Air gapping - page 2. | Bitcointalksearch.org

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: goldkingcoiner on December 20, 2023, 09:28:54 AM

In a nutshell: Could malware move sensitive data back and forth between the usb and the connected computers without you being any the wiser?

While there are many malware which spread over USB storage was very common, i only recall very few malware which also move sensitive data/file over USB storage with goal uploading to creator's server.

Quote from: apogio on December 20, 2023, 04:20:04 PM

Quote from: o_e_l_e_o on December 20, 2023, 04:02:52 PM

On the contrary - I think it is mandatory. A software level airgap will never be completely secure, since you are one misclick or one accidental setting change away from re-enabling some form of connectivity and breaking your airgap. A hardware level airgap (i.e. connectivity hardware removed) will always be a safer option.

The only "problem" with airgapping is that it must be permanent as you said. Therefore, it must be dedicated to always being offline, both hardware and software-wise. And the problem with this is that one must buy this device only to use it offline which renders it limited to a small amount of tasks.

That's true. Aside from networking, you'll only use small portion of the storage and barely use the CPU/GPU. It's one of reason people also prefer to use their old PC or laptop.

Quote from: apogio on December 21, 2023, 06:15:41 AM

Quote from: NeuroticFish on December 21, 2023, 06:07:43 AM

Raspberry pi is nice option. If you go for pi zero you may want to read about SeedSigner too. Using it as signing device is much more convenient than an offline computer imho.

Yeah this is exactly why I thought of using RPi Zero. The only problem is that I can't find any RPi Zero without WiFi (the non-W version). At least where I live, it's difficult to find.

But if you can find W version easily, consider buying that and uninstall both WiFi and Bluetooth driver.

apogio

hero member

Activity: 560

Merit: 1060

Quote from: NeuroticFish on December 21, 2023, 06:07:43 AM

Raspberry pi is nice option. If you go for pi zero you may want to read about SeedSigner too. Using it as signing device is much more convenient than an offline computer imho.

Yeah this is exactly why I thought of using RPi Zero. The only problem is that I can't find any RPi Zero without WiFi (the non-W version). At least where I live, it's difficult to find.

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

Quote from: apogio on December 20, 2023, 04:20:04 PM

I have made the decision to buy a Raspberry Pi Zero which has no WiFi support, nor ethernet port and develop a device where I will generate passhprases and wallets (using electrum probably).

Raspberry pi is nice option. If you go for pi zero you may want to read about SeedSigner too. Using it as signing device is much more convenient than an offline computer imho.

apogio

hero member

Activity: 560

Merit: 1060

Quote from: o_e_l_e_o on December 20, 2023, 04:02:52 PM

On the contrary - I think it is mandatory. A software level airgap will never be completely secure, since you are one misclick or one accidental setting change away from re-enabling some form of connectivity and breaking your airgap. A hardware level airgap (i.e. connectivity hardware removed) will always be a safer option.

The only "problem" with airgapping is that it must be permanent as you said. Therefore, it must be dedicated to always being offline, both hardware and software-wise. And the problem with this is that one must buy this device only to use it offline which renders it limited to a small amount of tasks.

I have made the decision to buy a Raspberry Pi Zero which has no WiFi support, nor ethernet port and develop a device where I will generate passhprases and wallets (using electrum probably).

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: apogio on December 20, 2023, 03:08:18 PM

Is there any type of malware that infects hardware?

Not sure. There is BIOS malware though.

Quote from: apogio on December 20, 2023, 03:08:18 PM

Having said that, I would also remove Bluetooth and network card from the device. Or do you think this is an overkill?

On the contrary - I think it is mandatory. A software level airgap will never be completely secure, since you are one misclick or one accidental setting change away from re-enabling some form of connectivity and breaking your airgap. A hardware level airgap (i.e. connectivity hardware removed) will always be a safer option.

apogio

hero member

Activity: 560

Merit: 1060

Quote from: o_e_l_e_o on December 20, 2023, 03:01:57 PM

If you want to airgap a device which has previously been connected to the internet, then you need to format it and install a clean Linux OS.

