Electrum vulnerable to Meltdown and Spectre CPU attacks?

[adaseb]

Anyone knows if there are possible issues with the recent Meltdown/Spectre CPU attacks?

I am guessing someone can browse some website, that might inject malicious code and if Electrum is running it might send some info like private keys? seeds?

[1715488532]

1715488532

[1715488532]

1715488532

[pooya87]

first of all thanks for asking this, it made me to finally go and read about this attack

from what i understand, these two attacks can pull data from your RAM, the secret data that shouldn't have been accessible otherwise. they are not much different from other viruses out there. the impact is different and protection is similar, update your OS (windows[1] and linux) update your antivirus and make sure to use the latest version of your browser [2].

now as far as bitcoin is concerned, that is why we have "cold storage" [3][4].
as for Electrum, the way it is designed is that it doesn't keep "sensitive information" (secrets) in memory. so even if you have your Electrum open there is nothing in memory to steal. BUT it will be there at some point, the only time your "secrets" go in memory is when you try to sign something (transaction or message,..) that is why you are asked to enter your password when you try to sign.


[1] https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892
[2] http://www.pcgamer.com/google-is-prepping-a-chrome-update-to-mitigate-newly-disclosed-cpu-exploits/
[3] https://en.bitcoin.it/wiki/Cold_storage
[4] http://docs.electrum.org/en/latest/coldstorage.html

[adaseb]

first of all thanks for asking this, it made me to finally go and read about this attack

from what i understand, these two attacks can pull data from your RAM, the secret data that shouldn't have been accessible otherwise. they are not much different from other viruses out there. the impact is different and protection is similar, update your OS (windows[1] and linux) update your antivirus and make sure to use the latest version of your browser [2].

now as far as bitcoin is concerned, that is why we have "cold storage" [3][4].
as for Electrum, the way it is designed is that it doesn't keep "sensitive information" (secrets) in memory. so even if you have your Electrum open there is nothing in memory to steal. BUT it will be there at some point, the only time your "secrets" go in memory is when you try to sign something (transaction or message,..) that is why you are asked to enter your password when you try to sign.


[1] https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892
[2] http://www.pcgamer.com/google-is-prepping-a-chrome-update-to-mitigate-newly-disclosed-cpu-exploits/
[3] https://en.bitcoin.it/wiki/Cold_storage
[4] http://docs.electrum.org/en/latest/coldstorage.html

So if I am using a second PC offline which signs the messages there shouldn't be an issue?

But what if that offline PC is also running an Intel CPU?

Can it somehow send private data by the QR code right after it signs the transction?

[bob123]

So if I am using a second PC offline which signs the messages there shouldn't be an issue?

This vulnerability still can be exploited. It just can't get remote exploited via the internet.
Someone knocking you out (or walking to your pc, plugging an usb stick in and out) and using this vulnerability is (theoretically) still an option.

But what if that offline PC is also running an Intel CPU?

Look above.
Meltdown and spectre are two seperate vulnerabilities.
The meltdown vulnerability can only be exploited on Intel cpu's (those manufactured since 1995 (excluding Itanium and Atom chips made before 2013).
The spectre vulnerability addresses all modern cpu's (including Intel, AMD and ARM) and is harder to exploit/mitigate.

You can read into both of the paper here: https://meltdownattack.com/
 

Can it somehow send private data by the QR code right after it signs the transction?

Could you please clarify what you exactly mean?
You can't send data via QR. QR-codes are just a visualisation of data.

[adaseb]

So if I am using a second PC offline which signs the messages there shouldn't be an issue?

This vulnerability still can be exploited. It just can't get remote exploited via the internet.
Someone knocking you out (or walking to your pc, plugging an usb stick in and out) and using this vulnerability is (theoretically) still an option.

But what if that offline PC is also running an Intel CPU?

Look above.
Meltdown and spectre are two seperate vulnerabilities.
The meltdown vulnerability can only be exploited on Intel cpu's (those manufactured since 1995 (excluding Itanium and Atom chips made before 2013).
The spectre vulnerability addresses all modern cpu's (including Intel, AMD and ARM) and is harder to exploit/mitigate.

You can read into both of the paper here: https://meltdownattack.com/
 

Can it somehow send private data by the QR code right after it signs the transction?

Could you please clarify what you exactly mean?
You can't send data via QR. QR-codes are just a visualisation of data.

When you load an unsigned transaction into the offline Electrum, you are given a QR code/signed transaction after you click the word sign.

This signed transaction you take to the online computer and broadcast it.

My question is, can some secret data hide in the QR code or signed transaction file when its broadcasted on the online computer? Since this is the only way the offline computer can send any data since its never online.

[pooya87]

This vulnerability still can be exploited. It just can't get remote exploited via the internet.
Someone knocking you out (or walking to your pc, plugging an usb stick in and out) and using this vulnerability is (theoretically) still an option.

if someone has physical access to your computer, there are easier ways of stealing your stuff than using these exploits. and as i said above wallets like Electrum don't just leave your secrets in the cash. it is flushed each time you finish up using them like after you signed your transaction. and will require to be loaded again in your memory which then requires password.

