cellard (OP)
Legendary
Offline
Activity: 1372
Merit: 1252
|
|
January 04, 2018, 05:35:02 PM |
|
As you may know, Intel has been exposed heavily in the past few hours with 2 different exploits that can deliver pretty scare results if used maliciously: Meltdown and Spectre
Bugs in modern computers leak passwords and sensitive data.
Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.
Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider's infrastructure, it might be possible to steal data from other customers.
https://meltdownattack.com/On the site you can see them in action: https://www.youtube.com/watch?v=bReA1dvGJ6Yhttps://www.youtube.com/watch?v=RbHbFkh6eeEWhat do you think about this when it comes to bitcoin? Even if I moved all of my private keys into an airgapped laptop which has never seen the internet after being formatted, when I wanted to sign an offline transaction into the online node... the node is still connected to the internet, could somehow a exploit happen in the process?
|
|
|
|
HeRetiK
Legendary
Offline
Activity: 3150
Merit: 2184
Playgram - The Telegram Casino
|
|
January 04, 2018, 06:26:12 PM |
|
[...]
Even if I moved all of my private keys into an airgapped laptop which has never seen the internet after being formatted, when I wanted to sign an offline transaction into the online node... the node is still connected to the internet, could somehow a exploit happen in the process?
Signing an offline transaction with an airgapped device won't compromise your private keys, since the online device that transmits the transaction has no access to the private keys on the airgapped device. However, the following possible exploits still prevail, regardless of Meltdown and Spectre: -) A compromised USB stick could still grab your private keys from the airgapped device while copying the signed transaction for later transmission using the online device. -) Simply moving a private key from an online device to an airgapped device will do little for your security. The private keys should be generated by the airgapped device itself. -) Make sure your device is indeed airgapped and doesn't try to connect to any open Wifis that may be around. Basically, every offline approach to wallet security still holds. Hot wallets are more susceptible to attacks than ever, at least until the security updates are out.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
Coin-Keeper
|
|
January 04, 2018, 07:35:58 PM |
|
Hot wallets are more susceptible to attacks than ever, at least until the security updates are out. The best solution where "mobility and actual use" of BTC are needed: hardware wallet HW's are completely untouched by this newest annoyance and security threat. It is so reassuring to safely move coins easily overcoming computer malware and other crap. Just move cautiously and make sure the destination address showing on the HW screen is accurate and you are good to go. 100-150 bucks for a HW vs 15K + per coin. No brainer.
|
|
|
|
Erelas
|
|
January 04, 2018, 08:11:07 PM |
|
Sheesh! I mean that's just not good. Thanks for the information though, until your post I hadn't heard of them, and even if they are not a "real" threat, it's at least interesting for bar trivia.
One of these days, the chip and board manufacturers are going to be held to the same standards we hold automobile manufacturers, but when that happens, none of us will be able to afford one.
Hey, is AMD's stock gonna go up? (bit tongue in cheek there)
|
|
|
|
hatshepsut93
Legendary
Offline
Activity: 3038
Merit: 2162
|
|
January 04, 2018, 08:15:42 PM |
|
-) A compromised USB stick could still grab your private keys from the airgapped device while copying the signed transaction for later transmission using the online device.
Signed transactions can be easily trasnferred via QR-codes, I did this with Electrum and everything worked well. The problem is to transfer unsigned transactions, which can also be done via QR-codes, but would require a dedicated digital camera and a software that can decode them from images. But I think the risk of malware getting into air-gapped system via USB stick is very small. As you may know, Intel has been exposed heavily in the past few hours with 2 different exploits that can deliver pretty scare results if used maliciously
Hardware wallet are probably unaffected, which made them more appealing than airgapped computers in my eyes: https://twitter.com/pavolrusnak/status/948863100194836480
|
|
|
|
Spendulus
Legendary
Offline
Activity: 2926
Merit: 1386
|
|
January 04, 2018, 09:17:09 PM |
|
-) A compromised USB stick could still grab your private keys from the airgapped device while copying the signed transaction for later transmission using the online device.
