“BadUSB” exploit - How would you protect your bitcoins on backup memory sticks?

[Kprawn]

Just thought I'd ask.

Look at this latest exploit --> http://arstechnica.com/security/2014/07/this-thumbdrive-hacks-computers-badusb-exploit-makes-devices-turn-evil/

I know some people "save" or "backup" their BTC public address and private key on memory sticks.

What if this exploit, embed a piece of software in the firmware of these devices, to capture this information and to send it to them, once it's used again?

Most people format the memory stick after it's used, and think it's save, but the firmware stays on there.

Just a thought.. play with it. 

[bomb177]

If I buy my USB sticks from trusted companies like Kingston, Sandisk or others I shouldn't have any trouble right?

[tatu]

Only if the nsa doesnt intercept them or they havent already got their backdoors built into the software.

[blacksails]

I have my wallet backed up on a USB stick. Encrypted of course!
Even if the firmware is evil it can't crack the encryption.

[ranochigo]

Protecting your wallet backup with a strong password should be able to migrate most of the attacks. It would take a lot of resources and time to bruteforce a long and strong password.

[InwardContour]

I have my wallet backed up on a USB stick. Encrypted of course!
Even if the firmware is evil it can't crack the encryption.

I have a backup of the wallet on several USB sticks and each one is encrypted with a strong (...and long) password,
I feel safe but probably the next cold storage will be on a paper wallet.

[blacksails]

I have my wallet backed up on a USB stick. Encrypted of course!
Even if the firmware is evil it can't crack the encryption.

I have a backup of the wallet on several USB sticks and each one is encrypted with a strong (...and long) password,
I feel safe but probably the next cold storage will be on a paper wallet.

Yeah, of course my only backup is not on a USB, I have it on external harddrives, USB sticks, CD:s, DVD:s, on multiple file-upload sites (the file is of course not public), on a few mail addresses and so on (always heavily encrypted of course!).

[JohnFromWIT]

That's not really the worry though.
If you somehow recieve a BadUSB infected device and connect it to your computer, your computer is now also at risk.

[ranochigo]

That's not really the worry though.
If you somehow recieve a BadUSB infected device and connect it to your computer, your computer is now also at risk.

If you connect it to a offline computer and create wallet, it wouldn't be much of a worry. You can also create raw transactions on that offline computer too. It is considered as safe if you never connect it to a online computer or if the computer you have connected to goes online.

[Kprawn]

Well previously it was thought, that if you did a few full formats on the memory stick, it would remove everything. But it does not remove the content of the firmware, so you stuffed. 

There used to be memory sticks with a "write protect" button, but I do not see them anymore. Do not even know, if it was really effective. {Like the write protection on stiffies 720k or 1.44 mb back in the days ....now I give away my age.  }

[notlist3d]

As far as "BadUSB" there is nothing new about usb drives being able to carry something "bad".  NEVER NEVER let someone stick their thumb drive as a general rule in a computer with information you are worried about. 

If you have information on your pc don't use plain text use some kind of encryption to protect it.

[btcguys]

use your old USB and not the new ones for Bitcoin pruposes 

Also, I do not recommend printing paper wallet private keys as private keys may be retrievable from printer's memory.

it is best to use a PC to create paper wallets that will never go online

[Bitsaurus]

use your old USB and not the new ones for Bitcoin pruposes 

Also, I do not recommend printing paper wallet private keys as private keys may be retrievable from printer's memory.

it is best to use a PC to create paper wallets that will never go online

While that may be true, it would be nearly impossible if the printers buffers have been flushed repeatedly.

Armory also utilizes a way to bypass this issue with scancodes.

[w4ssop]

I have a wallet backup on an old pendrive, it is about 5 years old so I hope it is safe.

[medUSA]

This "BadUSB" exploit should be a targeted attack, we are not going to see hacked USB devices right off the shelf. I am not that worried to be honest.

[paradoxum]

You could always rely on an older device like a 512MB thumbdrive or an older portable HD. 

[keyscore44]

Wonder whether this applies to people running Tails OS from USB sticks? Think I'll be stocking up on some SD cards (assuming they can't be exploited aswell).

[ensurance982]

Just don't. Keeping your BTC on flash drives doesn't make them any safer than storing them on a regular hard drive in your machine. As soon as the flash drive is connected, a potential attacker could get hold of your BTC if they're not encrypted in any way. Paper wallets and offline transaction signing. That's the way to go!