Bitcoin Forum
November 19, 2017, 01:41:03 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: hackers can steal data wirelessly from pcs that arent even online  (Read 3603 times)
aztecminer
Legendary
*
Offline Offline

Activity: 1092



View Profile
November 21, 2014, 09:21:29 PM
 #21

http://www.bloomberg.com/news/2014-11-19/hackers-can-steal-data-wirelessly-from-pcs-that-aren-t-even-online.html

This is something to be aware of when doing cold storage.

The gold standard of "use a machine that has never been connected to the internet and never will be"
will protect against this unless someone has physical access to the computer...
but are there other ways to also disable graphics card to prevent the attack described here?






another way into your pc is through your wireless usb's like you would use for your keyboard and mouse.
1511055663
Hero Member
*
Offline Offline

Posts: 1511055663

View Profile Personal Message (Offline)

Ignore
1511055663
Reply with quote  #2

1511055663
Report to moderator
1511055663
Hero Member
*
Offline Offline

Posts: 1511055663

View Profile Personal Message (Offline)

Ignore
1511055663
Reply with quote  #2

1511055663
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511055663
Hero Member
*
Offline Offline

Posts: 1511055663

View Profile Personal Message (Offline)

Ignore
1511055663
Reply with quote  #2

1511055663
Report to moderator
aztecminer
Legendary
*
Offline Offline

Activity: 1092



View Profile
November 21, 2014, 09:30:04 PM
 #22

You realize that only works if someone has PHYSICAL access to the device with the cold storage? With physical access, it's easier for a thief to steal the wallet file, regardless if it had internet or not.

Cracking the password to the wallet is another story.

Physical access is not required in many cases.  Since 2009 (32nm Sandybridge) all Intel CPUs have vPro AMT built in, allowing anyone to control the computer remotely using wireless 3G technology.  There are remote exploits in the wild and the technology cannot be disabled by the end user, the setting to disable AMT in the Bios is ignored.

"Currently, Intel AMT is available in desktops, servers, ultrabooks, tablets, and laptops with Intel Core vPro processor family, including Intel Core i3, i5, i7, and Intel Xeon processor E3-1200 product family"
http://en.wikipedia.org/wiki/Intel_Active_Management_Technology

"AMT is designed to help sys-admins remotely manage and secure PCs out-of-band when PC power is off"
http://en.wikipedia.org/wiki/Intel_AMT_versions

Keywords are "out-of-band" and "when PC power is off".  The Intel CPUs are always on, even when they are off, provided the computer is plugged in to the power.  They can remotely access all your data anytime they wish, without permission and without anyway for the end user to disable this "feature".  It is well documented, so there should be no surprises here.




same thing with your ip television. you can have ur tv turned off but the tv is still getting power and can still be used by NSA hackers to monitor you eating your bowl of #ebolas in the morning..
to circumvent this problem i use a voltage regulator between the wall outlet and the surge protector and cut the voltage regulator power when tv is not in use.
the voltage regulator will save you from coming home and finding your tv doesnt work anymore because of dirty power as well .
you should disconnect your internet modem when not in use (keeps hacker neighbors from getting used to stealing your bandwidth).
and only use hard wires in your home network disabling the wireless in your router until needed.
joesmoe2012
Hero Member
*****
Offline Offline

Activity: 756


Ching-Chang;Ding-Dong


View Profile WWW
November 22, 2014, 04:05:47 AM
 #23

Completely useless article and un-related. How exactly would one be able to get this virus into a machine i.e. cold storage?
If my damn PC is in my attic, have fun making it's GPU transmit signals.  Cheesy
Have fun siphoning data from an encrypted drive  Huh

Also:
Quote
Setup and configuration is the process that makes Intel AMT features accessible to management applications. Intel AMT devices are by default delivered in an unconfigured state. Before management applications can access an Intel AMT device, the device must be populated with various settings such as network configuration and security parameters.

Completely agree. Sad part is this FUD probably scared some people.

