Author

Topic: Air gapping (Read 589 times)

hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
December 26, 2023, 01:50:26 PM
#48
Software level airgap - you have turned off your WiFi in your OS.

Hardware level airgap - you have physically removed your WiFi card (or never had one to begin with).

I think both are very secure, but software airgap has 2 possible flaws:
1. software malware like the one you mentioned in the answers above.
2. it's just one click away from becoming "non-airgapped". I think this has also been mentioned somewhere above.

In any case, yes, hardware level airgap is not so prone to errors.
If you are under threat of attack, i.e. live in a 100-unit apartment where god knows who is your neighbor or your neighbors' guests, believe me, you can be in trouble. If you live in a single-family home and your neighbors and your area is a very safe area where strangers don't move, then to my mind, software airgap alone can't be an issue. But as o_e_l_e_o pointed, software level airgap will always be less safer than hardware level airgap and I suggest you to stick with his advice.

Answer to your questions:
1. If your computer has never been connected to internet, you won't have software malware unless your manufacturer already gave you an infected computer, i.e. you can't do anything if there exists hardware backdoors in every modern equipment. To be honest, I am afraid, as science and technology develops, the higher the hardware backdoor chances will be. That's why I prefer to use very old device.
2. If there is no wireless signal in your area, just one click can't make your device non-airgapped. If you are absolutely alone in 2km radius and you have an Wi-Fi with password, I don't think your computer is going to hack the password. Absolutely every advice should be suited to individual threats and possibilities. If you are under a serious cyber attack threat, then simply air-gapping your computer is not enough, you need to isolate the room where your computer is located, block all wireless signals and use a Faraday Cage.
hero member
Activity: 560
Merit: 1060
December 26, 2023, 04:00:51 AM
#47
Software level airgap - you have turned off your WiFi in your OS.

Hardware level airgap - you have physically removed your WiFi card (or never had one to begin with).

I think both are very secure, but software airgap has 2 possible flaws:
1. software malware like the one you mentioned in the answers above.
2. it's just one click away from becoming "non-airgapped". I think this has also been mentioned somewhere above.

In any case, yes, hardware level airgap is not so prone to errors.
legendary
Activity: 2268
Merit: 18748
December 26, 2023, 03:55:15 AM
#46
Software level airgap - you have turned off your WiFi in your OS.

Hardware level airgap - you have physically removed your WiFi card (or never had one to begin with).
hero member
Activity: 560
Merit: 1060
December 26, 2023, 03:50:56 AM
#45
I don't argue with you, hardware lever airgap is much safer without a doubt but my point was that software level airgap isn't very dangerous for average computer user who lives in average neighborhood. There are people who don't know how to disassemble Laptop.What if I am that person and live in a village in a big house, in masonry walls and I have password set on my Wi-Fi? So if I don't type Wi-Fi's password in computer, computer won't be able to log in. To be honest, I don't argue with you because your advice is the most correct one, I am just stating, I don't feel like software airgap is dangerous in some cases. Overall, I suggest everyone to follow your advice for better security.

I wouldn't call it dangerous, per se, but just less secure than a hardware airgap. As I've said above, a software airgap is still much more preferable to a standard hot wallet.

What is considered a software airgap? I don't understand how software could help being airgaped? Like a software that blocks WiFi or one that blocks Bluetooth?
legendary
Activity: 2268
Merit: 18748
December 26, 2023, 03:42:15 AM
#44
So if I don't type Wi-Fi's password in computer, computer won't be able to log in.
Be aware that there are attacks which can utilize your WiFi without you being connected to a network. Yes, these are far more complex and technical and require an attacker to be in your local vicinity, but they are still possible.

I don't feel like software airgap is dangerous in some cases.
I wouldn't call it dangerous, per se, but just less secure than a hardware airgap. As I've said above, a software airgap is still much more preferable to a standard hot wallet.
hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
December 24, 2023, 12:03:56 PM
#43
My concerns with a software level airgap are not that someone is going to be able to extract data via monitoring my fan speed or electricity usage or one of the other novel techniques which has been described, but rather that a software level airgap is only ever one misclick, one settings change (accidental or malicious), one tiny adjustment, etc., aware from becoming a hot wallet. Additionally, a software level airgap is almost impossible for the user to verify themselves. If you turn on airplane mode on your phone, how can you confirm and verify for yourself that your phone is not transmitting any data at all via cellular, WiFi, Bluetooth, NFC, RFID, and so on?