The meltdown vulnerability can only be exploited on Intel cpu's (those manufactured since 1995 (excluding Itanium and Atom chips made before 2013).

it can also be used on other CPUs (AMD) with a little modification.

My question is, can some secret data hide in the QR code or signed transaction file when its broadcasted on the online computer? Since this is the only way the offline computer can send any data since its never online.

if the program that you use to generate the QR is corrupted it can inject anything in it.
but transactions are big enough for QR as it is, adding anything else to it would make it even bigger and it is easy to catch it. you can use your device to read the QR before letting it touch your cold storage.
download Barcode scanner on your phone and read them.

[bob123]

This vulnerability still can be exploited. It just can't get remote exploited via the internet.
Someone knocking you out (or walking to your pc, plugging an usb stick in and out) and using this vulnerability is (theoretically) still an option.

if someone has physical access to your computer, there are easier ways of stealing your stuff than using these exploits. and as i said above wallets like Electrum don't just leave your secrets in the cash. it is flushed each time you finish up using them like after you signed your transaction. and will require to be loaded again in your memory which then requires password.

Thats basically the reason why you can't just steal the stuff when having physical access.
People plugging in an usb device to get malware on your pc waiting to gather your sensitive information is definetly a possible attack vector (if the amount stored is high enough).
You'd only need to have access to the pc 2 times (before a TX is being signed on this PC and afterwards). This option shouldn't be underestimated if a big amount of money is stored.

The meltdown vulnerability can only be exploited on Intel cpu's (those manufactured since 1995 (excluding Itanium and Atom chips made before 2013).

it can also be used on other CPUs (AMD) with a little modification.

The meltdown vulnerability is exclusive to Intel processors (and 1 ARM core: ARM Cortex-A75), while the Spectre vulnerability can affect Intel, AMD, and ARM processors.
3 further ARM cores are vulnerable to a modified version of meltdown (Cortex-A15, Cortex-A57, Cortex-A72). But AMD is not affected by meltdown at all due to a different architecture.

Sources:
http://chronicle.augusta.com/news/business/2018-01-04/who-s-affected-computer-chip-security-flaw
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
https://spectreattack.com/#faq-systems-meltdown
https://www.reuters.com/article/us-cyber-intel/security-flaws-put-virtually-all-phones-computers-at-risk-idUSKBN1ES1BO

[theymos]

There are basically three "levels" of the vulnerability:

"Meltdown": Caused by an embarrassing flaw in Intel CPUs which allows any code running on the computer (including JavaScript) to ignore memory protection fairly easily and access the entire contents of memory. The part of this where code can access all of physical memory is what's fixed by the various OS patches already out. The browser patches (which are mainly for spectre-1, see below) can also help against meltdown somewhat.

"Spectre-2": Caused by widespread flaws in our understanding of CPU design. Affects most CPUs, almost certainly including all modern AMD CPUs, though attacks against Intel CPUs may be easier simply because the internals of Intel CPUs are more well-understood. As with meltdown, it allows any code running on the computer (potentially including JavaScript) to access the entire contents of memory. However, this is much more difficult to pull off. It will probably be a while before we see practical attacks, and doing it via JavaScript increases the difficulty so much that we might never see JS-based attacks. Fixing the part of this where code can access all of physical memory requires an OS update (done on Windows, not done yet on Linux) and probably an update to CPU microcode, which may depending on the circumstances require an update to UEFI/BIOS and/or other firmware. Spectre-2 will become a bigger and bigger problem as the months go on and people increasingly figure out how to exploit it, since solving it can be difficult, especially on older devices.

"Spectre-1": Caused by widespread flaws in our understanding of CPU / software design. Affects all CPUs. It has two effects. First and most seriously, it allows sandboxed code running within a process (such as JavaScript running in a browser) to read the process's memory outside of the sandbox. Second, it introduces yet another arcane timing-like attack between processes running on the same hardware. This probably cannot be fixed by OS updates; security-sensitive programs will basically have to be redesigned with this attack in mind, probably with support from changes in compilers / programming languages. The various browser updates that have recently been released address the most obvious uses of spectre-1, but they are far from a complete solution. A lot more work will be required to make things reasonably secure, and then this will continue to haunt software development forever, especially for the type of sensitive software that today worries about timing attacks.

If you are successfully attacked by the full-memory variants, then it allows an attacker to do things like capture any encryption keys currently active (eg. disk encryption, wallet encryption, gpg-agent keys, etc.), get passwords currently in memory, get wallet keys currently in memory, get some/all of your browser cookies, etc. If you are successfully attacked by the single-process variant, then the attacker can only see the memory of that process, such as seeing the contents of all of your tabs for a browser.

Software like Electrum can't do anything about meltdown or spectre-2 other than avoiding keeping keys in memory as much as possible. For spectre-1, adjustments may be necessary, but for Python programs like Electrum it may mostly or entirely be done at a lower level.

For illustration of how widespread this problem is: I designed a full CPU from scratch as a project in a university course, and I'm pretty sure that my relatively primitive CPU was vulnerable to at least spectre-1, since it did the type of speculation which is causing problems here. This is a very deep problem.