Lauda
Legendary
*
Offline Offline

Activity: 1666


GUNBOT Licenses -10% with ref. code 'GrumpyKitty'


View Profile WWW
November 22, 2014, 06:14:04 PM
 #24

Completely agree. Sad part is this FUD probably scared some people.
Well that's why FUD spreaders do their work.
If we were to go in further and analyze this in details, we would find much wrong with the allegations. Same thing with that USB bug. Taking into consideration the number of USB devices, people that could implement the virus and the amount of devices that have been actually 'modified' the chances of you getting infected are almost impossible. Yet that scared people of this community.
The Intel AMT feature can't be on and set up by default. That would be a major flaw, and would have been discussed long ago.


▄██████████████████
███████████████████
███████████████████
█████████████████
███████████████
████████████████
████████████████
█████████████████
███████████████████
████████████████████
█████████████████████
▀████████████████████
Bazista®
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██

██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
|||
scarsbergholden
Hero Member
*****
Offline Offline

Activity: 686



View Profile
November 23, 2014, 11:52:41 PM
 #25

You realize that only works if someone has PHYSICAL access to the device with the cold storage? With physical access, it's easier for a thief to steal the wallet file, regardless if it had internet or not.

Cracking the password to the wallet is another story.

Physical access is not required in many cases.  Since 2009 (32nm Sandybridge) all Intel CPUs have vPro AMT built in, allowing anyone to control the computer remotely using wireless 3G technology.  There are remote exploits in the wild and the technology cannot be disabled by the end user, the setting to disable AMT in the Bios is ignored.

"Currently, Intel AMT is available in desktops, servers, ultrabooks, tablets, and laptops with Intel Core vPro processor family, including Intel Core i3, i5, i7, and Intel Xeon processor E3-1200 product family"
http://en.wikipedia.org/wiki/Intel_Active_Management_Technology

"AMT is designed to help sys-admins remotely manage and secure PCs out-of-band when PC power is off"
http://en.wikipedia.org/wiki/Intel_AMT_versions

Keywords are "out-of-band" and "when PC power is off".  The Intel CPUs are always on, even when they are off, provided the computer is plugged in to the power.  They can remotely access all your data anytime they wish, without permission and without anyway for the end user to disable this "feature".  It is well documented, so there should be no surprises here.

So, just plug it off, when you don't need it?
Doesn't sound that complicated to me ...

Btw. my computer is always unplugged, when I switch it off, since i just hit the button on my multi-plug.
There is a small battery in the CPU (? - I believe this is where it is) that keeps power so the BOIS settings can be 'remembered'

In reality the simplest solution would be to line the inside of your computer with tinfoil. This would prevent an attacker from being able to receive any signal your computer is transmitting, as well as to prevent you from looking crazy. 

Stinky_Pete
Hero Member
*****
Offline Offline

Activity: 560


View Profile
November 24, 2014, 12:11:43 AM
 #26

There is a small battery in the CPU (? - I believe this is where it is) that keeps power so the BOIS settings can be 'remembered'

In reality the simplest solution would be to line the inside of your computer with tinfoil. This would prevent an attacker from being able to receive any signal your computer is transmitting, as well as to prevent you from looking crazy. 

Not in the CPU, it's a separate component on the motherboard.

Lining the case will not help if it is the cable to your monitor that is leaking the RF. So you would have to wrap the foil around that cable, and earth it.

Or you could put another, very noisy, RF setup in the same room.

Flashman
Hero Member
*****
Offline Offline

Activity: 518


Hodl!


View Profile
November 24, 2014, 02:08:27 AM
 #27

Or you could put another, very noisy, RF setup in the same room.

Finally, a use for my BFL Singles Cheesy

TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6

Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
Argwai96
Legendary
*
Offline Offline

Activity: 1036


Thug for life!


View Profile
November 24, 2014, 05:47:32 AM
 #28

Not in the CPU, it's a separate component on the motherboard.

Lining the case will not help if it is the cable to your monitor that is leaking the RF. So you would have to wrap the foil around that cable, and earth it.