Is there any type of malware that infects hardware? From a very short research I have made in the past, I know there are some trojan viruses that damage circuits. Having said that, I would also remove Bluetooth and network card from the device. Or do you think this is an overkill?

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: goldkingcoiner on December 20, 2023, 09:28:54 AM

I think air gapping on a device previously connected to the internet is safe as long as you dont connect to the internet with it again, but I am no expert.

It's not. Your computer could be filled with malware which makes it generate pre-determined seed phrases or use weak entropy when generating new wallets. If you want to airgap a device which has previously been connected to the internet, then you need to format it and install a clean Linux OS.

Quote from: goldkingcoiner on December 20, 2023, 09:28:54 AM

In a nutshell: Could malware move sensitive data back and forth between the usb and the connected computers without you being any the wiser?

It's rare, but it is certainly possible. Many airgapped devices will use QR codes instead when transferring transactions back and forth in order to avoid this possible attack vector.

goldkingcoiner

legendary

Activity: 2226

Merit: 1971

A Bitcoiner chooses. A slave obeys.

I think air gapping on a device previously connected to the internet is safe as long as you dont connect to the internet with it again, but I am no expert. But I do have an idea on how it could not be safe...Although I would need feedback on the idea. Again, I am by no means any kind of expert so this might sound dumb:

If you were to use a air gapped computer, could you be vulnerable from connecting a device, like a usb stick, that you use on your gapped computer as well as on a different computer with internet connection? Would that still count as being air gapped or could that potentially be a kind of "trojan horse" delivery mechanism that compromises your security?

In a nutshell: Could malware move sensitive data back and forth between the usb and the connected computers without you being any the wiser?

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: DaveF on December 10, 2023, 10:39:57 AM

Side note with this, but important. If you can find old rugged laptops, be it Panasonic Toughbooks or Dell rugged laptops they have 2 ways of shutting off ALL wireless communications 1 is in the bios and the other is a physical switch. Either one will 100% shut down all external signaling.

Some older Thinkpad T series models also have this physical switch, but I am not sure you can disable everything in any proprietary bios with any switch.
Only way is to totally remove bios and install open source alternative bios like coreboot or libreboot, but that is available only for limited laptop models.

takuma sato

sr. member

Activity: 317

Merit: 443

Quote from: af_newbie on December 10, 2023, 04:25:55 PM

Quote from: Dakcrypto on December 09, 2023, 08:32:54 AM

Hello everyone!
I'm trying to use my old laptop as an air gap devices, how do I know if it's air gapped because I already used it before for internet connection but but it has been a very very long time and I also removed the wifi adapter so it can be er go online again.

Thanks for your help

You should also plan on how are you going to transfer the unsigned/signed transaction to/from your offline laptop.

After you install the new OS, and configure the way you want it, you should physically disable all
ports, USB, HDMI, Ethernet, SD card reader, Wifi/WWAN, etc.
(Unless you carry it around 24/7 and you sleep with it, LOL).

Use QR codes and laptop cameras to transfer the data between your air gapped computers.

You could buy one of these QR readers that do nothing but read QR codes, this way you minimize a lot of variables. I think you can find them for cheap on Amazon, just make sure they don't have any internal memory or wireless smart crap on them and you are good. Use these to read the raw transaction that you have converted into a QR code from the air gapped laptop in order to sign in in the hot wallet laptop. This way you don't need to move the laptops awkwardly in front of each other to read the codes. Also you don't want the screen of your cold wallet laptop to be visible at any moment to the camera of a computer that is connect into the itnernet.

af_newbie

legendary

Activity: 2702

Merit: 1468

Quote from: Dakcrypto on December 09, 2023, 08:32:54 AM

Hello everyone!
I'm trying to use my old laptop as an air gap devices, how do I know if it's air gapped because I already used it before for internet connection but but it has been a very very long time and I also removed the wifi adapter so it can be er go online again.