Signed transactions can be easily trasnferred via QR-codes, I did this with Electrum and everything worked well. The problem is to transfer unsigned transactions, which can also be done via QR-codes, but would require a dedicated digital camera and a software that can decode them from images. But I think the risk of malware getting into air-gapped system via USB stick is very small. As you may know, Intel has been exposed heavily in the past few hours with 2 different exploits that can deliver pretty scare results if used maliciously
Hardware wallet are probably unaffected, which made them more appealing than airgapped computers in my eyes: https://twitter.com/pavolrusnak/status/948863100194836480Without camera GITHUB style source code, it's impossible to know that the camera isn't sending your scan data somewhere and for example many phone QR scanners routinely do just that, not to steal from you but to track your habits and look the code up in their database. It's a small step from that for a minor two bit consultant or employee working for the company that did the app to check incoming QR data for crypto address data streams, and then you are screwed. For USB it's trivial to put data into an encrypted package like a zip file for the short time it moves via the USB thumb drive. The latter method is demonstrably secure.
|
|
|
|
hatshepsut93
Legendary
Offline
Activity: 3038
Merit: 2162
|
|
January 04, 2018, 11:28:09 PM |
|
Without camera GITHUB style source code, it's impossible to know that the camera isn't sending your scan data somewhere and for example many phone QR scanners routinely do just that, not to steal from you but to track your habits and look the code up in their database. It's a small step from that for a minor two bit consultant or employee working for the company that did the app to check incoming QR data for crypto address data streams, and then you are screwed.
For USB it's trivial to put data into an encrypted package like a zip file for the short time it moves via the USB thumb drive.
The latter method is demonstrably secure.
What do you mean "screwed"? You are scanning signed transactions, the same transactions that are normally broadcast to the network and included in blocks, it's not private keys and private keys can't be derived from them. Worst case someone will link those transactions to your phone, which can be pretty bad for privacy in some cases, but like you've said, you can get an open source QR scanner. As for USB, it might be possible that some very sophisticated malware from online machine will infect a flash drive and will then steal private keys from airgapped machine and will send them to remote server when it will get inserted in online machine again to broadcast signed transaction.
|
|
|
|
ProfWigSlipper
Jr. Member
Offline
Activity: 63
Merit: 2
|
|
January 04, 2018, 11:38:50 PM |
|
This is a scary way to start a New Year .... Basically, every offline approach to wallet security still holds. Hot wallets are more susceptible to attacks than ever, at least until the security updates are out.
One article I read said hackers can (potentially) access everything in your currently active memory including sensitive data and passwords. This seems to include opening/using your wallet gives complete access to all your PC's private keys(?) Assuming the keys are encrypted, the same hacker can find the data needed to decrypt your keys, especially if they know how your "secure" wallet works.
|
|
|
|
ccie38216
Newbie
Offline
Activity: 9
Merit: 0
|
|
January 05, 2018, 05:26:32 AM |
|
Just by opening your wallet, this exploit cannot be used to steal your private keys. However if you send a transaction and you decrypt your private keys using your passphrase then YES that data is cached by the kernel when processing the instructions to sign the transaction in which case can be extracted. There are currently two exploits found on the dark web thus far, a Java script based exploit which runs in a web browser whereas all you have to do is just visit a website and boom you're screwed. The second exploit currently "for sale" via bitcoin haha is a usb disk image which executes the exploit when plugged in and exfiltrates data back to a file system on the flash drive. I'm sure there are many more programs written to exploit this vulnerability These are the two that I know of thus far.
|
|
|
|
cellard (OP)
Legendary
Offline
Activity: 1372
Merit: 1252
|
|
January 05, 2018, 04:22:42 PM |
|
Without camera GITHUB style source code, it's impossible to know that the camera isn't sending your scan data somewhere and for example many phone QR scanners routinely do just that, not to steal from you but to track your habits and look the code up in their database. It's a small step from that for a minor two bit consultant or employee working for the company that did the app to check incoming QR data for crypto address data streams, and then you are screwed.
For USB it's trivial to put data into an encrypted package like a zip file for the short time it moves via the USB thumb drive.
The latter method is demonstrably secure.
