Topic: AirGapped Hardware Wallets - page 4. (Read 1223 times)

Oh that's interesting. I haven't used an airgapped wallet myself so far and I think all hardware wallets I tried allow you to see the seed words on screen. Would be interesting to know if all airgapped wallets disabled this functionality and why.

Someone could in theory do this if wallet is closed source, they can add hidden malware with backdoor and nobody would ever know until we see newspaper headlines start talking about this.
Meanwhile they could be selling empty boxes and malfunctioned devices with faulty batteries, it's just me semi-hypothetical spaking about one possible scenario

In case of Coldcard wallet, I think it's possible to extract seed word, maybe DaveF or someone else who owns the device could verify this.

Not only that, but such an attack would have to be very specifically targeted against a particular user, since I would need to know exactly what make and model (and potentially even firmware) of hardware wallet you are using, and I would also need to know the UTXOs you would be spending so I could monitor the blockchain for transactions involving those UTXOs so I could extract the necessary information from the signatures.

If someone knows that much information about your wallets and security practices, then which is more likely: They create a never-seen-before malware from scratch which targets you specifically, manage to infect your hardware wallet with it, and then spend weeks, months, or even years, waiting for it to leak enough information for them to steal your coins, or they show up to your door and hit you with a wrench?

There are an infinite number of ways you could lose your coins, but it's all about considering what are the most likely attack vectors.

It's super-super-hypothetical and I think that in example of Keystone hardware wallet you can't display seed words on screen or extract it for security purposes.
Once the seed words gets into the Secure Element, it never gets out, and you can't see it again, but you can import the seed again and verify if it is correct.
I am not sure how other airgapped wallets are handling this, and I never said that airgapped wallets are perfect but they are safer than regular wallets.

If I understood correctly, what they mean with 'computer' is the hardware wallet. The idea is to construct a QR code that contains a payload (at least that's what I classify as malware, merely replacing a QR code on the host to send funds to the attacker is not a 'malware QR') as well as specific invalid / unexpected bits or bytes that trigger an exception in the QR code scanning part of the wallet's firmware. By exploiting that exception, the wallet's program flow is altered and forced to replace its firmware by the firmware contained in the QR code using the firmware upgrade code that is on the device, thus 'infecting' the wallet. Afterwards, the wallet may create transactions that leak the seed words by encoding them in transaction hashes or something like that.

It's all super hypothetical and nobody has done anything like that so far. But in theory, if you can get code injection, you should be able to extract the seed words, since it's usually possible to display the seed words on screen, so they're not unreadable by code running on the device.

As mentioned before I also highly doubt that such a malware, including the modified fw would fit in a QR code that is not instantly rejected by the device due to being way too large (like those big grid QR codes, which are not used for PSBTs).

I don't know if you are smoking to much weed or what, but I have to repeat again that there is NO COMPUTER in airgapped hardware wallets so there is nothing to infect or transfer.
QR codes are one-directional and seed words are inside secure elements, so everything you wrote is a bunch of nonsense that is impossible to happen in real life.

Yes I know about several clipboard malware, EthClipper malware that is well documented, proven and confirmed by multiple hardware wallet manufacturers.
I also know several scam Trezor and Ledger devices, both of this devices had many flaws with validating inputs, and here is one more attack that involved malware for Trezor Model T in 2019:
https://benma.github.io/2019/11/18/trezor-change-vulnerability.html

You are again writing bunch of sci-fi nonsense without proof, you are trying to prove something I never said, and those ''hacks'' were result of human errors.
Not going to comment anything about North Korea...

Of really? I also heard that pigs and cows can fly...in cartoons and fairytales.

I don't consider a replaced QR code, which is still just a QR representation of a PSBT as a 'malware QR code'. That's just a clipboard attack, which is always possible, no matter what your transport protocol is - whether it's USB, QR codes or anything else. That's also completely out of the hands of the hardware wallet manufacturers. That's why I don't consider this attack scenario. Also almost every wallet these days shows the receiver address on a screen and if you don't check it prior to signing, that's on you in my opinion.

I consider a 'malware QR' a payload that actually changes the program flow of the hardware wallet to - as someone mentioned before - for example leak seed words through the PSBTs.

LOL, of course we should 'avoid malware', I don't think that's even debateable

With reputed hardware wallets, I have heard that it is possible for QR code to be replaced with hacker's QR code, but not to the extent the seed phrase of such wallet will be revealed, but the initiated transaction to be signed can be replaced in which the bitcoin will be sent to the hacker's address.

It is all based on what I have been reading, that people should be careful of Qshing and any other type of QR code malware, so this is not based on fact, but prevention is better.

QR code can not be hacked, but can be replaced which will be what the hacker will do, there are ways in which the transaction initiated which is to be signed will be changed to his own (hacker's QR code), it will also still just be a QR code but for a hacker which can be very deadly. Malware QR code are existing and they are just like other normal QR codes.

Like the example I have used before, like airgapped Electrum wallet, you can either use QR code or USB stick for as a means of transferring unsigned transaction from watch-only wallet to the airgapped device for signing, if using USB stick, does that mean the airgapped Electrum wallet is not airgapped?

Even if QR code can not be hacked, can't it be replaced? We should not underestimate what malware is. We should use the reputed wallet that is best for us and also still try as much as possible to avoid malware, the easiest thing to do for an experienced users that know about malware is to avoid malware.

A seed being exposed would be predicated by malware being transmitted to the airgapped machine. The seed could be then leaked via the signature of a transaction. For example, malware could direct the infected computer to use an R-value in a certain range if a particular word is part of a seed. The R-value could also leak where in the seed the particular word is by the R-value being in the i-th portion of the range if the seed word is the i-th word in the seed. One random word could be leaked in a transaction. Once enough transactions have been broadcast, the attacker would know all of the seed words, including the order. The attacker would need to monitor for approximately 5 * 10^4 R-values.
Are you aware of any instances in which a trezor was hacked via malware? (this would not include any attach involving physical access to the device). There is at least one example I am aware of involving an exchange that had it's air-gapped cold wallet hacked. Several years ago North Korea had what was presumably their air gapped computer involving one of their missles they were test launching hacked, although this may have involved physical access, I am not sure.

edit:
This is a fair point. Although I would not say it is impossible. A QR code can generally hold up to 3kb worth of data. Very few things in this world are "impossible".

Issue with QR code encoded malware is file size. A QR code offers extremely limited space, so it'd be super hard to transfer an actual piece of malware software - I'd dare to say impossible - over a single QR code. An input that leads to unexpected program behaviour? Maybe! It can be tried using fuzzing. You'd run the firmware in qemu, then pass it millions of codes per second and see if you can trigger some buffer overflow or similar. But that's not malware, at least in the definition of 'a piece of software that causes harm', because that just takes too much space to begin with.

By the way; a quite entertaining video about fitting a game into a QR code: https://www.youtube.com/watch?v=ExwqNreocpg
It's not so trivial to make any software, not to mention a sophisticated piece of malware, this compact.

One big issue I see with devices that use USB for firmware updates is that they have actually built-in mechanisms to replace the firmware via, well, USB. So that's already much easier for an attacker who likes to replace or modify the firmware with a malicious firmware (malware), because they can use the same 'gateway'. Any time you plug in your device, an attacker might try to exploit the update mechanism to change your firmware.

It would already be much better if non-airgapped devices that even have a microSD card slot already, used that for firmware updates exclusively and removed any code that allows to transfer firmware over USB. Since you don't update it so often, it wouldn't be a big inconvenience for the users and the attack surface would be greatly reduced..

Imagine: the device could be coded to reject anything sent over USB that is not a PSBT, so that would be already the first hurdle to overcome if one would like to try injecting or replacing the firmware when a user plugs in the device.

That's not the definition of an air gap though. Actually, every hardware wallet generates wallet seed without using the internet. Otherwise it would be an extremely crappy device that should never be used by anyone. For sending a transaction, you need to connect the ledger to an online PC otherwise how do you publish it? In the case of air gapped wallets, you send the transaction over QR to the online device, so the wallet is never connected to an internet-connected machine.

But this is done with ledger nano as well.

You can recover and generate your wallet seed without using the internet.

You just need to download the software and then you can do everything offline. Looks like Trezor is similar, because you said you need the "new update"

https://support.coinhouse.com/hc/en-gb/articles/115005119714-Getting-started-with-your-Ledger-Nano-S

Well, for that the QR reading part of airgapped wallet software, the one that should read the QR and treat is as an unsigned transaction, for example, will have to treat it as executable. For that it should be incredibly badly written in the first place.
Really, that's greatly unrealistic.

That is only fantasy talking unless you can show me some proof of that ever happening, and there is no way that seed words or private key could be exposed with QR codes.

Wrong.
Trezor wallet is fine for general use but it does not offer ''much better'' security against any malware, and it is inferior to any airgapped device, and this is not just my fantasy thinking.

Please show me one example for this QR malware, because I see you know a lot about this subject  
Stop telling me that QR codes are not perfect, in first post I explained that all airgapped devices have flaws and malware could exists for everything.
Use whatever wallet you want, and believe whatever you want.

Do no mind my post. There is a malware which is very similar or the same as clipboard malware which is QR code malware, this type of malware can be rear but yet possible. The malware originate from the wallet software used to operate hardware wallet which would have changed the original transaction to a hacker's transaction in which the address would have changed to a hacker's address.

That was why I asked the question that the type of malware I know that is able to penetrate hardware wallet like Trezor and Ledger Nano through the USB stick are the clipboard malware which makes the seed phrase yet not to be revealed to the hackers because it is completely offline, but recipient address can be changed to a hacker's address through clipboard malware.

It would highly be appreciated if you can give us more breakdown of what you meant, when it is claimed that the seed phrase is completely offline while only clipboard malware is most possible which is also possible while using the QR code, then what disadvantage is the USB connection having again in relation to malware.

With what bitmover posted above with links, using USB connection, removable SD card and QR code to differentiate airgapped hardware wallet will always raise a debate. With what DroomieChikito posted and Pmalek answer to it that Trezor with Trezor firmware which is capable of generating keys and addresses even without depending on the wallet extension can also result to another debate.

I always gain from your hardware wallet's posts and you are very good in that area, but that does not mean everything you bring about hardware is what I will accept, while you can still correct me with proves.

When you communicate via QR codes, you are essentially using an image to send information to another device instead of using a USB cable. Unlike a USB cable, a QR code will transmit data at a much lower frequency, and the data will only be transmitted at your specific request.

While more difficult, it is possible to transmit malware via a QR code. Such malware would likely be targeted at you specifically. Malware could potentially cause your airgapped computer to sign your transaction in a way that reveals a portion of your seed and/or private key to someone who knows where to look based on the malware. To anyone else, the transaction would look completely normal.

A Hardware wallet such as a trezor for example offers much better security against malware. There are some potential security concerns with a trezor if an adversary were to have physical access to the device, but most people are more vulnerable to a $5 wrench attack, IMO.

Yes, because it makes no sense; a hardware wallet is by definition an offline device that is only connected to a PC (or not - in case of airgapped wallets..) when it's needed.
However, a lightning node needs to always be able to sign transactions if it wants to route payments, so it would need a constant access to the hardware wallet. This is why it doesn't make much sense to support LN with a hardware wallet. Also, if you use a passphrase ^{(to use it or not, is a whole different topic)} you would need to enter it multiple times a day: every time a payment shall be routed.

This reminds me of the O.MG Cable.. 
I mean yeah, you can replace QR codes on the host just as you can replace the data packets sent via USB to a non-airgapped wallet, but that's just one attack vector on the USB connection of hardware wallets.

I fully agree!!

You can upgrade Coldcard with SD card but you are limited to mk version you are using.
They are now working on mk4 version, that would probably mean that you can't use that firmware on mk3 or mk2 Coldcard wallets.

Lightning Network is not supported on any hardware wallet, and I doubt it will be supported any time soon.

Safepal is cheap Chinese closed source junk and I would never use it for anything.
Simple checking of firmware changelog I can see bunch of important PIN and security changes, meaning you have to upgrade to use it:
https://safepalsupport.zendesk.com/hc/en-us/articles/360047263792

They are not true airgapped devices, otherwise both of this manufacturers would write huge bragging AIR-GAPPED letters on their website, especially those amateurs from French village.
If there is USB connection there is always a chance of some leak or using malware cables that are connecting to computer with internet connection.

Thanks, that is a good idea.
I think QR codes are better for security, but NOT if you are using some mambo jambo hidden QR codes like Safepal is doing.

Yes, it is possible. All a QR code does in the context of hardware wallets is to take an address or a transaction and encode it in a specific format which can be easily scanned by a camera. Any malware which can edit the information being encoded will result in a QR code being displayed which can potentially send all your coins to an attacker if you do not double check everything prior to signing and broadcasting. Further, you can still be a victim of clipboard malware on your internet connected device with any airgapped wallet, resulting in you pasting in an incorrect address before turning the unsigned transaction in to a QR code for your hardware wallet to scan.

---

Ledger and Trezor devices, when used in the "normal" manner, are not airgapped. But it is entirely possible to use them both in an airgapped manner by only connecting them to an airgapped computer, and using a separate online computer to run a watch only wallet. Although if you a have a secure, encrypted, properly airgapped computer anyway, then adding a hardware wallet on top of that might be a bit of overkill.

That's now possible with the latest Trezor Suite and/or firmware, but Ledger still uses USB cables, which could represent a possible attack vector. You are still connecting your Trezor hardware wallet to an online computer through its USB port.

I have read about QR code malware before which will be similar to clipboard malware, or is this type of malware not possible?

This is what I am implying, what makes SD card special, can SD card not be attacked/affected also with malware?

Any report that the seed phrase of Trezor or Ledger Nano was revealed through malware? What signs transaction, it is the private key, the private key which is offline and remain offline and the hardware wallet is detachable from the computer that makes hardware wallet to be airgapped, hackers can not use their malware to reveal the seed phrase or private key even while making use of hardware wallet for signing, even if possible, no report of such yetr you can bring up proves that against this.

Do you think it is not important to be careful of a malware that can change recipient's address to a hacker address in which hackers address is what will be sent to the SD card or which will be in the QR code sent for signing?