Bitcoin Forum
September 29, 2020, 08:32:39 PM *
News: Latest Bitcoin Core release: 0.20.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 [4]  All
  Print  
Author Topic: Is the hardware wallet really safe?  (Read 1213 times)
Voland.V
Full Member
***
Offline Offline

Activity: 210
Merit: 118


View Profile WWW
May 01, 2020, 06:13:41 PM
Merited by vapourminer (2)
 #61

4. Do not use an Internet access point if at least one other (your) device, home IOT devices, is connected to this access point).

good point as anything with access to other machines on the network can sniff packets and otherwise wreak damage to machines on it.

i have several access points for the various stuff.. one for ip cams systems, one for stuff like TVs, one for google/alexa stuff, one for other IoT (washer/dryer etc), one for guests, and one for my wireless computers and such.

none of the items on those access points can see the others. but stuff on the same AP can (usually) see each other as they usually need to.

EDIT: forgot to mention the obvious takeaway.. plus a separate AP for the rig you use the wallet on.
-------------------------------------------
Are you writing this seriously, or is this a joke on the subject?
It's good from a security point of view, but it's too deliberate.

For example, why make a separate point "one for things like google/alexa" when this service already transmits everything it hears to servers, even when you don't use it? All that this service hears is the same thing that anyone who attacks you will catch on the network.

sniped a bit out but the short answer is no not joking. btw google mini has a hard switch to turn the mike off. and its usually off as i rarely use it.

yes there are a couple routers. along with straight wireless APs that (usually) do not allow connected devices to see each other. im not concerned about the main ip addy from the modem being shared among the various routers and such as i know they can be linked together. im not trying to hide from the government, just script kiddies, IoT crap with little to no security etc.

however your knowledge obviously exceeds mine. any suggestions to improve this? i mean this in all seriousness. im not super paranoid but since most I0T stuff never gets security updates what are my options?
------------------------
I am pleasantly surprised by your approach to your own information security. It's nice for me, because the vast majority of people don't deal with this issue. Everyone thinks, "I'm not gonna get caught up in this, there are a lot of people like me..."
What you're doing is respected, and not because your protection is holeless. It's because if everybody else did what you did, it wouldn't be as easy for crooks as it is now. Unfortunately, all people who carelessly about their own information security, whether they want it or not, play on the same side as the scammers. People like you are one in a million, and on my part, your actions are only respected!

Everyone else is becoming a donor to cybercrime. It is very rare that you are attacked as one person, all at once.  Often this happens automatically, with special programs that are constantly growing in quality and can be used by YOUNG MACHINES! This is the reason why news like this appears:

(my post Re: How long will existing encryption last? January 18, 2020, 09:32:13 PM - https://bitcointalk.org/index.php?topic=5209297.new#new).

- access to you or your data happens regardless of your desire or importance!
This is a fully automatic data collection. The program collects everything and for everyone!
It is done by both government and scammers (usually almost the same).

- On January 14th the FBI confiscated the domain WeLeakInfo.com for providing paid users with access to data leaked to the network as a result of a hack. The operation was conducted jointly with the National Crime Agency (NCA), the Netherlands National Police Corps, the German Federal Criminal Police Office (Bundeskriminalamt) and the Police Service of Northern Ireland.
"The website gave users access to a search engine to view confidential information illegally obtained from more than 10,000 data leaks, including more than 12 billion indexed records, including names, email addresses, logins, phone numbers and passwords," said the U.S. Department of Justice.
Excuse me, but that's on one site alone - 12 billion! More than we live at this time!

