Bitcoin Forum
November 11, 2024, 02:34:52 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: hackers can steal data wirelessly from pcs that arent even online  (Read 3848 times)
jonald_fyookball (OP)
Legendary
*
Offline Offline

Activity: 1302
Merit: 1008


Core dev leaves me neg feedback #abuse #political


View Profile
November 20, 2014, 06:31:22 AM
 #1

http://www.bloomberg.com/news/2014-11-19/hackers-can-steal-data-wirelessly-from-pcs-that-aren-t-even-online.html

This is something to be aware of when doing cold storage.

The gold standard of "use a machine that has never been connected to the internet and never will be"
will protect against this unless someone has physical access to the computer...
but are there other ways to also disable graphics card to prevent the attack described here?

haploid23
Legendary
*
Offline Offline

Activity: 812
Merit: 1002



View Profile WWW
November 20, 2014, 07:43:38 AM
 #2

You realize that only works if someone has PHYSICAL access to the device with the cold storage? With physical access, it's easier for a thief to steal the wallet file, regardless if it had internet or not.

Cracking the password to the wallet is another story.

xDan
Hero Member
*****
Offline Offline

Activity: 688
Merit: 500

ヽ( ㅇㅅㅇ)ノ ~!!


View Profile
November 20, 2014, 11:43:20 AM
 #3

It's why using a USB stick to ferry data/transactions between your hot and cold machines is really a breach of the air-gap. Any transfer of data is. (And presumably if your hot machine is infected, any virus can just pass data back via the USB stick, it doesn't need any fancy radio transmissions.)

All input/output needs to be considered a potential conduit for viruses...

The ideal cold wallet wouldn't rely on any data from the outside world. I'm not sure that's possible though. Maybe by splitting the balance into many small amounts on separate private keys and just removing a single private key for a small amount at a time. So the data transfer is only ever *from* the cold machine to the hot machine, via paper wallet or photographing a QR code or something.

HODLing for the longest time. Skippin fast right around the moon. On a rocketship straight to mars.
Up, up and away with my beautiful, my beautiful Bitcoin~
dserrano5
Legendary
*
Offline Offline

Activity: 1974
Merit: 1029



View Profile
November 20, 2014, 12:26:12 PM
 #4

Quote
The malware can reprogram the PC's graphics card to transmit signals over the display cable that can be picked up by a nearby mobile device.

I'm wondering whether laptops qualify as having a "display cable".


It's why using a USB stick to ferry data/transactions between your hot and cold machines is really a breach of the air-gap.

Agreed, but:


Any transfer of data is.

Does this include the following?

- Reading some words/digits in the online computer.
- Walking to the airgapped one.
- Manually typing the memorized words/digits on the keyboard.

It's effectively a data transfer but the bad guys would have a really hard time trying to compromise the airgap through it. Of course it's inconvenient as hell but we all know that's the price you pay for security Smiley.
Flashman
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


Hodl!


View Profile
November 20, 2014, 12:44:05 PM
 #5

The only safe machine for cold storage is an Altair, where you hand toggle the wallet program and keys in on the front panel.  Tongue

And never use a VDU with it, makes it harder to Van Eck.

And always do 3 pulses with a flashgun into each eye before you leave the secure area, just in case retina forensics can recover recently seen things.

TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6

Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
Beliathon
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000


https://youtu.be/PZm8TTLR2NU


View Profile WWW
November 20, 2014, 12:59:28 PM
 #6

The only safe machine for cold storage is an Altair
That and your brain. A key to an address is just information after all.

Remember Aaron Swartz, a 26 year old computer scientist who died defending the free flow of information.
Flashman
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


Hodl!


View Profile
November 20, 2014, 01:02:54 PM
 #7

And practise thinking in an unspoken language, now that brain scans can infer thoughts from nerve activity required to talk.

TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6

Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
dserrano5
Legendary
*
Offline Offline

Activity: 1974
Merit: 1029



View Profile
November 20, 2014, 01:13:21 PM
 #8

brain scans can infer thoughts from nerve activity required to talk.

Ouch. Could you give some reference to this?
Flashman
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


Hodl!


View Profile
November 20, 2014, 01:19:06 PM
 #9

http://www.newscientist.com/article/mg22429934.000?cmpid=NLC

TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6

Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
xDan
Hero Member
*****
Offline Offline

Activity: 688
Merit: 500

ヽ( ㅇㅅㅇ)ノ ~!!


