREE 1,000 mBTC daily for LuckyJack winners
[
          
]
1513411788
Hero Member
*
Offline Offline

Posts: 1513411788

View Profile Personal Message (Offline)

Ignore
1513411788
Reply with quote  #2

1513411788
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513411788
Hero Member
*
Offline Offline

Posts: 1513411788

View Profile Personal Message (Offline)

Ignore
1513411788
Reply with quote  #2

1513411788
Report to moderator
Coin-Keeper
Hero Member
*****
Offline Offline

Activity: 504



View Profile
December 16, 2016, 06:50:31 PM
 #2

We have had several (many) threads chasing the answer to this question.  My opinion is that if you are using Linux you would be much safer than using Windows where the USB issue is concerned.  You will want to make certain that auto play isn't on when you insert the USB.  That is a simple setting, but make sure YOU start anything on the USB and NO auto start of stuff.  I haven't heard of any "in the wild" Linux users that have ever fallen prey to this exploit.  Still, it is possible.  Some will argue Q codes are safer, but then again many in the know will tell you its also vulnerable with the same low percentage of risk on pure Linux stuff.  I ran Electrum for a few years using USB and cold wallet, which I felt was pretty darn safe.  I just got tired of going back and forth between computers so I ended up starting to use a hardware wallet.  The convenience was well worth the small expense because my volume more than justifies it, at least to myself.  Like you mentioned on the CDRs.  Unless I was doing a super large wallet like once or twice year I wouldn't want to keep juggling optical media due to the hassle.  In fairness you have to know that I only use full Linux and never Windows.  You will find members here that may disagree and we are free to make our own choices.  We must also be willing to live with the outcome of the choices.  Hope you make the best one for YOUR needs.

BTC: 1PYSBbuKM3kW19xe9TXJQfq64rPhd8XorF
Staked and Verified: https://bitcointalk.org/index.php?topic=996318.msg17102755#msg17102755
pooya87
Legendary
*
Offline Offline

Activity: 1120


Buy bitcoin they said... who listened?


View Profile
December 18, 2016, 05:12:43 AM
 #3

Was doing some reading about "BadUSB" and have a hard time finding out exactly how it works.

Does it need to be some infected firmware USB stick that you bought from a 3rd party or can it be a regular brand new USB Stick from a retail store which gets infected if your computer has some virus.

There was one guy who had like 4 CDROMs and he burned the unsigned transaction on a CD-Writer, put in the CD-Reader on the offline computer and burned the signed transaction with the CD-Writer, and later on with the online computer put it back into the CD-Reader to get the transaction broadcasted. This seems a little tedious to me.

Any safer methods on getting the transactions signed or is this "BadUSB" just something that rarely happens with Bitcoin?

i have never heard of bad USB which has a malicious firmware! if you have any link i would love to read more about it thought.
and as for that method i think it is an overkill and he is not really doing anything extra to make it safer. the best way to have an "air tight" system for signing transactions is an offline linux which you never attach anything to it. and for the transactions you only use QR codes and your camera to scan them.

check this out: https://susestudio.com/a/kp8B3G/ciyam-safe
her is the person who made it: https://bitcointalk.org/index.php?action=profile;u=44572

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!