And the worst part is that all major corporations are doing it, without exception. I don't want to give all the information here, but I'll give you one fresh example:

- Facebook tried to buy Pegasus software from Israeli spyware manufacturer NSO Group Technologies in order to monitor the activity of iOS device users.
According to court documents published by NSO Group, Facebook intended to buy the spy software Pegasus, which can extract user data from cloud storage of Apple, Google, Facebook, Amazon and Microsoft. The data is being exported, giving software operators access to confidential user data. The data collected includes all messages and photos, login credentials, and device location information.
NSO Group has a very mixed reputation for selling its products not only to law enforcement agencies, but also to authoritarian governments that persecute human rights defenders and journalists. But according to the CEO of NSO Group Shalev Hulio, two representatives of Facebook contacted the company in October 2017 and intended to acquire the right to use certain features of Pegasus.
And if you still have illusions about the methods of protection offered to us by "our defenders", for example, 2FA, then it is not true, they are easy to do, read my post: "Re: Keyless encryption and passwordless authentication March 09, 2020, 11:46:56 AM":
https://bitcointalk.org/index.php?topic=5204368.40.

All protection is an illusion of security.
Your main defense is not to arouse interest in professional attackers. From this point of view, I would advise you to reduce the number of access points, especially if they are via a wi-fi.

I'm not a professional, I'm just keeping a close eye on the news on cyber security...
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1601411559
Hero Member
*
Offline Offline

Posts: 1601411559

View Profile Personal Message (Offline)

Ignore
1601411559
Reply with quote  #2

1601411559
Report to moderator
vapourminer
Legendary
*
Offline Offline

Activity: 3010
Merit: 1617

what is this "brake pedal" you speak of?


View Profile
May 01, 2020, 11:07:44 PM
 #62

All protection is an illusion of security.
Your main defense is not to arouse interest in professional attackers. From this point of view, I would advise you to reduce the number of access points, especially if they are via a wi-fi.

I'm not a professional, I'm just keeping a close eye on the news on cyber security...

thank you for the detailed reply.

i wanted to reply in a bit more detail but ill just reply to this part (multiple wireless APs etc) for now.

i had though of the fact that a bunch of wireless individual APs and such in a single residence would be an invitation to see why. so my "solution" is to have most wireless APs in my basement on the floor. thus surrounded by concrete and dirt, so the only way for the signal to go (more or less) is up into the house space (which is the only place i want it seen), and not outside of the house footprint. as well as turn the power output as low as i can on device. thus minimizing  people driving by seeing the APs

low tech i know but its the best i can come up with.

Voland.V
Full Member
***
Offline Offline

Activity: 210
Merit: 118


View Profile WWW
May 02, 2020, 11:39:04 AM
Merited by vapourminer (2)
 #63

All protection is an illusion of security.
Your main defense is not to arouse interest in professional attackers. From this point of view, I would advise you to reduce the number of access points, especially if they are via a wi-fi.

I'm not a professional, I'm just keeping a close eye on the news on cyber security...

thank you for the detailed reply.

i wanted to reply in a bit more detail but ill just reply to this part (multiple wireless APs etc) for now.

i had though of the fact that a bunch of wireless individual APs and such in a single residence would be an invitation to see why. so my "solution" is to have most wireless APs in my basement on the floor. thus surrounded by concrete and dirt, so the only way for the signal to go (more or less) is up into the house space (which is the only place i want it seen), and not outside of the house footprint. as well as turn the power output as low as i can on device. thus minimizing  people driving by seeing the APs

low tech i know but its the best i can come up with.


-
The fact that you bricked your access points in the basement doesn't save you from attack.  Attacks only run on the network, on your ip.

I didn't believe it when I read how easy it was to attack an AP remotely using a ready-made program.  And I didn't believe that it could be done by someone without that experience or skill.  I was wondering if cheaters could act against me in the same way.

I found free programs on the usual Internet (not even on the Darknet), which find exactly the access point wi-fi, find on the network and around the world:
- or a map of the area;
- or an I.P. address;
- or simply a map of access points available for hacking in the country of your choice.

No way, I thought I found my access point and watched the program hack it for interest.  And the program did it all on its own.

This example showed me that even a person without special knowledge is capable of attacking access points.

For this reason, I don't see any point in shielding routers' radiation.

