Could the Intel vulnerability have compromised private keys?

[cellard]

As you may know, Intel has been exposed heavily in the past few hours with 2 different exploits that can deliver pretty scare results if used maliciously:

Meltdown and Spectre

Bugs in modern computers leak passwords and sensitive data.

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider's infrastructure, it might be possible to steal data from other customers.

https://meltdownattack.com/

On the site you can see them in action:

https://www.youtube.com/watch?v=bReA1dvGJ6Y

https://www.youtube.com/watch?v=RbHbFkh6eeE

What do you think about this when it comes to bitcoin?

Even if I moved all of my private keys into an airgapped laptop which has never seen the internet after being formatted, when I wanted to sign an offline transaction into the online node... the node is still connected to the internet, could somehow a exploit happen in the process?

[HeRetiK]

[...]

Even if I moved all of my private keys into an airgapped laptop which has never seen the internet after being formatted, when I wanted to sign an offline transaction into the online node... the node is still connected to the internet, could somehow a exploit happen in the process?

Signing an offline transaction with an airgapped device won't compromise your private keys, since the online device that transmits the transaction has no access to the private keys on the airgapped device.

However, the following possible exploits still prevail, regardless of Meltdown and Spectre:

-) A compromised USB stick could still grab your private keys from the airgapped device while copying the signed transaction for later transmission using the online device.

-) Simply moving a private key from an online device to an airgapped device will do little for your security. The private keys should be generated by the airgapped device itself.

-) Make sure your device is indeed airgapped and doesn't try to connect to any open Wifis that may be around.


Basically, every offline approach to wallet security still holds. Hot wallets are more susceptible to attacks than ever, at least until the security updates are out.

[Coin-Keeper]

Hot wallets are more susceptible to attacks than ever, at least until the security updates are out.

The best solution where "mobility and actual use" of BTC are needed:  hardware wallet

HW's are completely untouched by this newest annoyance and security threat.  It is so reassuring to safely move coins easily overcoming computer malware and other crap.  Just move cautiously and make sure the destination address showing on the HW screen is accurate and you are good to go.  100-150 bucks for a HW vs 15K + per coin.  No brainer.

[Erelas]

Sheesh!  I mean that's just not good.  Thanks for the information though, until your post I hadn't heard of them, and even if they are not a "real" threat, it's at least interesting for bar trivia.

One of these days, the chip and board manufacturers are going to be held to the same standards we hold automobile manufacturers, but when that happens, none of us will be able to afford one.

Hey, is AMD's stock gonna go up?  (bit tongue in cheek there)

[hatshepsut93]

-) A compromised USB stick could still grab your private keys from the airgapped device while copying the signed transaction for later transmission using the online device.

Signed transactions can be easily trasnferred via QR-codes, I did this with Electrum and everything worked well. The problem is to transfer unsigned transactions, which can also be done via QR-codes, but would require a dedicated digital camera and a software that can decode them from images. But I think the risk of malware getting into air-gapped system via USB stick is very small.

As you may know, Intel has been exposed heavily in the past few hours with 2 different exploits that can deliver pretty scare results if used maliciously

Hardware wallet are probably unaffected, which made them more appealing than airgapped computers in my eyes:

https://twitter.com/pavolrusnak/status/948863100194836480

[Spendulus]

-) A compromised USB stick could still grab your private keys from the airgapped device while copying the signed transaction for later transmission using the online device.

Signed transactions can be easily trasnferred via QR-codes, I did this with Electrum and everything worked well. The problem is to transfer unsigned transactions, which can also be done via QR-codes, but would require a dedicated digital camera and a software that can decode them from images. But I think the risk of malware getting into air-gapped system via USB stick is very small.

As you may know, Intel has been exposed heavily in the past few hours with 2 different exploits that can deliver pretty scare results if used maliciously

Hardware wallet are probably unaffected, which made them more appealing than airgapped computers in my eyes:

https://twitter.com/pavolrusnak/status/948863100194836480

Without camera GITHUB style source code, it's impossible to know that the camera isn't sending your scan data somewhere and for example many phone QR scanners routinely do just that, not to steal from you but to track your habits and look the code up in their database. It's a small step from that for a minor two bit consultant or employee working for the company that did the app to check incoming QR data for crypto address data streams, and then you are screwed.

For USB it's trivial to put data into an encrypted package like a zip file for the short time it moves via the USB thumb drive.

The latter method is demonstrably secure.

[hatshepsut93]

Without camera GITHUB style source code, it's impossible to know that the camera isn't sending your scan data somewhere and for example many phone QR scanners routinely do just that, not to steal from you but to track your habits and look the code up in their database. It's a small step from that for a minor two bit consultant or employee working for the company that did the app to check incoming QR data for crypto address data streams, and then you are screwed.