What do you mean "screwed"? You are scanning signed transactions, the same transactions that are normally broadcast to the network and included in blocks, it's not private keys and private keys can't be derived from them. Worst case someone will link those transactions to your phone, which can be pretty bad for privacy in some cases, but like you've said, you can get an open source QR scanner. As for USB, it might be possible that some very sophisticated malware from online machine will infect a flash drive and will then steal private keys from airgapped machine and will send them to remote server when it will get inserted in online machine again to broadcast signed transaction. Could you recommend a QR scanner? Like you said, putting your QR data in a regular smartphone and expecting any level of privacy is delusional. An open source QR scanner (open source including the hardware) makes more sense, but im not sure where to buy the right one. Hot wallets are more susceptible to attacks than ever, at least until the security updates are out. The best solution where "mobility and actual use" of BTC are needed: hardware wallet HW's are completely untouched by this newest annoyance and security threat. It is so reassuring to safely move coins easily overcoming computer malware and other crap. Just move cautiously and make sure the destination address showing on the HW screen is accurate and you are good to go. 100-150 bucks for a HW vs 15K + per coin. No brainer. Why do you trust dedicated hardware wallets more than a general purpose laptop? Have you audited your Trezor/Ledger or whatever you are using chips?
|
|
|
|
achow101
Moderator
Legendary
Offline
Activity: 3570
Merit: 6927
Just writing some code
|
|
January 05, 2018, 05:28:22 PM |
|
Why do you trust dedicated hardware wallets more than a general purpose laptop? Have you audited your Trezor/Ledger or whatever you are using chips?
Have you audited your general purpose laptop and all of the chips it is using? It is far easier to audit the hardware wallet if you know what you are doing. Furthermore their firmware and bootloaders are mostly open source (for the Trezor, they are all open source, for Ledger, only partially) whereas the firmware for your laptop is most definitely not.
|
|
|
|
cellard (OP)
Legendary
Offline
Activity: 1372
Merit: 1252
|
|
January 05, 2018, 06:31:10 PM |
|
Why do you trust dedicated hardware wallets more than a general purpose laptop? Have you audited your Trezor/Ledger or whatever you are using chips?
Have you audited your general purpose laptop and all of the chips it is using? It is far easier to audit the hardware wallet if you know what you are doing. Furthermore their firmware and bootloaders are mostly open source (for the Trezor, they are all open source, for Ledger, only partially) whereas the firmware for your laptop is most definitely not. Im using a librebooted old lenovo laptop, so no proprietary bios, drivers and so on. I can also run any software I want on it. I don't like being limited by the Trezor/Ledger thing. And yes, my point was, we can't audit everything. And since I saw this, I don't trust Trezor: https://www.reddit.com/r/TREZOR/comments/6yti7p/trezor_bridge_trezordexe_calling_home/Using a librebooted Linux laptop you would never have these kind of surprises in the behaviour of the software controlling your private keys.
|
|
|
|
pebwindkraft
|
|
January 05, 2018, 11:34:47 PM |
|
Another "weak" area in many LINUX systems are the blobs (eg. the graphic cards, the wifi cards, and more). For sure you don't need graphics or wifi on your (cold storage) signing system. OpenBSD can be an alternative here I can further minimize the risk with cold storage and multisig. But as usual, security is a trade-off between costs and comfort. It sure is easier to have a hardware wallet.
|
|
|
|
leopard2
Legendary
Offline
Activity: 1372
Merit: 1014
|
|
January 06, 2018, 12:18:16 AM |
|
I am pretty sure if you enter a password or a seed on an affected device you could be compromised, yes. On the other hand fixes are being released as we speak. I wonder if these software based fixes can even provide sufficient security, as the flaw is in the hardware. How is a software fix in an antivirus or operating system going to prevent other software from reading the cache tables? For the next few days it may be best, not to open wallets with large balances on any device.
|
Truth is the new hatespeech.