Try hacking your access points yourself.  You can find the program in Darknet yourself, I don't want to advertise these things.  I don't know how we can protect ourselves in the current paradigm of security systems.  We need to change the fundamentals.  And who needs this?
bob123
Legendary
*
Offline Offline

Activity: 1330
Merit: 2075



View Profile WWW
May 07, 2020, 04:41:30 PM
 #64

I didn't believe it when I read how easy it was to attack an AP remotely using a ready-made program. 
[...]
This example showed me that even a person without special knowledge is capable of attacking access points.

It is not that easy.
First, you need to define the scope. What exactly does count as an attack?
Attacking the availability is always possible (from within the range).
Attacking the confidentiality or integrity of the data is not as easy as you think.

Sure, if you are using outdated technology (outdated router or WEP), than it takes less than a few seconds to minutes to enter your network.
However, with an up-to-date router software and a proper encryption, there currently is no known way to intrude a network through 802.11x.

Lucius
Legendary
*
Offline Offline

Activity: 1918
Merit: 1955


1951 - The African Queen


View Profile
May 09, 2020, 09:50:20 AM
 #65

Sure, if you are using outdated technology (outdated router or WEP), than it takes less than a few seconds to minutes to enter your network.
However, with an up-to-date router software and a proper encryption, there currently is no known way to intrude a network through 802.11x.

And that's exactly what we have in practice, a very large number of old devices that are vulnerable to the point that they are hacked by kids who play with programs like BackTrack and hack WEP protection within minutes, or WPA2-PSK with WPS enabled within a few hours. It all really depends on how good an ISP is when it comes to firmware upgrades or replacing old devices.

bob123
Legendary
*
Offline Offline

Activity: 1330
Merit: 2075



View Profile WWW
May 09, 2020, 10:00:55 AM
Merited by vapourminer (1)
 #66

And that's exactly what we have in practice, a very large number of old devices that are vulnerable to the point that they are hacked by kids who play with programs like BackTrack and hack WEP protection within minutes, or WPA2-PSK with WPS enabled within a few hours.

Actually i can't confirm that.
Since i am working in the field of cyber security, i occasionally wardrive (basically scanning for wifi networks while walking/driving) out of curiosity.
A very small percentage (roughly less than 1%) is using WEP. The amount of WPS enabled is slightly higher, but definitely below 5%.

This might not be the case everywhere, but in my country that's what i could find out (not representative).

Even with Kali (the successor of Backtrack), a linux distribution designed for penetration testing, there isn't much you can do with the majority of Wifi networks.


However, i agree that with WPS enabled every somewhat techy kid could easily break into such a network. Checking the Settings for WPS and obviously also choosing a strong (non standard) password already adds quite some security.

Voland.V
Full Member
***
Offline Offline

Activity: 210
Merit: 118


View Profile WWW
June 07, 2020, 08:57:33 AM
Merited by vapourminer (1)
 #67

Recent news on the subject. In general, there is so much news that it is no longer possible to reread everything. Oh, you don't have to. Everyone will draw conclusions for themselves.

Security researchers from ESET discovered a dangerous vulnerability Kr00k (CVE-2019-15126) in widely used Wi-Fi chips Broadcom and Cypress and affects more than a billion devices worldwide (smartphones, tablets, laptops, routers and IoT devices) using the protocol WPA2-Personal or WPA2-Enterprise with the encryption algorithm AES-CCMP.  Now Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi) and access points from Asus and Huawei are under attack.The Kr00k vulnerability is related to Key Reset attack (KRACK), which allows attackers to crack Wi-Fi passwords protected by WPA2 protocol (again keys, key technologies).

Huge problems with device shells that contain embedded vulnerabilities, such as embedded passwords and embedded SSH/SSL keys.  The advent of one such device in your home, including an IOT device that connects it to your home wi-fi, allows you to attack all other devices connected to the same access point (keys, passwords, technologies built on a key function).
Pages: « 1 2 3 [4]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!