Or you could put another, very noisy, RF setup in the same room.
I don't think it has been shown that monitor cables are able to leak this kind of information as described in the OP. I also don't think it would be all that difficult to line your monitor cables (and mouse/keyboard cables if you want to get similarly paranoid) to protect yourself against this kind of attack
fryarminer
Hero Member
*****
Offline Offline

Activity: 658


View Profile
November 24, 2014, 06:31:59 AM
 #29

Physical access is not required in many cases.  Since 2009 (32nm Sandybridge) all Intel CPUs have vPro AMT built in, allowing anyone to control the computer remotely using wireless 3G technology.  There are remote exploits in the wild and the technology cannot be disabled by the end user, the setting to disable AMT in the Bios is ignored.

"Currently, Intel AMT is available in desktops, servers, ultrabooks, tablets, and laptops with Intel Core vPro processor family, including Intel Core i3, i5, i7, and Intel Xeon processor E3-1200 product family"
http://en.wikipedia.org/wiki/Intel_Active_Management_Technology

"AMT is designed to help sys-admins remotely manage and secure PCs out-of-band when PC power is off"
http://en.wikipedia.org/wiki/Intel_AMT_versions

Keywords are "out-of-band" and "when PC power is off".  The Intel CPUs are always on, even when they are off, provided the computer is plugged in to the power.  They can remotely access all your data anytime they wish, without permission and without anyway for the end user to disable this "feature".  It is well documented, so there should be no surprises here.

From my brief reading, it does require a 3G card of some kind. So as long as you remove any such thing from your offline machine you should be OK. But it's still scary of course.

I would be interesting in seeing any links to actual exploits/demonstrations. There seem to be a lot of FUD articles on that topic and not many actual facts.

My thoughts exactly. The odds of something like this happening to the one computer out of 1 million that actually has significant Bitcoin on cold storage is greater than being run over by a truck and then by a motorcycle and still living.

If you're really that nervous, save each Bitcoin in a different brain wallet and memorize each different one. See how that works out for ya.
sk3959
Newbie
*
Offline Offline

Activity: 1


View Profile
November 24, 2014, 09:45:00 AM
 #30

BTC https://www.igot.com/?inviter_code=1014280323 BTC save it on igot. Grin
Coin_Master
Full Member
***
Offline Offline

Activity: 148


View Profile
November 27, 2014, 06:40:49 AM
 #31

From my brief reading, it does require a 3G card of some kind. So as long as you remove any such thing from your offline machine you should be OK. But it's still scary of course.

"Intel actually embedded the 3G radio chip in order to enable its Anti Theft 3.0 technology. And since that technology is found on every Core i3/i5/i7 CPU after Sandy Bridge, that means a lot of CPUs, not just new vPro"
http://www.infowars.com/91497/

The CPU itself is a 3G transmitter/receiver.  The CPU contains a separate computer inside, with it's own memory and storage, it operates at Ring -2 and beyond which is below the operating system at Ring 0, it is also below a hypervisor at Ring -1.  It cannot be detected by the operating system and it is standalone.

It can't access any data on harddisk though.

It can access the hard disk drive and any storage devices plugged into the computer, that is it's intended purpose, to be able to switch the computer on remotely and make changes to the operating system and hard disk drive.

Setup and configuration is the process that makes Intel AMT features accessible to management applications. Intel AMT devices are by default delivered in an unconfigured state. Before management applications can access an Intel AMT device, the device must be populated with various settings such as network configuration and security parameters.

Yeah this is complete lie, it is enabled by default and cannot ever be disabled, configuration is not necessary.

"Intel AMT backdoor enabled by default"
https://forums.lenovo.com/t5/Security-Malware/Intel-AMT-backdoor-enabled-by-default/td-p/824749

"Yes, but our rootkit would still be active. We have determined that some AMT code is still being executed, regardless of whether AMT is disabled in BIOS or not. In our proof of concept rootkit we decided to subvert this very AMT code."

I would be interesting in seeing any links to actual exploits/demonstrations.

Many exploits exist using various approaches, a demonstration was given at the Black Hat Conference in Las Vegas a long time ago in 2009.

