Topic: AirGapped Hardware Wallets - page 3. (Read 1223 times)

This is why I am a proponent of physically removing any connectivity hardware (or indeed, any superfluous hardware) from your airgapped device rather than just disabling it. I could never fall victim to this attack because not only does my airgapped device not have any ethernet cables attached to it, but it does not even have an ethernet port in which to connect an ethernet cable.

Who actually has an ethernet cable attached to their airgapped device though? The device you are using to store airgapped wallets should obviously not be connected to a WiFi router or similar, and it should also not be part of a LAN or similar.

Correct. As with most attacks which leak data from airgapped computers, the attacker must first gain access to your airgapped computer to install malware on it, and then hide some sort of receiving device within fairly close proximity to your airgapped computer. If your computer never leaves your house, then this is essentially impossible without obvious signs of forced entry.

Not sure which one is more accurate, the article that mentioned "could reach tens of meters" or the PDF file ^{[I only read the parts that I could understand]} that said "to a distance of several meters away" but regardless of that, the odds of such attacks happening are quite low ^[CMIW], even with an infected computer ^{[heavily depends on the location & distance of the computer + the security measures that some have]}.
^{- I never thought such a thing was even possible [thank you for sharing it].}

Do both ^{[just add a link for the latter part]}.

Anything that might be hidden ^{[apart from its games]}.

Sick! I think I saw a talk already at BlackHat or so about using cables as antennas; can't remember what kind of cable they were using though. I love these kinds of novel wireless attacks.

On the topic of airgapped wallets; I got a Passport and will try it out soon. Not sure whether to write a new post with extensive review or add to one of the threads about airgapped or open-source wallets. Anyhow; is there anything you would like to see / know about the device that wasn't covered in other reviews or articles so far?

Newly discovered LANtenna Attack for airgapped devices was found recently, creating wireless signals with ethernet cable to steal data secrets from airgapped systems.
Malicious code can be sent from airgapped computers that don't have any internet connection, bluetooth or wi-fi, simply using $1 antenna via ethernet cables.
https://thehackernews.com/2021/10/creating-wireless-signals-with-ethernet.html

Full paper:
https://arxiv.org/pdf/2110.00104.pdf

Unfortunately, I'm under the same impression. I'll give it one more go though

Firstly, this is a classic strawman. At least the 2 wallets I checked (Passport - doesn't even have a USB port and ColdCard), which are both marketed as airgapped, are upgraded via an SD card that holds the update.

The issue with this though is that then you're maybe safer during the (usually infrequent) firmware upgrades, but in day-to-day usage you're constantly physically plugging in your wallet into different machines' USB ports, which may or may not be infected, for signing transactions.

Just compare the attack surfaces:

• Device A: Updated via USB, with self-compiled firmware. Plugged in via USB for every transaction.
• Device B: Updated via SD card, with downloaded and verified firmware. Never plugged in, transaction data transferred via SD card or QR codes.

To me, device B wins hands down, I don't see a world where device A is more secure except maybe the case where you use it purely as cold storage. In that case though, a paper wallet may make more sense.

You are totally missing the point of airgapped devices, you obviously never used one yourself, and you have your own twisted definition of this devices, so I am not going to continue this discussion with you.

I would typically define an "air-gapped" "computer" to be something that is never connected to the internet, nor is ever connected to any device that does not meet the definition of being "air-gapped".

If HW wallets are going to allow for firmware updates via a USB connection, and the manufacturer does not give clear instructions on how to do this via an air-gapped computer, calling the HW wallet "air-gapped" is probably more of a marketing gimmick than a security feature.
I posted up-thread that a trezor for example would be superior than an air-gapped wallet. If you are going to use an air-gapped HW wallet, one that requires the user to compile the firmware is probably best. Obviously, in order for this to provide meaningful protection, the user would need to be able to understand the code they are compiling.

If you use the term "its your own fault", there is probably not a good procedure that your "average" user can complete without experiencing security risks.

Also, if your computer is infected with malware, you cannot trust any output it provides. Granted, the manufacturer could suggest a procedure that is something along the lines of using a computer that boots from read-only memory, upload the public key whose private key signed the new firmware to the computer, upload the signature and source code to the computer to confirm the signature was signed by the right key, then install accordingly. However this procedure requires equipment whose cost would far exceed the cost of the HW wallet.

Yes you can.
In a same way like you would still use Airgapped computer with updated version of Electrum or any other software wallet with offline system update, not connecting to internet.
It's your own fault if you screw something up during the process of update, and procedure is very simple, click download on other online computer, verify software signature and then install it on airgapped computer.

In the end, everyone may choose their own definition of things and choose the method they like most to store their coins.
Matter of fact though: the commonly accepted definition of an airgapped wallet is that it's not physically connected to an online machine. I know it's vague, so there's room for interpretation.

As for your suggestions: Lixin from Keystone confirmed they are planning for a version of their device that comes without firmware, so both the initial install and any updates will need to be compiled and flashed by you yourself. Maybe this would be something for you!
I am not 100% sure how the firmware is updated on this device, but as far as I know, Passport and ColdCard use an SD card to transfer the firmware update. This means you're still not directly connected to a computer while updating. But sure, the file could be modified when copied to the SD. Only issue is the device verifies it before applying it (same as when updating via USB cable usually), using signatures.

Finally, if someone's really sure their host machine is super infected and don't trust it to update their wallet they can also just not update it Nobody forces anyone to update a first-gen hardware wallet to a version that supports SegWit for example, it will continue working on the very first firmware. And in case of a security issue, you can just buy a new device and transfer the funds if you don't trust installing the security patch via firmware update.

Can you really say a Hardware wallet is truly "air-gapped" if you are pushing firmware updates to it? Doing so in a way that your "average" user can complete the process without undue expenses.

I think to keep the HW wallet having it's "air-gapped" status after updating firmware, someone would need to compile the source code of the software that updates the firmware, and the firmware itself manually, and verify signatures signing the above code, signed by an entity you can trust, all on an air-gapped computer. I don't think this is something someone could do without a fairly decent amount of technical knowledge, and there would be costs involved that probably exceed the cost of the HW wallet.

I think if you were to update firmware via connecting the HW wallet to an internet-connected device, I don't think most people would consider the HW wallet to be "air-gapped" anymore. There are plenty of ways to do this safely while putting the risk of malware being introduced at near zero, as current HW wallet manufacturers do today, but I also think this procedure means these HW wallets are not "air-gapped".

I see where you are coming from, but there are plenty of reasons why a completely airgapped wallet might need updated,
everything from patching vulnerabilities to supporting new address types such as segwit or taproot. It would also have to be a brave company to release a wallet without any way of updating the firmware. Can you imagine if after they've sold a million units someone discovers some critical vulnerability and they have no way of patching or mitigating it? That would probably be the end of said company.

Right, I am not arguing against that, it does increase the attack surface precisely because the more features and complexity there are, the easier it is for an attacker to find the ways to exploit them and harder for white hats to find and fix vulnerabilities. That is one of the reasons why bitcoin, unlike dumb-contracts, has never been hacked. Just keep it terribly simple.

Probably. However, for a successful bruteforce attack, a malicious actor needs to know beforehand that there is a considerable amount of money behind the passphrase, at least it needs to be bigger than what he is going to invest in bruteforce hardware, he also should have high confidence that the passphrase is of relatively low length and entropy, otherwise, there is no point in trying.

Regarding malicious firmware updates it should be questioned first if we should update an air-gapped wallet at all.

In addition to those wallets you mentioned, I think that Safepal is also not allowing exporting or showing of mnemonic words (but it's closed source so I don't recommend it),
Ellipal wallet is even worse Android based device and it's possible to extract seed words, similar like with Trezor and Keepkey, so I would only use this wallets with passphrase:
https://breaking-bitcoin.com/docs/slides/2019/ExtractingSeeds.pdf

It's trivial to unlock PIN codes from those devices, and I think that some DIY wallets like PiTrezor are keeping seed words in regular format on SD card, but you can always encrypt your SD card.

Firmware downgrades are main attack form for hardware wallet devices and I think some wallets still have this option enabled by default.

I agree with this; it's still far from a hot wallet, just alone for the fact that it's still a hardware wallet to begin with. A hot wallet is just a piece of software running on an internet connected PC. That's a whole other thing, Charles

Well, as long as there is communication (which there is), there is potential of infiltrating malware. In this case, the communication is done via QR codes, which can - in theory - for sure carry an exploit and potentially malware as payload.

It's highly unlikely, but it's possible.

Now, if your device has no built-in way, no functions in ROM, to read out the seed, the attacker will have to query the chip directly, if it's even possible, so it will be significantly harder for them to extract the seed phrase. Instead, if the wallet does have the built-in ability to show the words on screen, the code is somewhere in memory and can be read out by malware.

This being said, it's highly unlikely that malware infection by QR code will be achieved by someone in the first place, but I'm not talking about present / proven attacks, I'm just talking attack surface (hypothetical). And it is indeed definitely smaller if you don't have functions ready to be executed that fetch the seed for you.

Edit: As oeleo said, firmware update is another way to infect the device with such malware!

Ordinarily, sure, but if you introduce a process to retrieve the seed phrase from wherever on the device it is encrypted and hidden and display it in plain text, then you increase the attack surface and create the possibility of someone managing to hijack that process to retrieve the seed phrase without having unlocked the device.

Knowing a seed phrase is significantly worse, since an attacker can wait until you deposit larger amounts of coins to your wallets before stealing them, and can also now attempt to bruteforce any additional passphrased wallets which use that seed phrase.

Either with physical access to the device, or through malicious firmware updates which you would transfer to the device via an SD card or similar.

An air-gapped hardware wallet remains unconnected to the Internet all the time, the fact that you have an opportunity to see your seed in plain text doesn't change its status from "offline" to "online." I also can't think of the ways an attacker can employ to install malware if we never connect directly to the Internet. I also don't agree with the statement that the main purpose of a hardware wallet is to store something offline because if it were so, then it would be no different from storing it on a piece of paper. The key purpose, I believe, is signing transactions offline.

This defeats the purpose of hardware wallet which is storing of seed phrase completely offline, if the seed phrase is in a plain text and accessible anytime it is requested for on the device, then it is hot wallet, which will make it more vulnerable to online attacks. Then malware will be able to extract the seed phrase.

For a potential attacker to access the functionality of seed phrases written in plain text, they first need to somehow unlock a device. Right? But if they already unlocked it, they can spend money without having to know the secret. If, on the other hand, an attacker has a special tool to extract the device's seed without unlocking it, it doesn't actually matter if a device has certain UI vulnerabilities or not. The only problem I see in showing a seed in plain text on the device's screen is that you should always make sure you're not being watched through your laptop's web camera or other similar means.

I agree, unfortunately, many devices do display the seed words when asked. This increases the attack surface.

ColdCard has functionality to show them:

Foundation Passport as well:

BitBox02 as well:

Keystone looks good
Trezor looks good
Ledger looks good

They obviously have to display the words the first time they are generated so you can write them down, but after that, a good hardware wallet should not provide the functionality to show them again as it kind of defeats the purpose of a hardware wallet. If there is the functionality to show the seed phrase (or indeed the private keys) in plain text, then there is the possibility of an attacker exploiting that functionality, either via a direct physical attack or remotely via malware, to extract and access the seed phrase.