For USB it's trivial to put data into an encrypted package like a zip file for the short time it moves via the USB thumb drive.

The latter method is demonstrably secure.

What do you mean "screwed"? You are scanning signed transactions, the same transactions that are normally broadcast to the network and included in blocks, it's not private keys and private keys can't be derived from them. Worst case someone will link those transactions to your phone, which can be pretty bad for privacy in some cases, but like you've said, you can get an open source QR scanner.

As for USB, it might be possible that some very sophisticated malware from online machine will infect a flash drive and will then steal private keys from airgapped machine and will send them to remote server when it will get inserted in online machine again to broadcast signed transaction.

[ProfWigSlipper]

This is a scary way to start a New Year

....
Basically, every offline approach to wallet security still holds. Hot wallets are more susceptible to attacks than ever, at least until the security updates are out.

One article I read said hackers can (potentially) access everything in your currently active memory including sensitive data and passwords. This seems to include opening/using your wallet gives complete access to all your PC's private keys(?)   

Assuming the keys are encrypted, the same hacker can find the data needed to decrypt your keys, especially if they know how your "secure" wallet works.

[ccie38216]

Just by opening your wallet, this exploit cannot be used to steal your private keys. However if you send a transaction and you decrypt your private keys using your passphrase then YES that data is cached by the kernel when processing the instructions to sign the transaction in which case can be extracted.

There are currently two exploits found on the dark web thus far, a Java script based exploit which runs in a web browser whereas all you have to do is just visit a website and boom you're screwed. The second exploit currently "for sale" via bitcoin haha is a usb disk image which executes the exploit when plugged in and exfiltrates data back to a file system on the flash drive.

I'm sure there are many more programs written to exploit this vulnerability These are the two that I know of thus far.

[cellard]

Without camera GITHUB style source code, it's impossible to know that the camera isn't sending your scan data somewhere and for example many phone QR scanners routinely do just that, not to steal from you but to track your habits and look the code up in their database. It's a small step from that for a minor two bit consultant or employee working for the company that did the app to check incoming QR data for crypto address data streams, and then you are screwed.

For USB it's trivial to put data into an encrypted package like a zip file for the short time it moves via the USB thumb drive.

The latter method is demonstrably secure.

What do you mean "screwed"? You are scanning signed transactions, the same transactions that are normally broadcast to the network and included in blocks, it's not private keys and private keys can't be derived from them. Worst case someone will link those transactions to your phone, which can be pretty bad for privacy in some cases, but like you've said, you can get an open source QR scanner.

As for USB, it might be possible that some very sophisticated malware from online machine will infect a flash drive and will then steal private keys from airgapped machine and will send them to remote server when it will get inserted in online machine again to broadcast signed transaction.

Could you recommend a QR scanner? Like you said, putting your QR data in a regular smartphone and expecting any level of privacy is delusional. An open source QR scanner (open source including the hardware) makes more sense, but im not sure where to buy the right one.

Hot wallets are more susceptible to attacks than ever, at least until the security updates are out.

The best solution where "mobility and actual use" of BTC are needed:  hardware wallet

HW's are completely untouched by this newest annoyance and security threat.  It is so reassuring to safely move coins easily overcoming computer malware and other crap.  Just move cautiously and make sure the destination address showing on the HW screen is accurate and you are good to go.  100-150 bucks for a HW vs 15K + per coin.  No brainer.

Why do you trust dedicated hardware wallets more than a general purpose laptop? Have you audited your Trezor/Ledger or whatever you are using chips?

[achow101]

Why do you trust dedicated hardware wallets more than a general purpose laptop? Have you audited your Trezor/Ledger or whatever you are using chips?

Have you audited your general purpose laptop and all of the chips it is using? It is far easier to audit the hardware wallet if you know what you are doing. Furthermore their firmware and bootloaders are mostly open source (for the Trezor, they are all open source, for Ledger, only partially) whereas the firmware for your laptop is most definitely not.

[cellard]

Why do you trust dedicated hardware wallets more than a general purpose laptop? Have you audited your Trezor/Ledger or whatever you are using chips?

Have you audited your general purpose laptop and all of the chips it is using? It is far easier to audit the hardware wallet if you know what you are doing. Furthermore their firmware and bootloaders are mostly open source (for the Trezor, they are all open source, for Ledger, only partially) whereas the firmware for your laptop is most definitely not.

Im using a librebooted old lenovo laptop, so no proprietary bios, drivers and so on. I can also run any software I want on it. I don't like being limited by the Trezor/Ledger thing.

And yes, my point was, we can't audit everything.

And since I saw this, I don't trust Trezor:

https://www.reddit.com/r/TREZOR/comments/6yti7p/trezor_bridge_trezordexe_calling_home/

Using a librebooted Linux laptop you would never have these kind of surprises in the behaviour of the software controlling your private keys.