A hardware level airgap is simply much safer.
I don't argue with you, hardware lever airgap is much safer without a doubt but my point was that software level airgap isn't very dangerous for average computer user who lives in average neighborhood. There are people who don't know how to disassemble Laptop.What if I am that person and live in a village in a big house, in masonry walls and I have password set on my Wi-Fi? So if I don't type Wi-Fi's password in computer, computer won't be able to log in. To be honest, I don't argue with you because your advice is the most correct one, I am just stating, I don't feel like software airgap is dangerous in some cases. Overall, I suggest everyone to follow your advice for better security.

Disabling the components that enable network connectivity is as straightforward as flipping a coin and ensuring it generates unbiased entropy.
Yes, that's true either. I just noticed that you are back, was it a one day farewell? Anyway, you are welcome.
hero member
Activity: 560
Merit: 1060
December 24, 2023, 09:40:17 AM
#42
I checked it out. It is absolutely essential to have the respective SeedSigner to Monero, but as far as I can see, it's under development. I wouldn't use it to store important amounts there. Instead, I would rather dedicate a spared laptop (which costs less than a RPi zero), airgap it, and install the officially supported Monero GUI wallet from getmonero.org.

Man, I totally agree with you and everyone who says that, but unfortunately I don't have an old laptop or pc or any device like that. But as far as the MoneroSigner is concerned, until it is properly released and tested I wouldn't use it either.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
December 24, 2023, 09:37:24 AM
#41
SeedSigner is in fact one of the best projects out there. And unfortunately not a lot of people talk about it. People prefer to use Ledgers... I mean, what the ...
Welcome to marketing.

Anyway, o_e_l_e_o recently told me about this: https://monerosigner.com/ which is the essentially a SeedSigner fork for monero. I just mention it because, you never know who could be interested.
I checked it out. It is absolutely essential to have the respective SeedSigner to Monero, but as far as I can see, it's under development. I wouldn't use it to store important amounts there. Instead, I would rather dedicate a spared laptop (which costs less than a RPi zero), airgap it, and install the officially supported Monero GUI wallet from getmonero.org.

I don't say you are paranoid or something like that but there are so many people who have this illogical fear that someone will hack their computer via recording LED blinking and someone will hack their wallet because BIP wordlist is public and 12 words are too easy to guess
I partially agree, but consider this: comprehending everything a computer executes during operation is an immensely time-consuming task. It involves delving into intricate details, ranging from understanding your computer's architecture and the functions of each hardware component to grasping concepts like elliptic curve cryptography. Disabling the components that enable network connectivity is as straightforward as flipping a coin and ensuring it generates unbiased entropy.
legendary
Activity: 2268
Merit: 18748
December 24, 2023, 09:28:40 AM
#40
But some claim that config BIOS will also be good enough for an actual airgap, is that true?
You mean disabling WiFi or other connectivity hardware in the BIOS settings? That is still a software level airgap. It's better than just turning them off in your OS since you can't accidentally turn them back up with a single misclick and need to go back in to your BIOS settings in order to re-enable them, but it is still a software airgap since the hardware is still there, is still functional, and is still connected up. This will never be as secure as a hardware airgap where the necessary hardware doesn't even exist in the device.

Even if you set laptop to airplane mode, don't remove Wi-Fi receiver and Bluetooth part from your laptop, who is going to get your seeds and bitcoins? Where do you live? I do not promote inattentiveness, no, you should be very careful but don't start thinking about how will someone steal data from your airgapped computer via wireless frequency or like, what if I CPU is infected and so on.
My concerns with a software level airgap are not that someone is going to be able to extract data via monitoring my fan speed or electricity usage or one of the other novel techniques which has been described, but rather that a software level airgap is only ever one misclick, one settings change (accidental or malicious), one tiny adjustment, etc., aware from becoming a hot wallet. Additionally, a software level airgap is almost impossible for the user to verify themselves. If you turn on airplane mode on your phone, how can you confirm and verify for yourself that your phone is not transmitting any data at all via cellular, WiFi, Bluetooth, NFC, RFID, and so on?

A hardware level airgap is simply much safer.
hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
December 23, 2023, 05:33:22 PM
#39
If you want to airgap a device which has previously been connected to the internet, then you need to format it and install a clean Linux OS.