Thanks for your help

You should also plan on how are you going to transfer the unsigned/signed transaction to/from your offline laptop.

After you install the new OS, and configure the way you want it, you should physically disable all
ports, USB, HDMI, Ethernet, SD card reader, Wifi/WWAN, etc.
(Unless you carry it around 24/7 and you sleep with it, LOL).

Use QR codes and laptop cameras to transfer the data between your air gapped computers.

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Side note with this, but important. If you can find old rugged laptops, be it Panasonic Toughbooks or Dell rugged laptops they have 2 ways of shutting off ALL wireless communications 1 is in the bios and the other is a physical switch. Either one will 100% shut down all external signaling.

Done for both security AND if you are in an environment where having anything putting out a powered RF signal would be bad.

Tend to be more expensive and a total pain to work on at times (50 screws to replace a broken screen) but they are an option.

-Dave

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: satscraper on December 10, 2023, 10:10:54 AM

BTW. Why did you strip off the mixer signature, precautionary measure or what?

I dropped my signature ages ago, a long time before any announcements from theymos. Because reasons. Tongue

satscraper

hero member

Activity: 714

Merit: 1298

Quote from: o_e_l_e_o on December 10, 2023, 07:11:04 AM

In terms of the BIOS: You can always flash the BIOS with a clean version at the same time you will be installing your new OS.

Good advice, but it seems there are some flavors of malware that can survive BIOS re-flashing.

Besides, sometimes it is hard to find the relevant firmware that match BIOS on the old laptops.

BTW. Why did you strip off the mixer signature, precautionary measure or what?

Medusah

sr. member

Activity: 336

Merit: 296

Quote from: Stalker22 on December 09, 2023, 01:32:08 PM

I gotta say though, no software in the world can truly guarantee that your device is 100% air-gapped.

Software does not guarantee you anything. You do. If you do not know how to do proper device air gapping, then better buy yourself a reputable airgapped hardware wallet like Passport or build yourself a signing device from scratch for ultimate transparency.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

In terms of hardware: You will be able to find instructions or a YouTube video online for your make and model of laptop showing how to safely disassemble it. Removing hardware is the only way to ensure your laptop is truly airgapped.

In terms of the BIOS: You can always flash the BIOS with a clean version at the same time you will be installing your new OS.

In terms of Tails: It works well, but there are a few things to keep in mind. There is no persistent storage unless you configure it, meaning that when you shutdown your computer everything (including your bitcoin wallet) will be wiped, and you will have to recover from your seed phrase back up next time you want to use your wallet. Also, the version of Electrum pre-bundled with Tails is 4.0.2. If you want to use any of the features released in newer versions since then, you'll need to download and verify the standalone appimage on a different computer and transfer it to your Tails computer (and then store it in the persistent storage so you don't have to do that every single time).

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: Dakcrypto on December 09, 2023, 09:10:23 AM

Quote from: Charles-Tim on December 09, 2023, 08:35:00 AM

Removed the WiFi card and Bluetooth. Format and reinstall the computer OS. That will let you to be 100% sure that your device is 100% not having malware.

I was thinking to remove the WiFi card and Bluetooth but my laptop Is inbuilt so If I want to remove this things i will have to unculple the laptop which might lead to damage.

In this case, you could try remove driver which used for networking.

Quote from: Dakcrypto on December 09, 2023, 09:10:23 AM

Quote from: NeuroticFish on December 09, 2023, 08:56:35 AM

One way that might work easier (somebody more knowledgeable should confirm) is to boot from a Tails USB and at boot time select (in offline mode settings) to stay without network (now the default is with network on). It's not my blog, I've found it on web search, but one of the last images on this page shows what I want to tell.