[pebwindkraft]

And since I saw this, I don't trust Trezor:

https://www.reddit.com/r/TREZOR/comments/6yti7p/trezor_bridge_trezordexe_calling_home/

Using a librebooted Linux laptop you would never have these kind of surprises in the behaviour of the software controlling your private keys.

Another "weak" area in many LINUX systems are the blobs (eg. the graphic cards, the wifi cards, and more). For sure you don't need graphics or wifi on your (cold storage) signing system. OpenBSD can be an alternative here 

I can further minimize the risk with cold storage and multisig. But as usual, security is a trade-off between costs and comfort. It sure is easier to have a hardware wallet.

[leopard2]

I am pretty sure if you enter a password or a seed on an affected device you could be compromised, yes.

On the other hand fixes are being released as we speak. I wonder if these software based fixes can even provide sufficient security, as the flaw is in the hardware. How is a software fix in an antivirus or operating system going to prevent other software from reading the cache tables? 

For the next few days it may be best, not to open wallets with large balances on any device.

[cellard]

And since I saw this, I don't trust Trezor:

https://www.reddit.com/r/TREZOR/comments/6yti7p/trezor_bridge_trezordexe_calling_home/

Using a librebooted Linux laptop you would never have these kind of surprises in the behaviour of the software controlling your private keys.

Another "weak" area in many LINUX systems are the blobs (eg. the graphic cards, the wifi cards, and more). For sure you don't need graphics or wifi on your (cold storage) signing system. OpenBSD can be an alternative here 

I can further minimize the risk with cold storage and multisig. But as usual, security is a trade-off between costs and comfort. It sure is easier to have a hardware wallet.

With a librebooted setup, you can use open source wifi if you want for the online node, offline it doesn't really matter, for the airgapped laptop you are supposed to remove your wifi card physically, as long as any additional GPU or anything not really needed.

Even if you are not an expert to install Gentoo or OpenBSD... just get Xubuntu, and in my opinion it's a more complete and robust package than the Trezors etc. I love the control given by bitcoin Core in terms of inputs and outputs (coin control). Core devs just need to improve the cold storage features (moving the raw transaction from the cold storage to the node, signing transactions on the node.. etc). Right now you can't do it on the GUI, you require the console and it could lead to fatal mistakes.

[ProfWigSlipper]

Just by opening your wallet, this exploit cannot be used to steal your private keys. However if you send a transaction and you decrypt your private keys using your passphrase then YES that data is cached by the kernel when processing the instructions to sign the transaction in which case can be extracted.

....

I was thinking everything including "passphrases" would be exposed to memory even when opening an encrypted wallet. Thanks, for clearing that up.

ps. Did this huge story fade out fast in the mainstream news, or was I just not paying attention recently?

[ProfWigSlipper]

This topic is vital how can there be so little response?
Are people 100% scared by reality?

[hatshepsut93]

This topic is vital how can there be so little response?
Are people 100% scared by reality?

You are too dramatic, these attacks haven't changed anything, as computer systems were always weak in terms of security - there are tons of different bugs, vulnerabilities and backdoors. If you are using Bitcoin in potentially unsecure environment, like your home Windows machine, then you were vulnerable even before Spectre and Meltdown.
This is why people are using cold storages and hardware wallets - they are isolating private keys from their systems, so even if they are vulnerable, it won't result in a loss of their coins. This doesn't mean that you should be careless about security of your work/home computers, but you have to accept that they will never be secure enough to entrust them with your cryptocurrency saving wallets.

[ProfWigSlipper]

This topic is vital how can there be so little response?
Are people 100% scared by reality?

You are too dramatic, these attacks haven't changed anything, as computer systems were always weak in terms of security - ...

Thank you for constructive feedback.  // Respect

[figmentofmyass]

This topic is vital how can there be so little response?
Are people 100% scared by reality?

You are too dramatic, these attacks haven't changed anything, as computer systems were always weak in terms of security - there are tons of different bugs, vulnerabilities and backdoors. If you are using Bitcoin in potentially unsecure environment, like your home Windows machine, then you were vulnerable even before Spectre and Meltdown.
This is why people are using cold storages and hardware wallets - they are isolating private keys from their systems, so even if they are vulnerable, it won't result in a loss of their coins. This doesn't mean that you should be careless about security of your work/home computers, but you have to accept that they will never be secure enough to entrust them with your cryptocurrency saving wallets.

this experience does raise questions for me about the perceived safety of things like hardware wallets, though. if a rogue process can read all memory without authorization because of an intel chip vulnerability, what makes you think that such vulnerabilities don't exist in hardware wallets? considering the entire thinking around the security architecture of modern processors and speculative execution was wrong, it stands to reason that this is possible for hardware wallet architecture as well. i certainly don't feel safe having my keys on one and plugging it into an untrusted online computer.