Is there any type of malware that infects hardware? From a very short research I have made in the past, I know there are some trojan viruses that damage circuits. Having said that, I would also remove Bluetooth and network card from the device. Or do you think this is an overkill?
Everything with firmware can be infected with a virus. You might like to read about BadUSB. They just reprogrammed microcontroller, emulated a keyboard when connected to computer and initiated a series of keystrokes. Theoretically, CPUs, GPUs, motherboards, RAMs, absolutely every hardware component can be infected but this is something I wouldn't worry about. Probably no hacker is on that level to infect firmware so well that they'll let your computer to generate pre-generated seeds by hacker and if your device isn't connected to internet, who is going to steal any information? And if you think that someone might extract data from your air-gapped computer by recording frequency of your processor's cores or recording fun vibration or frequency of your hard drive, then you probably live in a wrong place Cheesy

Even if you set laptop to airplane mode, don't remove Wi-Fi receiver and Bluetooth part from your laptop, who is going to get your seeds and bitcoins? Where do you live? I do not promote inattentiveness, no, you should be very careful but don't start thinking about how will someone steal data from your airgapped computer via wireless frequency or like, what if I CPU is infected and so on.
I don't say you are paranoid or something like that but there are so many people who have this illogical fear that someone will hack their computer via recording LED blinking and someone will hack their wallet because BIP wordlist is public and 12 words are too easy to guess Cheesy
hero member
Activity: 560
Merit: 1060
December 23, 2023, 01:01:07 PM
#38
Alternatively, if you don't know what you're doing, buy yourself a signing device like SeedSigner. It requires minimum technical knowledge to setup, and is completely airgapped.

SeedSigner is in fact one of the best projects out there. And unfortunately not a lot of people talk about it. People prefer to use Ledgers... I mean, what the ...

Anyway, o_e_l_e_o recently told me about this: https://monerosigner.com/ which is the essentially a SeedSigner fork for monero. I just mention it because, you never know who could be interested.
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
December 23, 2023, 11:49:37 AM
#37
The whole point of phones is to be able to communicate wirelessly in as many ways as possible. Trying to airgap such a device will never be completely successful. Is it better than a random hot wallet? Yes. Is it as good as a proper airgapped device which has no connectivity hardware? No.

That led me to think how about building a desktop with a motherboard that doesn't have an inbuilt wifi adapter, unfortunately, there are not many options available and I can find some basic level motherboards that are ddr4 for about $100 price range and other brands are costing around $400 just for motherboards so better option is to remove the driver from motherboards.

But some claim that config BIOS will also be good enough for an actual airgap, is that true?
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
December 23, 2023, 09:44:45 AM
#36
Removing Wifi/Bluetooth chip or driver from smartphone usually is far harder, so your option usually is limited to always on airplane mode.
In my opinion, nobody should even get in that trouble. Smartphones are the exact opposite of an airgapped device. They are designed to connect to as many networks as possible. You'll have to remove modem, Wi-Fi chip(s), antennas, bluetooth module(s), NFC, GPS I think, and even radio chip? I lost count, maybe there are even more.

I am of the opinion that a properly airgapped old laptop is more secure than the majority of hardware wallets out there, if you know what you are doing.
Alternatively, if you don't know what you're doing, buy yourself a signing device like SeedSigner. It requires minimum technical knowledge to setup, and is completely airgapped.
legendary
Activity: 2268
Merit: 18748
December 23, 2023, 09:28:17 AM
#35
Using old device for air-gapped wallet is okay but if someone is really going to save few thousands worth of BTC then better spend few hundreds to buy hardware wallet or value for money brand new laptop that can last for atleast 5 years with no issues.
I am of the opinion that a properly airgapped old laptop is more secure than the majority of hardware wallets out there, if you know what you are doing. And there is no need to buy a new device just for this. The hardware requirements to run an airgapped wallet are absolutely tiny - any old device will do. You could even build a device from old components you have lying around.

I was thinking is there any ways to make a smartphone air gapped?
No. Unless you are one of the few people using a modular phone, then the WiFi, Bluetooth, NFC, etc., modules are integrated in to the circuit boards in your phone and nearly impossible to remove without damaging the phone. You can turn all these things off and turn on airplane mode, but as I've said above, a software level airgap is not a true airgap at all.

The whole point of phones is to be able to communicate wirelessly in as many ways as possible. Trying to airgap such a device will never be completely successful. Is it better than a random hot wallet? Yes. Is it as good as a proper airgapped device which has no connectivity hardware? No.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
December 23, 2023, 03:52:32 AM
#34
It's fairly easy to open up a laptop and strip out the WiFi card, etc., and turn it in to an airgapped device.
Not for everyone. Cheesy

I remember I broke hinges somehow while opening the back panel for switching SSD, so better leave the job to professionals. Cheesy

It also depends on the laptop itself. Certain brand or thin laptop usually is more tricky to be modified.