Of course that if you want to use it for air gapped wallet you may want o enable persistence and so on, hence still things to learn and check.

If this could be possible it will be less stressful than the above option but how do I get a tails USB ?
Have anyone tried it before? To share the experience

Basically you put Tails OS on your USB storage drive. Just check their website if you need guidance, https://tails.net/install/index.en.html.

Stalker22

legendary

Activity: 1526

Merit: 1359

Quote from: Dakcrypto on December 09, 2023, 09:10:23 AM

Quote from: Charles-Tim on December 09, 2023, 08:35:00 AM

Removed the WiFi card and Bluetooth. Format and reinstall the computer OS. That will let you to be 100% sure that your device is 100% not having malware.

I was thinking to remove the WiFi card and Bluetooth but my laptop Is inbuilt so If I want to remove this things i will have to unculple the laptop which might lead to damage.

A lot of older laptop models have WiFi and Bluetooth connectivity through modules that plug into the motherboard. These things are usually pretty easy to get to if you pop off the access panel on the bottom. If you can tell me the exact make and model of your laptop, I might be able to give you more specifics on how to remove that particular module. Though if you're unsure about tackling this yourself, it wouldn't hurt to have an experienced technician help you out. They'd know the best way to safely detach those parts without damaging anything.

Quote from: NeuroticFish on December 09, 2023, 08:56:35 AM

If this could be possible it will be less stressful than the above option but how do I get a tails USB ?
Have anyone tried it before? To share the experience

You can download Tails OS and installation instructions for USB from their official website: https://tails.net/install/download/
Be sure to verify your download before using it.

I gotta say though, no software in the world can truly guarantee that your device is 100% air-gapped. Your best bet is to just manually disable/remove the hardware if you really wanna go that route.

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

Quote from: Dakcrypto on December 09, 2023, 09:10:23 AM

If this could be possible it will be less stressful than the above option but how do I get a tails USB ?
Have anyone tried it before? To share the experience

Yes, I've tried it, actually even a couple of times. I had difficulties in installing other software, but Electrum is there already, so you have a good start. You have to boot from the USB, you need to enable persistent storage at every start, you have to disable network at every start and I think that you have to add electrum to persistent storage.

As documentation, tails os website has a lot of useful doc/tutorial, also the blog I've linked in my previous post covers a lot, including what to do to create the bootable stick (which is imho the easiest step).

Synchronice

hero member

Activity: 882

Merit: 792

Watch Bitcoin Documentary - https://t.ly/v0Nim

Quote from: satscraper on December 09, 2023, 10:00:25 AM

Quote from: Synchronice on December 09, 2023, 09:40:55 AM

Quote from: satscraper on December 09, 2023, 08:50:57 AM

Quote from: Charles-Tim on December 09, 2023, 08:35:00 AM

Format and reinstall the computer OS. That will let you to be 100% sure that your device is 100% not having malware.

I am in doubt in this.

There might be malware sitting in BIOS.

If you want to use your device as an Airgapped device and don't plan to connect it to internet, then even if your BIOS is infected, your keys won't be shared because attacker needs you to access internet in order to transfer your data from your computer to his server. For further protection, you might buy a faraday cage and make your room soundproof where you store your computer. Is it necessary to take these security measurements? I don't think they are but do as you wish.
If your BIOS is infected, then buy a new motherboard or if you think any part of your computer is infected, buy a new computer. But also keep in mind that doesn't matter whatever device you buy, they might still be backdoored. What do you think about the idea that every computer manufactured recently is actually backdoored? But I think you are overthinking.

I have responded to Charles-Tim's the statement which is not entirely correct. Infected BIOS is capable to deliver malicious payload to OS after boot no matter in what way the system was installed.

Thus "formatting and reinstalling" the computer OS doesn't grantee "that your device is 100% not having malware".

Oops, sorry, I thought you were the OP and that's why I said You. Sorry again

Topic: Air gapping - page 2. (Read 580 times)