View Profile
November 20, 2014, 06:02:05 PM
 #10

Does this include the following?

- Reading some words/digits in the online computer.
- Walking to the airgapped one.
- Manually typing the memorized words/digits on the keyboard.

It's effectively a data transfer but the bad guys would have a really hard time trying to compromise the airgap through it. Of course it's inconvenient as hell but we all know that's the price you pay for security Smiley.
I guess you might get away with that... Wink

But I don't think the risk is quite zero. Probably minuscule enough though.

HODLing for the longest time. Skippin fast right around the moon. On a rocketship straight to mars.
Up, up and away with my beautiful, my beautiful Bitcoin~
jbrnt
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500



View Profile
November 20, 2014, 11:04:25 PM
 #11

This hack needs a virus, a receiver/transmitter near the video cable and a phone to download. If a hacker has so much access to the target machine, it is easier for him to actually steal the data when he plugs the usb drive in the computer.

I was expecting something like the "wirelessly steal data device" from Prison Break season 4 Cheesy
Eisenhower34
Legendary
*
Offline Offline

Activity: 906
Merit: 1002



View Profile
November 21, 2014, 12:40:32 AM
 #12

You realize that only works if someone has PHYSICAL access to the device with the cold storage? With physical access, it's easier for a thief to steal the wallet file, regardless if it had internet or not.

Cracking the password to the wallet is another story.
Right. If a hacker had physical access then they might as well make a copy of the hard drive and/or outright steal your computer in an attempt to steal your wallet files. This would make more sense then going through the hassle of taking data wirelessly as I would imagine that many people would tend to have somewhat easy to crack passwords on computers that hold cold storage wallets
Stinky_Pete
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500


View Profile
November 21, 2014, 12:47:11 AM
 #13

Anyone here want to buy a tin-foil hat? Made to measure. I accept bit-coin.

Soros Shorts
Donator
Legendary
*
Offline Offline

Activity: 1617
Merit: 1012



View Profile
November 21, 2014, 01:01:43 AM
 #14

but are there other ways to also disable graphics card to prevent the attack described here?


The article didn't say what kind of graphics card and cable would be most susceptible to being used as an FM transmitter to leak the data - VGA, DVI, HDMI, RGB? I am willing to bet that it only works reasonably well on one of these types of cables, and not so well on the others. So find out which one and use that cable. It would also be reasonable to assume that using a laptop computer or some other type of computing device that does not have a long video cable would greatly mitigate this kind of attack.
TinaK
Hero Member
*****
Offline Offline

Activity: 1106
Merit: 527



View Profile
November 21, 2014, 03:37:35 AM
 #15

Together with the entire computer were stolen?
Aha that's not a hacker, called a thief  Roll Eyes
Coin_Master
Full Member
***
Offline Offline

Activity: 148
Merit: 100


View Profile
November 21, 2014, 06:33:57 AM
 #16

You realize that only works if someone has PHYSICAL access to the device with the cold storage? With physical access, it's easier for a thief to steal the wallet file, regardless if it had internet or not.

Cracking the password to the wallet is another story.

Physical access is not required in many cases.  Since 2009 (32nm Sandybridge) all Intel CPUs have vPro AMT built in, allowing anyone to control the computer remotely using wireless 3G technology.  There are remote exploits in the wild and the technology cannot be disabled by the end user, the setting to disable AMT in the Bios is ignored.

"Currently, Intel AMT is available in desktops, servers, ultrabooks, tablets, and laptops with Intel Core vPro processor family, including Intel Core i3, i5, i7, and Intel Xeon processor E3-1200 product family"
http://en.wikipedia.org/wiki/Intel_Active_Management_Technology

"AMT is designed to help sys-admins remotely manage and secure PCs out-of-band when PC power is off"
http://en.wikipedia.org/wiki/Intel_AMT_versions

Keywords are "out-of-band" and "when PC power is off".  The Intel CPUs are always on, even when they are off, provided the computer is plugged in to the power.  They can remotely access all your data anytime they wish, without permission and without anyway for the end user to disable this "feature".  It is well documented, so there should be no surprises here.
turvarya
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500


View Profile
November 21, 2014, 08:03:05 AM
 #17

You realize that only works if someone has PHYSICAL access to the device with the cold storage? With physical access, it's easier for a thief to steal the wallet file, regardless if it had internet or not.