"Invisible Things Lab's Rafal Wojtczuk and Alexander Tereshkin will present two new technical presentations at this year's Black Hat Conference in Las Vegas, NV, in July. The first presentation will talk about a new type of stealth malware, that potentially could be more powerful than kernel-mode, hypervisor-mode, and even SMM-based rootkits"
http://theinvisiblethings.blogspot.com/2009/08/vegas-toys-part-i-ring-3-tools.html



Here is the proof of concept code:
http://invisiblethingslab.com/resources/bh09usa/ring-minus-3-tools-1.3.tgz

It is concerning that you show an interest in 'how' it is done.
luv2drnkbr
Hero Member
*****
Offline Offline

Activity: 793



View Profile
November 27, 2014, 10:59:59 AM
 #32

Does this include the following?

- Reading some words/digits in the online computer.
- Walking to the airgapped one.
- Manually typing the memorized words/digits on the keyboard.

Yes, even those methods are not safe strictly speaking.  Theoretically a virus can trick you into recording the wrong data.  A truly safe cold storage device can only ever safely transmit data out of itself, never receive input data, as such input data can never truly be guaranteed to be secure.

FattyMcButterpants
Sr. Member
****
Offline Offline

Activity: 448



View Profile
November 27, 2014, 12:39:00 PM
 #33

Does this include the following?

- Reading some words/digits in the online computer.
- Walking to the airgapped one.
- Manually typing the memorized words/digits on the keyboard.

Yes, even those methods are not safe strictly speaking.  Theoretically a virus can trick you into recording the wrong data.  A truly safe cold storage device can only ever safely transmit data out of itself, never receive input data, as such input data can never truly be guaranteed to be secure.
This would make it impossible to even create cold storage in the first place. If cold storage can never receive input data then you would not be able to install anything that would create the private key or figure out the public key from the private key. It would also effectively make it impossible to ever spend any of your bitcoin in cold storage.
Coin_Master
Full Member
***
Offline Offline

Activity: 148


View Profile
November 28, 2014, 05:00:56 AM
 #34

Does this include the following?

- Reading some words/digits in the online computer.
- Walking to the airgapped one.
- Manually typing the memorized words/digits on the keyboard.

Yes, even those methods are not safe strictly speaking.  Theoretically a virus can trick you into recording the wrong data.  A truly safe cold storage device can only ever safely transmit data out of itself, never receive input data, as such input data can never truly be guaranteed to be secure.
This would make it impossible to even create cold storage in the first place.

There are hardware cold storage devices available for sale now that never let the private key be known, they are able to sign messages to facilitate sending coins.  In other words, the private key is never used by any software on any internet connected computer or device, the cold storage wallet private key can remain in cold storage while allowing you to send coins.
Kprawn
Legendary
*
Offline Offline

Activity: 1302


Verify - The Future Of Reputation


View Profile
November 28, 2014, 06:35:17 AM
 #35

I think, I was lucky, to get my hands on a old out dated computer on it's last legs!

I created hundreds of paper wallets, when I was offline and destroyed the whole computer afterwards. It is officially e-rubble now! {Small pieces, melted down}

If you have a old computer luying somewhere in a corner, and you are going to dispose of it, use it for a last time, and destroy it.  Grin Grin

                              ▄█▄         ▄█▄
                            ▄████▀      ▄████▀
                          ▄████▀      ▄████▀
                        ▄████▀      ▄████▀
                      ▄████▀      ▄████▀
                    ▄████▀      ▄████▀
 ▄█▄          ▄      ▀█▀      ▄████▀
▀████▄      ▄███▄           ▄████▀
  ▀████▄     ▀████▄       ▄████▀
    ▀████▄     ▀████▄   ▄████▀
      ▀████▄     ▀████▄████▀
        ▀████▄     ▀█████▀
          ▀█▀        ▀█▀
.verify.▄  █▄
██ ███▄
██ ████
██ ████
██ ████
██ ████
██ ████
██ ████
▀█ ████
   ████
   ████
█▄ ▀███
███▄ ▀█
▄  █▄
██ ███▄
██ ████
██ ████
██ ████
██ ████
██ ████
██ ████
▀█ ████
   ████
   ████
█▄ ▀███
███▄ ▀█
▄  █▄
██ ███▄
██ ████
██ ████
██ ████
██ ████
██ ████
██ ████
▀█ ████
   ████
   ████
█▄ ▀███
███▄ ▀█
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!