Pages:
Author

Topic: AirGapped Hardware Wallets - page 3. (Read 1253 times)

legendary
Activity: 2464
Merit: 4415
🔐BitcoinMessage.Tools🔑
October 08, 2021, 01:16:11 AM
#48
Who actually has an ethernet cable attached to their airgapped device though? The device you are using to store airgapped wallets should obviously not be connected to a WiFi router or similar, and it should also not be part of a LAN or similar.
If a device (in this case, an air-gapped computer with wallets installed) is a part of an air-gapped network, it needs to be somehow physically connected to other air-gapped computers. The question is why a crypto user would want isolated local networks to deal with cryptocurrency stuff? I think you are right in the sense that after such a vulnerability has been discovered and revealed, no computer that is part of isolated LAN can further be considered truly air-gapped. Cryptocurrency users, who want to maintain a decent level of security and preserve privacy, definitely should not have their (single) offline computer connected to the outside world: neither through physical means such as Ethernet cables, nor virtual ones such as WiFi, Bluetooth, etc.
legendary
Activity: 2268
Merit: 18771
October 07, 2021, 02:06:09 PM
#47
Newly discovered LANtenna Attack for airgapped devices was found recently, creating wireless signals with ethernet cable to steal data secrets from airgapped systems.
This is why I am a proponent of physically removing any connectivity hardware (or indeed, any superfluous hardware) from your airgapped device rather than just disabling it. I could never fall victim to this attack because not only does my airgapped device not have any ethernet cables attached to it, but it does not even have an ethernet port in which to connect an ethernet cable.

Who actually has an ethernet cable attached to their airgapped device though? The device you are using to store airgapped wallets should obviously not be connected to a WiFi router or similar, and it should also not be part of a LAN or similar.

the odds of such attacks happening are quite low [CMIW]
Correct. As with most attacks which leak data from airgapped computers, the attacker must first gain access to your airgapped computer to install malware on it, and then hide some sort of receiving device within fairly close proximity to your airgapped computer. If your computer never leaves your house, then this is essentially impossible without obvious signs of forced entry.
legendary
Activity: 2968
Merit: 3406
Crypto Swap Exchange
October 07, 2021, 11:20:46 AM
#46
~Snipped~
simply using $1 antenna via ethernet cables.
Not sure which one is more accurate, the article that mentioned "could reach tens of meters" or the PDF file [I only read the parts that I could understand] that said "to a distance of several meters away" but regardless of that, the odds of such attacks happening are quite low [CMIW], even with an infected computer [heavily depends on the location & distance of the computer + the security measures that some have].
- I never thought such a thing was even possible [thank you for sharing it].

I got a Passport and will try it out soon. Not sure whether to write a new post with extensive review or add to one of the threads about airgapped or open-source wallets.
Do both [just add a link for the latter part].

Anyhow; is there anything you would like to see / know about the device that wasn't covered in other reviews or articles so far?
Anything that might be hidden [apart from its games].
hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
October 06, 2021, 04:50:01 PM
#45
Newly discovered LANtenna Attack for airgapped devices was found recently, creating wireless signals with ethernet cable to steal data secrets from airgapped systems.
Sick! I think I saw a talk already at BlackHat or so about using cables as antennas; can't remember what kind of cable they were using though. I love these kinds of novel wireless attacks.

On the topic of airgapped wallets; I got a Passport and will try it out soon. Not sure whether to write a new post with extensive review or add to one of the threads about airgapped or open-source wallets. Anyhow; is there anything you would like to see / know about the device that wasn't covered in other reviews or articles so far?
legendary
Activity: 2212
Merit: 7064
October 06, 2021, 02:32:52 PM
#44
Newly discovered LANtenna Attack for airgapped devices was found recently, creating wireless signals with ethernet cable to steal data secrets from airgapped systems.
Malicious code can be sent from airgapped computers that don't have any internet connection, bluetooth or wi-fi, simply using $1 antenna via ethernet cables.
https://thehackernews.com/2021/10/creating-wireless-signals-with-ethernet.html

Full paper:
https://arxiv.org/pdf/2110.00104.pdf
hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
October 01, 2021, 09:13:31 AM
#43
Also, if your computer is infected with malware, you cannot trust any output it provides.
You are totally missing the point of airgapped devices, you obviously never used one yourself, and you have your own twisted definition of this devices, so I am not going to continue this discussion with you.
Unfortunately, I'm under the same impression. I'll give it one more go though Cheesy

If HW wallets are going to allow for firmware updates via a USB connection, and the manufacturer does not give clear instructions on how to do this via an air-gapped computer, calling the HW wallet "air-gapped" is probably more of a marketing gimmick than a security feature.
Firstly, this is a classic strawman. At least the 2 wallets I checked (Passport - doesn't even have a USB port and ColdCard), which are both marketed as airgapped, are upgraded via an SD card that holds the update.