Cracking the password to the wallet is another story.

Physical access is not required in many cases.  Since 2009 (32nm Sandybridge) all Intel CPUs have vPro AMT built in, allowing anyone to control the computer remotely using wireless 3G technology.  There are remote exploits in the wild and the technology cannot be disabled by the end user, the setting to disable AMT in the Bios is ignored.

"Currently, Intel AMT is available in desktops, servers, ultrabooks, tablets, and laptops with Intel Core vPro processor family, including Intel Core i3, i5, i7, and Intel Xeon processor E3-1200 product family"
http://en.wikipedia.org/wiki/Intel_Active_Management_Technology

"AMT is designed to help sys-admins remotely manage and secure PCs out-of-band when PC power is off"
http://en.wikipedia.org/wiki/Intel_AMT_versions

Keywords are "out-of-band" and "when PC power is off".  The Intel CPUs are always on, even when they are off, provided the computer is plugged in to the power.  They can remotely access all your data anytime they wish, without permission and without anyway for the end user to disable this "feature".  It is well documented, so there should be no surprises here.

So, just plug it off, when you don't need it?
Doesn't sound that complicated to me ...

Btw. my computer is always unplugged, when I switch it off, since i just hit the button on my multi-plug.

https://forum.bitcoin.com/
New censorship-free forum by Roger Ver. Try it out.
xDan
Hero Member
*****
Offline Offline

Activity: 688
Merit: 500

ヽ( ㅇㅅㅇ)ノ ~!!


View Profile
November 21, 2014, 10:42:27 AM
 #18

Physical access is not required in many cases.  Since 2009 (32nm Sandybridge) all Intel CPUs have vPro AMT built in, allowing anyone to control the computer remotely using wireless 3G technology.  There are remote exploits in the wild and the technology cannot be disabled by the end user, the setting to disable AMT in the Bios is ignored.

"Currently, Intel AMT is available in desktops, servers, ultrabooks, tablets, and laptops with Intel Core vPro processor family, including Intel Core i3, i5, i7, and Intel Xeon processor E3-1200 product family"
http://en.wikipedia.org/wiki/Intel_Active_Management_Technology

"AMT is designed to help sys-admins remotely manage and secure PCs out-of-band when PC power is off"
http://en.wikipedia.org/wiki/Intel_AMT_versions

Keywords are "out-of-band" and "when PC power is off".  The Intel CPUs are always on, even when they are off, provided the computer is plugged in to the power.  They can remotely access all your data anytime they wish, without permission and without anyway for the end user to disable this "feature".  It is well documented, so there should be no surprises here.

From my brief reading, it does require a 3G card of some kind. So as long as you remove any such thing from your offline machine you should be OK. But it's still scary of course.

I would be interesting in seeing any links to actual exploits/demonstrations. There seem to be a lot of FUD articles on that topic and not many actual facts.

HODLing for the longest time. Skippin fast right around the moon. On a rocketship straight to mars.
Up, up and away with my beautiful, my beautiful Bitcoin~
Lauda
Legendary
*
Offline Offline

Activity: 2674
Merit: 2965


Terminated.


View Profile WWW
November 21, 2014, 11:06:19 AM
 #19

Completely useless article and un-related. How exactly would one be able to get this virus into a machine i.e. cold storage?
If my damn PC is in my attic, have fun making it's GPU transmit signals.  Cheesy
Have fun siphoning data from an encrypted drive  Huh

Also:
Quote
Setup and configuration is the process that makes Intel AMT features accessible to management applications. Intel AMT devices are by default delivered in an unconfigured state. Before management applications can access an Intel AMT device, the device must be populated with various settings such as network configuration and security parameters.

"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"
😼 Bitcoin Core (onion)
jbrnt
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500



View Profile
November 21, 2014, 07:13:26 PM
 #20

Keywords are "out-of-band" and "when PC power is off".  The Intel CPUs are always on, even when they are off, provided the computer is plugged in to the power.  They can remotely access all your data anytime they wish, without permission and without anyway for the end user to disable this "feature".  It is well documented, so there should be no surprises here.

This is scary stuff. If the power and network cable is plugged in and the cpu can connect to the internet and ping another ip, giving the location away. It can't access any data on harddisk though.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!