|
|
|
cellard (OP)
Legendary
Offline
Activity: 1372
Merit: 1252
|
|
January 06, 2018, 03:30:42 PM |
|
Another "weak" area in many LINUX systems are the blobs (eg. the graphic cards, the wifi cards, and more). For sure you don't need graphics or wifi on your (cold storage) signing system. OpenBSD can be an alternative here I can further minimize the risk with cold storage and multisig. But as usual, security is a trade-off between costs and comfort. It sure is easier to have a hardware wallet. With a librebooted setup, you can use open source wifi if you want for the online node, offline it doesn't really matter, for the airgapped laptop you are supposed to remove your wifi card physically, as long as any additional GPU or anything not really needed. Even if you are not an expert to install Gentoo or OpenBSD... just get Xubuntu, and in my opinion it's a more complete and robust package than the Trezors etc. I love the control given by bitcoin Core in terms of inputs and outputs (coin control). Core devs just need to improve the cold storage features (moving the raw transaction from the cold storage to the node, signing transactions on the node.. etc). Right now you can't do it on the GUI, you require the console and it could lead to fatal mistakes.
|
|
|
|
ProfWigSlipper
Jr. Member
Offline
Activity: 63
Merit: 2
|
|
January 18, 2018, 01:20:55 AM |
|
Just by opening your wallet, this exploit cannot be used to steal your private keys. However if you send a transaction and you decrypt your private keys using your passphrase then YES that data is cached by the kernel when processing the instructions to sign the transaction in which case can be extracted.
....
I was thinking everything including "passphrases" would be exposed to memory even when opening an encrypted wallet. Thanks, for clearing that up. ps. Did this huge story fade out fast in the mainstream news, or was I just not paying attention recently?
|
|
|
|
ProfWigSlipper
Jr. Member
Offline
Activity: 63
Merit: 2
|
|
January 19, 2018, 06:21:42 AM |
|
This topic is vital how can there be so little response? Are people 100% scared by reality?
|
|
|
|
hatshepsut93
Legendary
Offline
Activity: 3038
Merit: 2162
|
|
January 19, 2018, 06:55:12 AM |
|
This topic is vital how can there be so little response? Are people 100% scared by reality?
You are too dramatic, these attacks haven't changed anything, as computer systems were always weak in terms of security - there are tons of different bugs, vulnerabilities and backdoors. If you are using Bitcoin in potentially unsecure environment, like your home Windows machine, then you were vulnerable even before Spectre and Meltdown. This is why people are using cold storages and hardware wallets - they are isolating private keys from their systems, so even if they are vulnerable, it won't result in a loss of their coins. This doesn't mean that you should be careless about security of your work/home computers, but you have to accept that they will never be secure enough to entrust them with your cryptocurrency saving wallets.
|
|
|
|
ProfWigSlipper
Jr. Member
Offline
Activity: 63
Merit: 2
|
|
January 21, 2018, 10:36:52 PM |
|
This topic is vital how can there be so little response? Are people 100% scared by reality?
You are too dramatic, these attacks haven't changed anything, as computer systems were always weak in terms of security - ... Thank you for constructive feedback. // Respect
|
|
|
|
figmentofmyass
Legendary
Offline
Activity: 1652
Merit: 1483
|
|
January 21, 2018, 11:41:13 PM |
|
This topic is vital how can there be so little response? Are people 100% scared by reality?
You are too dramatic, these attacks haven't changed anything, as computer systems were always weak in terms of security - there are tons of different bugs, vulnerabilities and backdoors. If you are using Bitcoin in potentially unsecure environment, like your home Windows machine, then you were vulnerable even before Spectre and Meltdown. This is why people are using cold storages and hardware wallets - they are isolating private keys from their systems, so even if they are vulnerable, it won't result in a loss of their coins. This doesn't mean that you should be careless about security of your work/home computers, but you have to accept that they will never be secure enough to entrust them with your cryptocurrency saving wallets. this experience does raise questions for me about the perceived safety of things like hardware wallets, though. if a rogue process can read all memory without authorization because of an intel chip vulnerability, what makes you think that such vulnerabilities don't exist in hardware wallets? considering the entire thinking around the security architecture of modern processors and speculative execution was wrong, it stands to reason that this is possible for hardware wallet architecture as well. i certainly don't feel safe having my keys on one and plugging it into an untrusted online computer.
|
|
|
|
|