I posted up-thread that a trezor for example would be superior than an air-gapped wallet. If you are going to use an air-gapped HW wallet, one that requires the user to compile the firmware is probably best.
The issue with this though is that then you're maybe safer during the (usually infrequent) firmware upgrades, but in day-to-day usage you're constantly physically plugging in your wallet into different machines' USB ports, which may or may not be infected, for signing transactions.

Just compare the attack surfaces:
  • Device A: Updated via USB, with self-compiled firmware. Plugged in via USB for every transaction.
  • Device B: Updated via SD card, with downloaded and verified firmware. Never plugged in, transaction data transferred via SD card or QR codes.
To me, device B wins hands down, I don't see a world where device A is more secure except maybe the case where you use it purely as cold storage. In that case though, a paper wallet may make more sense.
legendary
Activity: 2212
Merit: 7064
October 01, 2021, 08:59:13 AM
#42
Also, if your computer is infected with malware, you cannot trust any output it provides.
You are totally missing the point of airgapped devices, you obviously never used one yourself, and you have your own twisted definition of this devices, so I am not going to continue this discussion with you.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
October 01, 2021, 08:05:33 AM
#41
Can you really say a Hardware wallet is truly "air-gapped" if you are pushing firmware updates to it? Doing so in a way that your "average" user can complete the process without undue expenses.

I think to keep the HW wallet having it's "air-gapped" status after updating firmware, someone would need to compile the source code of the software that updates the firmware, and the firmware itself manually, and verify signatures signing the above code, signed by an entity you can trust, all on an air-gapped computer. I don't think this is something someone could do without a fairly decent amount of technical knowledge, and there would be costs involved that probably exceed the cost of the HW wallet.

I think if you were to update firmware via connecting the HW wallet to an internet-connected device, I don't think most people would consider the HW wallet to be "air-gapped" anymore. There are plenty of ways to do this safely while putting the risk of malware being introduced at near zero, as current HW wallet manufacturers do today, but I also think this procedure means these HW wallets are not "air-gapped".
In the end, everyone may choose their own definition of things and choose the method they like most to store their coins.
Matter of fact though: the commonly accepted definition of an airgapped wallet is that it's not physically connected to an online machine. I know it's vague, so there's room for interpretation.
I would typically define an "air-gapped" "computer" to be something that is never connected to the internet, nor is ever connected to any device that does not meet the definition of being "air-gapped".

If HW wallets are going to allow for firmware updates via a USB connection, and the manufacturer does not give clear instructions on how to do this via an air-gapped computer, calling the HW wallet "air-gapped" is probably more of a marketing gimmick than a security feature.
As for your suggestions: Lixin from Keystone confirmed they are planning for a version of their device that comes without firmware, so both the initial install and any updates will need to be compiled and flashed by you yourself. Maybe this would be something for you!
I posted up-thread that a trezor for example would be superior than an air-gapped wallet. If you are going to use an air-gapped HW wallet, one that requires the user to compile the firmware is probably best. Obviously, in order for this to provide meaningful protection, the user would need to be able to understand the code they are compiling.

Can you really say a Hardware wallet is truly "air-gapped" if you are pushing firmware updates to it? Doing so in a way that your "average" user can complete the process without undue expenses.
Yes you can.
In a same way like you would still use Airgapped computer with updated version of Electrum or any other software wallet with offline system update, not connecting to internet.
It's your own fault if you screw something up during the process of update, and procedure is very simple, click download on other online computer, verify software signature and then install it on airgapped computer.

If you use the term "its your own fault", there is probably not a good procedure that your "average" user can complete without experiencing security risks.