Using old device for air-gapped wallet is okay but if someone is really going to save few thousands worth of BTC then better spend few hundreds to buy hardware wallet or value for money brand new laptop that can last for atleast 5 years with no issues.

FWIW some old device also can last for really long time with some maintenance.

Some older Thinkpad T series models also have this physical switch, but I am not sure you can disable everything in any proprietary bios with any switch.
I was thinking is there any ways to make a smartphone air gapped?

Removing Wifi/Bluetooth chip or driver from smartphone usually is far harder, so your option usually is limited to always on airplane mode. And aside from AirGap Knox, Electrum Android should have all necessary feature to create wallet on air gapped device.
hero member
Activity: 714
Merit: 1298
December 23, 2023, 03:06:49 AM
#33

I was thinking is there any ways to make a smartphone air gapped?

AirGap Knox claims to be the solution for disabling  "all sorts of connectivity on your smartphone on a system level and create an absolute secure environment for the AirGap Vault." They also claim that AirGap Vault combined with   Airgap Wallet turns Android smartphone into device  the  security of which is  comparable to dedicated hardware wallets:







P.S. Personally I didn't try it  because my stash relies entirely  on security of multisig wallet which has Passport 2  cosigner.
sr. member
Activity: 322
Merit: 318
The Alliance Of Bitcointalk Translators - ENG>BAN
December 22, 2023, 11:29:19 AM
#32
Some older Thinkpad T series models also have this physical switch, but I am not sure you can disable everything in any proprietary bios with any switch.
I was thinking is there any ways to make a smartphone air gapped? And obviously do all the things one would do with an air gapped laptop device (Is this even possible? I don't have much knowledge of this). It's a stupid question, isn't it? I understand smartphones are very small and delicate piece of hardwares. It's too much of hassle. Instead buying a old laptop and making it air gapped should be easy.
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
December 22, 2023, 10:55:00 AM
#31
It's fairly easy to open up a laptop and strip out the WiFi card, etc., and turn it in to an airgapped device.

Not for everyone. Cheesy

I remember I broke hinges somehow while opening the back panel for switching SSD, so better leave the job to professionals. Cheesy



Using old device for air-gapped wallet is okay but if someone is really going to save few thousands worth of BTC then better spend few hundreds to buy hardware wallet or value for money brand new laptop that can last for atleast 5 years with no issues.
hero member
Activity: 714
Merit: 1298
December 22, 2023, 03:02:33 AM
#30
And the problem with this is that one must buy this device only to use it offline which renders it limited to a small amount of tasks.
You can certainly buy a SBC for this,

and keep it in popcorn tin  like Jimmy Zhong, the guy known to be an early developer of Bitcoin and the same time who stole 50 000 BTC from the Silk Road.

The guy was himself robbed  despite all measures taken - airgapping, "robust digital home surveillance system", etc. But he was lacking in one important trait - to remain quiet on the matter of bitcoin possessing.



P.S. I come to a conclusion that a  flamethrower becomes a must-have equipment for bitcoiner and is even more important than airgapped device Grin
 
legendary
Activity: 2268
Merit: 18748
December 22, 2023, 02:01:38 AM
#29
And the problem with this is that one must buy this device only to use it offline which renders it limited to a small amount of tasks.
You can certainly buy a SBC for this, but you can also use an old laptop (or any other old computer) you have for this without spending anything. It's fairly easy to open up a laptop and strip out the WiFi card, etc., and turn it in to an airgapped device.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
December 21, 2023, 05:31:50 AM
#28
In a nutshell: Could malware move sensitive data back and forth between the usb and the connected computers without you being any the wiser?

While there are many malware which spread over USB storage was very common, i only recall very few malware which also move sensitive data/file over USB storage with goal uploading to creator's server.

On the contrary - I think it is mandatory. A software level airgap will never be completely secure, since you are one misclick or one accidental setting change away from re-enabling some form of connectivity and breaking your airgap. A hardware level airgap (i.e. connectivity hardware removed) will always be a safer option.
The only "problem" with airgapping is that it must be permanent as you said. Therefore, it must be dedicated to always being offline, both hardware and software-wise. And the problem with this is that one must buy this device only to use it offline which renders it limited to a small amount of tasks.

That's true. Aside from networking, you'll only use small portion of the storage and barely use the CPU/GPU. It's one of reason people also prefer to use their old PC or laptop.

Raspberry pi is nice option. If you go for pi zero you may want to read about SeedSigner too. Using it as signing device is much more convenient than an offline computer imho.

Yeah this is exactly why I thought of using RPi Zero. The only problem is that I can't find any RPi Zero without WiFi (the non-W version). At least where I live, it's difficult to find.

But if you can find W version easily, consider buying that and uninstall both WiFi and Bluetooth driver.
hero member
Activity: 560
Merit: 1060
December 21, 2023, 05:15:41 AM
#27
Raspberry pi is nice option. If you go for pi zero you may want to read about SeedSigner too. Using it as signing device is much more convenient than an offline computer imho.

Yeah this is exactly why I thought of using RPi Zero. The only problem is that I can't find any RPi Zero without WiFi (the non-W version). At least where I live, it's difficult to find.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
December 21, 2023, 05:07:43 AM
#26
I have made the decision to buy a Raspberry Pi Zero which has no WiFi support, nor ethernet port and develop a device where I will generate passhprases and wallets (using electrum probably).

Raspberry pi is nice option. If you go for pi zero you may want to read about SeedSigner too. Using it as signing device is much more convenient than an offline computer imho.
hero member
Activity: 560
Merit: 1060
December 20, 2023, 03:20:04 PM
#25
On the contrary - I think it is mandatory. A software level airgap will never be completely secure, since you are one misclick or one accidental setting change away from re-enabling some form of connectivity and breaking your airgap. A hardware level airgap (i.e. connectivity hardware removed) will always be a safer option.

The only "problem" with airgapping is that it must be permanent as you said. Therefore, it must be dedicated to always being offline, both hardware and software-wise. And the problem with this is that one must buy this device only to use it offline which renders it limited to a small amount of tasks.

I have made the decision to buy a Raspberry Pi Zero which has no WiFi support, nor ethernet port and develop a device where I will generate passhprases and wallets (using electrum probably).
legendary
Activity: 2268
Merit: 18748
December 20, 2023, 03:02:52 PM
#24
Is there any type of malware that infects hardware?
Not sure. There is BIOS malware though.

Having said that, I would also remove Bluetooth and network card from the device. Or do you think this is an overkill?
On the contrary - I think it is mandatory. A software level airgap will never be completely secure, since you are one misclick or one accidental setting change away from re-enabling some form of connectivity and breaking your airgap. A hardware level airgap (i.e. connectivity hardware removed) will always be a safer option.
hero member
Activity: 560
Merit: 1060
December 20, 2023, 02:08:18 PM
#23
If you want to airgap a device which has previously been connected to the internet, then you need to format it and install a clean Linux OS.

Is there any type of malware that infects hardware? From a very short research I have made in the past, I know there are some trojan viruses that damage circuits. Having said that, I would also remove Bluetooth and network card from the device. Or do you think this is an overkill?
legendary
Activity: 2268
Merit: 18748
December 20, 2023, 02:01:57 PM
#22
I think air gapping on a device previously connected to the internet is safe as long as you dont connect to the internet with it again, but I am no expert.
It's not. Your computer could be filled with malware which makes it generate pre-determined seed phrases or use weak entropy when generating new wallets. If you want to airgap a device which has previously been connected to the internet, then you need to format it and install a clean Linux OS.

In a nutshell: Could malware move sensitive data back and forth between the usb and the connected computers without you being any the wiser?
It's rare, but it is certainly possible. Many airgapped devices will use QR codes instead when transferring transactions back and forth in order to avoid this possible attack vector.
legendary
Activity: 2254
Merit: 2003
A Bitcoiner chooses. A slave obeys.
December 20, 2023, 08:28:54 AM
#21
I think air gapping on a device previously connected to the internet is safe as long as you dont connect to the internet with it again, but I am no expert. But I do have an idea on how it could not be safe...Although I would need feedback on the idea. Again, I am by no means any kind of expert so this might sound dumb:

If you were to use a air gapped computer, could you be vulnerable from connecting a device, like a usb stick, that you use on your gapped computer as well as on a different computer with internet connection? Would that still count as being air gapped or could that potentially be a kind of "trojan horse" delivery mechanism that compromises your security?

In a nutshell: Could malware move sensitive data back and forth between the usb and the connected computers without you being any the wiser?

legendary
Activity: 2212
Merit: 7064
December 20, 2023, 06:50:53 AM
#20
Side note with this, but important. If you can find old rugged laptops, be it Panasonic Toughbooks or Dell rugged laptops they have 2 ways of shutting off ALL wireless communications 1 is in the bios and the other is a physical switch. Either one will 100% shut down all external signaling.
Some older Thinkpad T series models also have this physical switch, but I am not sure you can disable everything in any proprietary bios with any switch.
Only way is to totally remove bios and install open source alternative bios like coreboot or libreboot, but that is available only for limited laptop models.
sr. member
Activity: 317
Merit: 448
December 14, 2023, 09:10:31 PM
#19
Hello everyone!
I'm trying to use my old laptop as an air gap devices, how do I know if it's air gapped because I already used it before for internet connection but but it has been a very very long time and I also removed the wifi adapter so it can be er go online again.

Thanks for your help

You should also plan on how are you going to transfer the unsigned/signed transaction to/from your offline laptop.

After you install the new OS, and configure the way you want it, you should physically disable all
ports, USB, HDMI, Ethernet, SD card reader, Wifi/WWAN, etc.
(Unless you carry it around 24/7 and you sleep with it, LOL).

Use QR codes and laptop cameras to transfer the data between your air gapped computers.

You could buy one of these QR readers that do nothing but read QR codes, this way you minimize a lot of variables. I think you can find them for cheap on Amazon, just make sure they don't have any internal memory or wireless smart crap on them and you are good. Use these to read the raw transaction that you have converted into a QR code from the air gapped laptop in order to sign in in the hot wallet laptop. This way you don't need to move the laptops awkwardly in front of each other to read the codes. Also you don't want the screen of your cold wallet laptop to be visible at any moment to the camera of a computer that is connect into the itnernet.
legendary
Activity: 2702
Merit: 1468
December 10, 2023, 03:25:55 PM
#18
Hello everyone!
I'm trying to use my old laptop as an air gap devices, how do I know if it's air gapped because I already used it before for internet connection but but it has been a very very long time and I also removed the wifi adapter so it can be er go online again.

Thanks for your help

You should also plan on how are you going to transfer the unsigned/signed transaction to/from your offline laptop.

After you install the new OS, and configure the way you want it, you should physically disable all
ports, USB, HDMI, Ethernet, SD card reader, Wifi/WWAN, etc.
(Unless you carry it around 24/7 and you sleep with it, LOL).

Use QR codes and laptop cameras to transfer the data between your air gapped computers.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
December 10, 2023, 09:39:57 AM
#17
Side note with this, but important. If you can find old rugged laptops, be it Panasonic Toughbooks or Dell rugged laptops they have 2 ways of shutting off ALL wireless communications 1 is in the bios and the other is a physical switch. Either one will 100% shut down all external signaling.

Done for both security AND if you are in an environment where having anything putting out a powered RF signal would be bad.

Tend to be more expensive and a total pain to work on at times (50 screws to replace a broken screen) but they are an option.

-Dave
legendary
Activity: 2268
Merit: 18748
December 10, 2023, 09:33:31 AM
#16
BTW. Why did  you strip off the mixer signature, precautionary measure or what?
I dropped my signature ages ago, a long time before any announcements from theymos. Because reasons. Tongue
hero member
Activity: 714
Merit: 1298
December 10, 2023, 09:10:54 AM
#15

In terms of the BIOS: You can always flash the BIOS with a clean version at the same time you will be installing your new OS.



Good advice, but it seems there are some flavors of malware that can survive BIOS re-flashing.  

Besides,  sometimes it is hard to find  the relevant firmware that match BIOS on the old laptops.

BTW. Why did  you strip off the mixer signature, precautionary measure or what?
sr. member
Activity: 364
Merit: 298
December 10, 2023, 07:07:33 AM
#14
I gotta say though, no software in the world can truly guarantee that your device is 100% air-gapped.

Software does not guarantee you anything.  You do.  If you do not know how to do proper device air gapping, then better buy yourself a reputable airgapped hardware wallet like Passport or build yourself a signing device from scratch for ultimate transparency.
legendary
Activity: 2268
Merit: 18748
December 10, 2023, 06:11:04 AM
#13
In terms of hardware: You will be able to find instructions or a YouTube video online for your make and model of laptop showing how to safely disassemble it. Removing hardware is the only way to ensure your laptop is truly airgapped.

In terms of the BIOS: You can always flash the BIOS with a clean version at the same time you will be installing your new OS.

In terms of Tails: It works well, but there are a few things to keep in mind. There is no persistent storage unless you configure it, meaning that when you shutdown your computer everything (including your bitcoin wallet) will be wiped, and you will have to recover from your seed phrase back up next time you want to use your wallet. Also, the version of Electrum pre-bundled with Tails is 4.0.2. If you want to use any of the features released in newer versions since then, you'll need to download and verify the standalone appimage on a different computer and transfer it to your Tails computer (and then store it in the persistent storage so you don't have to do that every single time).
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
December 10, 2023, 05:29:56 AM
#12
Removed the WiFi card and Bluetooth. Format and reinstall the computer OS. That will let you to be 100% sure that your device is 100% not having malware.

I was thinking to remove the WiFi card and Bluetooth but my laptop Is inbuilt so If I want to remove this things i will have to unculple the laptop which might lead to damage.

In this case, you could try remove driver which used for networking.

One way that might work easier (somebody more knowledgeable should confirm) is to boot from a Tails USB and at boot time select (in offline mode settings) to stay without network (now the default is with network on). It's not my blog, I've found it on web search, but one of the last images on this page shows what I want to tell.

Of course that if you want to use it for air gapped wallet you may want o enable persistence and so on, hence still things to learn and check.
If this could be possible it will be less stressful than the above option but how do I get a tails USB ?
Have anyone tried it before? To share the experience

Basically you put Tails OS on your USB storage drive. Just check their website if you need guidance, https://tails.net/install/index.en.html.
legendary
Activity: 1526
Merit: 1359
December 09, 2023, 12:32:08 PM
#11
Removed the WiFi card and Bluetooth. Format and reinstall the computer OS. That will let you to be 100% sure that your device is 100% not having malware.

I was thinking to remove the WiFi card and Bluetooth but my laptop Is inbuilt so If I want to remove this things i will have to unculple the laptop which might lead to damage.

A lot of older laptop models have WiFi and Bluetooth connectivity through modules that plug into the motherboard.  These things are usually pretty easy to get to if you pop off the access panel on the bottom.  If you can tell me the exact make and model of your laptop, I might be able to give you more specifics on how to remove that particular module.  Though if you're unsure about tackling this yourself, it wouldn't hurt to have an experienced technician help you out.  They'd know the best way to safely detach those parts without damaging anything. 

If this could be possible it will be less stressful than the above option but how do I get a tails USB ?
Have anyone tried it before? To share the experience

You can download Tails OS and installation instructions for USB from their official website: https://tails.net/install/download/
Be sure to verify your download before using it.

I gotta say though, no software in the world can truly guarantee that your device is 100% air-gapped.  Your best bet is to just manually disable/remove the hardware if you really wanna go that route.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
December 09, 2023, 09:09:21 AM
#10
If this could be possible it will be less stressful than the above option but how do I get a tails USB ?
Have anyone tried it before? To share the experience

Yes, I've tried it, actually even a couple of times. I had difficulties in installing other software, but Electrum is there already, so you have a good start. You have to boot from the USB, you need to enable persistent storage at every start, you have to disable network at every start and I think that you have to add electrum to persistent storage.

As documentation, tails os website has a lot of useful doc/tutorial, also the blog I've linked in my previous post covers a lot, including what to do to create the bootable stick (which is imho the easiest step).
hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
December 09, 2023, 09:02:03 AM
#9
Format and reinstall the computer OS. That will let you to be 100% sure that your device is 100% not having malware.

I am in doubt in this.

There might be malware sitting in BIOS.
If you want to use your device as an Airgapped device and don't plan to connect it to internet, then even if your BIOS is infected, your keys won't be shared because attacker needs you to access internet in order to transfer your data from your computer to his server. For further protection, you might buy a faraday cage and make your room soundproof where you store your computer. Is it necessary to take these security measurements? I don't think they are but do as you wish.
If your BIOS is infected, then buy a new motherboard or if you think any part of your computer is infected, buy a new computer. But also keep in mind that doesn't matter whatever device you buy, they might still be backdoored. What do you think about the idea that every computer manufactured recently is actually backdoored? But I think you are overthinking.

I have responded to Charles-Tim's the  statement  which is not entirely correct. Infected BIOS  is capable to deliver malicious payload to OS after boot no matter in what way the system was installed.

Thus "formatting  and reinstalling"  the computer OS doesn't grantee "that your device is 100% not having malware".

 
Oops, sorry, I thought you were the OP and that's why I said You. Sorry again Smiley
hero member
Activity: 714
Merit: 1298
December 09, 2023, 09:00:25 AM
#8
Format and reinstall the computer OS. That will let you to be 100% sure that your device is 100% not having malware.

I am in doubt in this.

There might be malware sitting in BIOS.
If you want to use your device as an Airgapped device and don't plan to connect it to internet, then even if your BIOS is infected, your keys won't be shared because attacker needs you to access internet in order to transfer your data from your computer to his server. For further protection, you might buy a faraday cage and make your room soundproof where you store your computer. Is it necessary to take these security measurements? I don't think they are but do as you wish.
If your BIOS is infected, then buy a new motherboard or if you think any part of your computer is infected, buy a new computer. But also keep in mind that doesn't matter whatever device you buy, they might still be backdoored. What do you think about the idea that every computer manufactured recently is actually backdoored? But I think you are overthinking.

I have responded to Charles-Tim's   statement  which is not entirely correct. Infected BIOS  is capable to deliver malicious payload to OS after boot no matter in what way the system was installed.

Thus "formatting  and reinstalling"  the computer OS doesn't grantee "that your device is 100% not having malware".

The question of "whether it can influence the sensitive wallets  parts" is a matter of research rather than believe. IMO.

  
hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
December 09, 2023, 08:40:55 AM
#7
Format and reinstall the computer OS. That will let you to be 100% sure that your device is 100% not having malware.

I am in doubt in this.

There might be malware sitting in BIOS.
If you want to use your device as an Airgapped device and don't plan to connect it to internet, then even if your BIOS is infected, your keys won't be shared because attacker needs you to access internet in order to transfer your data from your computer to his server. For further protection, you might buy a faraday cage and make your room soundproof where you store your computer. Is it necessary to take these security measurements? I don't think they are but do as you wish.
If your BIOS is infected, then buy a new motherboard or if you think any part of your computer is infected, buy a new computer. But also keep in mind that doesn't matter whatever device you buy, they might still be backdoored. What do you think about the idea that every computer manufactured recently is actually backdoored? But I think you are overthinking.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
December 09, 2023, 08:11:28 AM
#6
I am in doubt in this.

There might be malware sitting in BIOS.
I do not think there is any problem if the flash drive used for the installation is not having malware. Reinstalling the OS has been the method that people are recommending.

One way that might work easier (somebody more knowledgeable should confirm) is to boot from a Tails USB and at boot time select (in offline mode settings) to stay without network (now the default is with network on). It's not my blog, I've found it on web search, but one of the last images on this page shows what I want to tell.

Of course that if you want to use it for air gapped wallet you may want o enable persistence and so on, hence still things to learn and check.
I hearrd that tails OS comes with Electrum installed. It would be a good option for airgapped devices.

I was thinking to remove the WiFi card and Bluetooth but my laptop Is inbuilt so If I want to remove this things i will have to unculple the laptop which might lead to damage.
You can check some YouTube videos for it. Just search it on YouTube and you will get some useful information that would be helpful.
jr. member
Activity: 242
Merit: 7
Axioma Holding - Axioma Pay Crypto Card
December 09, 2023, 08:10:23 AM
#5
Removed the WiFi card and Bluetooth. Format and reinstall the computer OS. That will let you to be 100% sure that your device is 100% not having malware.

I was thinking to remove the WiFi card and Bluetooth but my laptop Is inbuilt so If I want to remove this things i will have to unculple the laptop which might lead to damage.

One way that might work easier (somebody more knowledgeable should confirm) is to boot from a Tails USB and at boot time select (in offline mode settings) to stay without network (now the default is with network on). It's not my blog, I've found it on web search, but one of the last images on this page shows what I want to tell.

Of course that if you want to use it for air gapped wallet you may want o enable persistence and so on, hence still things to learn and check.
If this could be possible it will be less stressful than the above option but how do I get a tails USB ?
Have anyone tried it before? To share the experience
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
December 09, 2023, 07:56:35 AM
#4
One way that might work easier (somebody more knowledgeable should confirm) is to boot from a Tails USB and at boot time select (in offline mode settings) to stay without network (now the default is with network on). It's not my blog, I've found it on web search, but one of the last images on this page shows what I want to tell.

Of course that if you want to use it for air gapped wallet you may want o enable persistence and so on, hence still things to learn and check.
hero member
Activity: 714
Merit: 1298
December 09, 2023, 07:50:57 AM
#3
Format and reinstall the computer OS. That will let you to be 100% sure that your device is 100% not having malware.

I am in doubt in this.

There might be malware sitting in BIOS.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
December 09, 2023, 07:35:00 AM
#2
Removed the WiFi card and Bluetooth. Format and reinstall the computer OS. That will let you to be 100% sure that your device is 100% not having malware.
jr. member
Activity: 242
Merit: 7
Axioma Holding - Axioma Pay Crypto Card
December 09, 2023, 07:32:54 AM
#1
Hello everyone!
I'm trying to use my old laptop as an air gap devices, how do I know if it's air gapped because I already used it before for internet connection but but it has been a very very long time and I also removed the wifi adapter so it can be er go online again.

Thanks for your help
Jump to: