Topic: Attack vectors for Hardware Wallets - page 2. (Read 610 times)

It's not exactly a new idea is it? I could swear there were reports of clipboard hijacking malware that did exactly this (contact a cloud based server to get a suitable "fake" address) at least 2-3 years ago.

Is it just the shear volume of available replacement addresses that is news?

The point is not that they like ETH, but that it is easier to generate an address base for it, since it uses hexadecimal encoding. Such addresses need to be generated 16⁸ (4 characters at the beginning and 4 at the end). Bitcoin uses Base58 encoding, so you need to create significantly more addresses 58⁸

They are only a character or 2 shorter

bc1qfesm8up3jezmxt2m9untmz34t4w7js7ppehe3w  (38 characters)
0x8d804fA98890C3438c91955F42B2b7880F94f5BD (40 characters)

But yes, hardware wallets give people a bit of a false sense of security. But they are still better then nothing.
But there are still people out there who don't believe in AV software because "they know better"
If you are not careful, no matter what the rest of us try to do to help you, it's going to go badly at times.

-Dave

I never consider that to be safe because clipboard attacks existed before, but this is some next level stuff and small script like this probably wouldn't even be detected by any antivirus software.

Yes all other coins including Bitcon are affected, but they obviously like ethereum so much they named this malware ethClipper. 
However, I think that cost for running Bitcoin related ClipperCloud distributed service for generating addresses would be much higher than for Ethereum.

Example they gave is for first and last 4 characters in address and I think that Bitcoin addresses are shorter than for Ethereum.
My thinking is that a lot of people would fall for this scam even with minimum changes possible, and hardware wallet is just giving them false sense of security.

Part of the question is how many characters (other then all) makes it safe. 6 at the beginning and 6 at the end. 7 & 7?

From one of the charts in the PDF going from 10 matches to 11 takes your storage from 104Tb 1625Tb (1.625Pb) a mere 9 characters is 6.5Tb
My back of the napkin math is that at 14 characters you need 360Pb of storage.

Seems unlikely to happen till storage prices drop a lot more....

-Dave

I only read some of its parts, but just to be sure, this could affect ^{[in theory]} other cryptocurrency addresses ^{[apart from Ethereum]} as well, am I right?

---

While I was scrolling through the PDF file, the following part caught my attention:

• Quote
  Intuitively, it is very important for the malware to substitute the address very quickly, before the user pastes the address to the wallet client application.
  So if someone uses an infected computer, but copy & pastes really fast, then that significantly lowers the chance for that malware to find a suitable address and substitute it!
  ^{- Perhaps, it's not as bad as I initially thought, but regardless of that, we should always double/triple-check everything.}

I guess it was expected that sooner or later the time will come that we can no longer consider hardware wallets to be safe to use on compromised and malware-infected computers.

I have been checking the entire address anyways. I might sound a bit arrogant, but since I check my addresses fully and multiple times, this couldn't happen to me. But I know that many like to check just a few characters in the beginning and a few at the end. Luckily, this hasn't been turned into a real malware just yet. As long as standard security practices are being followed, even if it does, you should know how to not get your devices infected.

Nice share dkbit98!

EthClipper is malware example of Clipboard Meddling Attack on Hardware Wallets with Address Verification Evasion, and paper is released by Nikolay Ivanov and Qiben Yan.

This malware targets hardware wallet owners using ClipperCloud distributed service and distributed database of pre-mined accounts that creates addresses with maximum visual similarity to the original one.
They tested this malware on Trezor One, Ledger Nano S, Ledger Nano X, and KeepKey hardware wallets, and manufacturers all confirmed danger of EthClipper.
EthClipper can run as a simple script and it doesn't need any hardware access or special os privileges.

EthClipper is using modified and improved version of clipboard hijacking with social engineering, ClipperCloud that mines and stores billions of addresses that are later compared with original address detected in clipboard, and ClipperCloud than finds visual similar address and replaces it.
It is harder for victim to recognize false generated address and they send coins to attackers address.


https://arxiv.org/pdf/2108.14004.pdf

One of the problems with this attack is bad design and small screen that many of hardware wallet devices have, like we can see in image below:
Biggest problem however is human mistake of not fully confirming address but just looking at first and the last part of address, like we can see in example of similar address replaced with ClipperCloud:



Interesting part is to hear replies this two developers received from hardware wallet manufacturers:


Recommendation for avoiding this kind of attacks would be to avoid doing partial address confirmation, better spend few more seconds to fully verify address, and using separate computer for crypto would always be a good advice.

One interesting attack for paper wallets is that you need only few seconds to take a picture of mnemonic seed words with your phone or camera.
No need to take full access, replace anything or even touch the paper.

This is a part of Supply Chain Attacks but it is interesting that it can even happen directly from factory.
You would receive wallet directly from manufacturer but someone who works in factory could send you counterfeited device.


Not just any metal.
Some metals like aluminum are not good for this purpose, and I remember how Jameson Lopp tested many metallic backups and some of them failed to perform as advertised:
https://jlopp.github.io/metal-bitcoin-storage-reviews/

This is an issue with almost any kind of storage, but a backup solves that. Arguably a backup of a paper wallet is easier, cheaper, more convenient, and easier verifiable than most other types of storage. Low tech FTW.

Or upgrade paper to some sort of etched metal type of thing.

I don't know if you would put this in the Supply Chain Attacks or someplace else but counterfeit devices are also a concern.
This is why buying any wallet from anyplace other then the manufacturer or one of their partners is bad.

This is why when I bought mine I bought from the people who built it. Not a 3rd party.

-Dave

I would add fire or flood damage to that list.

 

The alternative is to keep 100% offline and hidden the money you don't use on the daily basis.
It will clearly not mitigate all the possible attacks, but it will reduce greatly the chance for them to happen.

Generating the seed on a HW and writing it to a paper wallet may be safe enough, I think. But clearly, nothing is 100% sure.

I think you are a bit confused about Paper wallets, and what vulnerabilities are.
You can't spend funds from paper wallet until you import seed words to other type of wallets (hot, cold, hardware wallet), so the moment you start spending funds from paper wallet you are de facto not using paper wallet anymore.

There are other evil maid attacks. Where the evil hacker maid just spend your coins while you are out. The attacker dont need to replace your device with an identical one...


Well, if you ever want to spend your coins from your paper wallet you are vulnerable To this attack as well.


If the wallet has some security vulnerability which can be exploited while expending,  it should be considered a vulnerability of the wallet.

Imo that's a minor vulnerability which doesn't make any difference, for both hw and for paper wallets.

Since you need a computer of some sort to spend any coins, that's not exactly a vulnerability of the wallet.

AFAIK paper wallet is vulnerable only to a couple of things - wrench attack, and physical theft with no wrench involved.

Thanks for correction and suggestion for adding Man in the Middle attacks.
This attacks can happen with attacker changing addresses or QR codes so it is very important to check and verify everything on device.

Most of this attacks are not because of user mistakes, especially supply chain, human attacks, server attacks, and all device attacks.
Like I said in first post, some of this attacks can also happen for other devices.


It is much harder for attacker to replace your offline computer with identical tampered clone, in Evil Maid attack.


Why would you ever use clipboard for PAPER wallet?
It is generated offline and printed.

This cannot happen because once you failed the PIN 3 times, your device will be automatically resetted.


But what is the alternative, then?

As far as I understand, all those attacks can be done in a offline computer, they can be done in a paper wallet, and so on.

For example:

1 - Evil hacker maid attack can just get your offline computer and steal your money.

2 - You have a paper wallet, but you have a clipboard malware and you lose your coins.

Most of those attacks are users fault that could be easily avoided just by double checking destination addresses, hiding your device properly, and so on...

1. it steals, not stills (evil maid)
2. I think that you've missed Man in the Middle attacks. Ledger had this vulnerability in 2018 and in theory it's fixed, but newer HWs may be vulnerable to that without knowing it yet. So I would not rule this out.


I find HW a great tool for every day payments, but not really for keeping life changing amounts on them. And your pretty impressive list tells that I'm right about this.

We can all agree that Hardware Wallets are much better and safer way for storing Bitcoin than regular hot wallets installed on your computer or mobile phone.
This devices are designed for sole purpose of keeping users private keys and funds safe, and there are less attack vectors than for regular computers and phones but we should know that they are not perfect solution and there are many attack vectors.
You must take responsibility for keeping your backup, password and/or passphrase safe and there is no protection from attackers if you lose them.

Each hardware wallet manufacturer have different tactics for protection against this attacks and reducing attack surface, and some do it better than others but none of them are bulletproof.
Here I tried to collect most known hardware wallet attack vectors and some of them can be applied on other devices and not just hardware wallets.



Device Attacks

 - Firmware bugs - are always possible and we have them before for most hardware wallets, but updates get released soon after reporting.

 - Invasive attacks - are result of device being opened by attacker and to extract memory and password or replace chip.

 - Side channel attacks - can be done with analyzing device power, electromagnetic leaks or OLED and it was done before by invd on many hardware wallets.

 - Evil Maid attacks - can be done when attacker steal device from you and then modify it or replace it with other that gets returned to you as tampered.

 - Brute-force attacks - can be done when attacker brute-force your password and unlock the device.

Computer Attacks

 - Malicious apps attack - can be done with replacing original wallet app with malicious one installed on computer.

 - Malicious USB connection and cables - are one of the latest threats used to infect your devices with malware.

 - Clipboard hijacking - can be done with malicious program on your computer that can read clipboard and replace your addresses with different one.

 - Man in the middle attack - can happen when attacker manages to alter and change receiving address with malware.

Online Attacks

 - Server attack - is always possible for all hardware wallets and it can result in tracking your IP address and showing wrong balances.

 - Phishing Attacks - are happening often when user is tricked to enter his seed words on fake website wallet.

Supply Chain Attacks

 - Entropy attack - can be done using bad true random number generators or with backdoors in manufacturer secure element chips.

 - Device Shipping attack - can be done as soon as device leave the factory with help of employees or resellers.

 - Malicious firmware - can be installed and delivered to you without you ever knowing that.

 - Covert nonce channel attack - can be done by extracting the seed with encoding part of nonce and making malicious signatures.

Human Attacks

 - Wrench attack - can happen when attacker physically attacks you and threatens you to send them funds.

 - Stolen backup - can happen if you are not careful and passphrase should be used and kept separate.

 - Leaking Private Data -  happened several times when customer data was stolen by hackers and leaked from manufacturers like ledger.

 - Shoulder_surfing


Best PROTECTION against many of this attacks in using a good Multisig Setup.

---

This may look a lot at first sight and you may think that Air-gapped computer is a better solution, but please visit this website to see some of their attacks vectors:
https://airgapcomputer.com/

There is NO perfect solution

---

* This is work in progress; open for suggestion and changes