Also, if your computer is infected with malware, you cannot trust any output it provides. Granted, the manufacturer could suggest a procedure that is something along the lines of using a computer that boots from read-only memory, upload the public key whose private key signed the new firmware to the computer, upload the signature and source code to the computer to confirm the signature was signed by the right key, then install accordingly. However this procedure requires equipment whose cost would far exceed the cost of the HW wallet.
legendary
Activity: 2212
Merit: 7064
October 01, 2021, 06:40:56 AM
#40
Can you really say a Hardware wallet is truly "air-gapped" if you are pushing firmware updates to it? Doing so in a way that your "average" user can complete the process without undue expenses.
Yes you can.
In a same way like you would still use Airgapped computer with updated version of Electrum or any other software wallet with offline system update, not connecting to internet.
It's your own fault if you screw something up during the process of update, and procedure is very simple, click download on other online computer, verify software signature and then install it on airgapped computer.
hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
September 30, 2021, 08:18:22 PM
#39
Can you really say a Hardware wallet is truly "air-gapped" if you are pushing firmware updates to it? Doing so in a way that your "average" user can complete the process without undue expenses.

I think to keep the HW wallet having it's "air-gapped" status after updating firmware, someone would need to compile the source code of the software that updates the firmware, and the firmware itself manually, and verify signatures signing the above code, signed by an entity you can trust, all on an air-gapped computer. I don't think this is something someone could do without a fairly decent amount of technical knowledge, and there would be costs involved that probably exceed the cost of the HW wallet.

I think if you were to update firmware via connecting the HW wallet to an internet-connected device, I don't think most people would consider the HW wallet to be "air-gapped" anymore. There are plenty of ways to do this safely while putting the risk of malware being introduced at near zero, as current HW wallet manufacturers do today, but I also think this procedure means these HW wallets are not "air-gapped".
In the end, everyone may choose their own definition of things and choose the method they like most to store their coins.
Matter of fact though: the commonly accepted definition of an airgapped wallet is that it's not physically connected to an online machine. I know it's vague, so there's room for interpretation.

As for your suggestions: Lixin from Keystone confirmed they are planning for a version of their device that comes without firmware, so both the initial install and any updates will need to be compiled and flashed by you yourself. Maybe this would be something for you!
2) With our next gen we will have a cypherpunk version which allows users to burn their own firmware. And this version won't be shipped with a workable firmware so the user has to compile his own firmware and hopefully this will avoid new comers from buying it.
I am not 100% sure how the firmware is updated on this device, but as far as I know, Passport and ColdCard use an SD card to transfer the firmware update. This means you're still not directly connected to a computer while updating. But sure, the file could be modified when copied to the SD. Only issue is the device verifies it before applying it (same as when updating via USB cable usually), using signatures.

Finally, if someone's really sure their host machine is super infected and don't trust it to update their wallet they can also just not update it Grin Nobody forces anyone to update a first-gen hardware wallet to a version that supports SegWit for example, it will continue working on the very first firmware. And in case of a security issue, you can just buy a new device and transfer the funds if you don't trust installing the security patch via firmware update.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
September 30, 2021, 01:00:55 PM
#38
Regarding malicious firmware updates it should be questioned first if we should update an air-gapped wallet at all.
I see where you are coming from, but there are plenty of reasons why a completely airgapped wallet might need updated,
everything from patching vulnerabilities to supporting new address types such as segwit or taproot. It would also have to be a brave company to release a wallet without any way of updating the firmware. Can you imagine if after they've sold a million units someone discovers some critical vulnerability and they have no way of patching or mitigating it? That would probably be the end of said company.
Can you really say a Hardware wallet is truly "air-gapped" if you are pushing firmware updates to it? Doing so in a way that your "average" user can complete the process without undue expenses.

I think to keep the HW wallet having it's "air-gapped" status after updating firmware, someone would need to compile the source code of the software that updates the firmware, and the firmware itself manually, and verify signatures signing the above code, signed by an entity you can trust, all on an air-gapped computer. I don't think this is something someone could do without a fairly decent amount of technical knowledge, and there would be costs involved that probably exceed the cost of the HW wallet.

I think if you were to update firmware via connecting the HW wallet to an internet-connected device, I don't think most people would consider the HW wallet to be "air-gapped" anymore. There are plenty of ways to do this safely while putting the risk of malware being introduced at near zero, as current HW wallet manufacturers do today, but I also think this procedure means these HW wallets are not "air-gapped".
legendary
Activity: 2268
Merit: 18771
September 30, 2021, 09:59:02 AM
#37
Regarding malicious firmware updates it should be questioned first if we should update an air-gapped wallet at all.
I see where you are coming from, but there are plenty of reasons why a completely airgapped wallet might need updated,
everything from patching vulnerabilities to supporting new address types such as segwit or taproot. It would also have to be a brave company to release a wallet without any way of updating the firmware. Can you imagine if after they've sold a million units someone discovers some critical vulnerability and they have no way of patching or mitigating it? That would probably be the end of said company.
legendary
Activity: 2464
Merit: 4415
🔐BitcoinMessage.Tools🔑
September 30, 2021, 08:50:10 AM
#36
Ordinarily, sure, but if you introduce a process to retrieve the seed phrase from wherever on the device it is encrypted and hidden and display it in plain text, then you increase the attack surface and create the possibility of someone managing to hijack that process to retrieve the seed phrase without having unlocked the device.
Right, I am not arguing against that, it does increase the attack surface precisely because the more features and complexity there are, the easier it is for an attacker to find the ways to exploit them and harder for white hats to find and fix vulnerabilities. That is one of the reasons why bitcoin, unlike dumb-contracts, has never been hacked. Just keep it terribly simple.

Quote
Knowing a seed phrase is significantly worse, since an attacker can wait until you deposit larger amounts of coins to your wallets before stealing them, and can also now attempt to bruteforce any additional passphrased wallets which use that seed phrase.
Probably. However, for a successful bruteforce attack, a malicious actor needs to know beforehand that there is a considerable amount of money behind the passphrase, at least it needs to be bigger than what he is going to invest in bruteforce hardware, he also should have high confidence that the passphrase is of relatively low length and entropy, otherwise, there is no point in trying.

Quote
Either with physical access to the device, or through malicious firmware updates which you would transfer to the device via an SD card or similar.
Regarding malicious firmware updates it should be questioned first if we should update an air-gapped wallet at all.
legendary
Activity: 2212
Merit: 7064
September 30, 2021, 08:36:06 AM
#35
I agree, unfortunately, many devices do display the seed words when asked. This increases the attack surface.
In addition to those wallets you mentioned, I think that Safepal is also not allowing exporting or showing of mnemonic words (but it's closed source so I don't recommend it),
Ellipal wallet is even worse Android based device and it's possible to extract seed words, similar like with Trezor and Keepkey, so I would only use this wallets with passphrase:
https://breaking-bitcoin.com/docs/slides/2019/ExtractingSeeds.pdf

For a potential attacker to access the functionality of seed phrases written in plain text, they first need to somehow unlock a device. Right?
It's trivial to unlock PIN codes from those devices, and I think that some DIY wallets like PiTrezor are keeping seed words in regular format on SD card, but you can always encrypt your SD card.

Either with physical access to the device, or through malicious firmware updates which you would transfer to the device via an SD card or similar.
Firmware downgrades are main attack form for hardware wallet devices and I think some wallets still have this option enabled by default.

hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
September 30, 2021, 07:42:54 AM
#34
This defeats the purpose of hardware wallet which is storing of seed phrase completely offline, if the seed phrase is in a plain text and accessible anytime it is requested for on the device, then it is hot wallet, which will make it more vulnerable to online attacks. Then malware will be able to extract the seed phrase.
An air-gapped hardware wallet remains unconnected to the Internet all the time, the fact that you have an opportunity to see your seed in plain text doesn't change its status from "offline" to "online."
I agree with this; it's still far from a hot wallet, just alone for the fact that it's still a hardware wallet to begin with. A hot wallet is just a piece of software running on an internet connected PC. That's a whole other thing, Charles

I also can't think of the ways an attacker can employ to install malware if we never connect directly to the Internet.
Well, as long as there is communication (which there is), there is potential of infiltrating malware. In this case, the communication is done via QR codes, which can - in theory - for sure carry an exploit and potentially malware as payload.

It's highly unlikely, but it's possible.

Now, if your device has no built-in way, no functions in ROM, to read out the seed, the attacker will have to query the chip directly, if it's even possible, so it will be significantly harder for them to extract the seed phrase. Instead, if the wallet does have the built-in ability to show the words on screen, the code is somewhere in memory and can be read out by malware.

This being said, it's highly unlikely that malware infection by QR code will be achieved by someone in the first place, but I'm not talking about present / proven attacks, I'm just talking attack surface (hypothetical). And it is indeed definitely smaller if you don't have functions ready to be executed that fetch the seed for you.

Edit: As oeleo said, firmware update is another way to infect the device with such malware!
legendary
Activity: 2268
Merit: 18771
September 30, 2021, 03:51:13 AM
#33
For a potential attacker to access the functionality of seed phrases written in plain text, they first need to somehow unlock a device. Right?
Ordinarily, sure, but if you introduce a process to retrieve the seed phrase from wherever on the device it is encrypted and hidden and display it in plain text, then you increase the attack surface and create the possibility of someone managing to hijack that process to retrieve the seed phrase without having unlocked the device.

But if they already unlocked it, they can spend money without having to know the secret.
Knowing a seed phrase is significantly worse, since an attacker can wait until you deposit larger amounts of coins to your wallets before stealing them, and can also now attempt to bruteforce any additional passphrased wallets which use that seed phrase.

I also can't think of the ways an attacker can employ to install malware if we never connect directly to the Internet.
Either with physical access to the device, or through malicious firmware updates which you would transfer to the device via an SD card or similar.
legendary
Activity: 2464
Merit: 4415
🔐BitcoinMessage.Tools🔑
September 30, 2021, 03:26:39 AM
#32
This defeats the purpose of hardware wallet which is storing of seed phrase completely offline, if the seed phrase is in a plain text and accessible anytime it is requested for on the device, then it is hot wallet, which will make it more vulnerable to online attacks. Then malware will be able to extract the seed phrase.
An air-gapped hardware wallet remains unconnected to the Internet all the time, the fact that you have an opportunity to see your seed in plain text doesn't change its status from "offline" to "online." I also can't think of the ways an attacker can employ to install malware if we never connect directly to the Internet. I also don't agree with the statement that the main purpose of a hardware wallet is to store something offline because if it were so, then it would be no different from storing it on a piece of paper. The key purpose, I believe, is signing transactions offline.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
September 30, 2021, 03:05:18 AM
#31
For a potential attacker to access the functionality of seed phrases written in plain text, they first need to somehow unlock a device. Right? But if they already unlocked it, they can spend money without having to know the secret.
This defeats the purpose of hardware wallet which is storing of seed phrase completely offline, if the seed phrase is in a plain text and accessible anytime it is requested for on the device, then it is hot wallet, which will make it more vulnerable to online attacks. Then malware will be able to extract the seed phrase.
legendary
Activity: 2464
Merit: 4415
🔐BitcoinMessage.Tools🔑
September 30, 2021, 01:42:01 AM
#30
They obviously have to display the words the first time they are generated so you can write them down, but after that, a good hardware wallet should not provide the functionality to show them again as it kind of defeats the purpose of a hardware wallet. If there is the functionality to show the seed phrase (or indeed the private keys) in plain text, then there is the possibility of an attacker exploiting that functionality, either via a direct physical attack or remotely via malware, to extract and access the seed phrase.
For a potential attacker to access the functionality of seed phrases written in plain text, they first need to somehow unlock a device. Right? But if they already unlocked it, they can spend money without having to know the secret. If, on the other hand, an attacker has a special tool to extract the device's seed without unlocking it, it doesn't actually matter if a device has certain UI vulnerabilities or not. The only problem I see in showing a seed in plain text on the device's screen is that you should always make sure you're not being watched through your laptop's web camera or other similar means.
hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
September 29, 2021, 10:45:17 AM
#29
I haven't used an airgapped wallet myself so far and I think all hardware wallets I tried allow you to see the seed words on screen. Would be interesting to know if all airgapped wallets disabled this functionality and why.
They obviously have to display the words the first time they are generated so you can write them down, but after that, a good hardware wallet should not provide the functionality to show them again as it kind of defeats the purpose of a hardware wallet. If there is the functionality to show the seed phrase (or indeed the private keys) in plain text, then there is the possibility of an attacker exploiting that functionality, either via a direct physical attack or remotely via malware, to extract and access the seed phrase.
I agree, unfortunately, many devices do display the seed words when asked. This increases the attack surface.

ColdCard has functionality to show them:
View Seed Words
    Shows warning screen, and then displays the 24 seed words on the Coldcard screen. If defined, the BIP-39 passphrase is also shown.

Foundation Passport as well:
The user can choose to display the wallet seed on screen

BitBox02 as well:
Once you have typed in your correct device password, your recovery words will be displayed on your BitBox02

Keystone looks good
Trezor looks good
Ledger looks good

Pages:
Jump to: