Could the Intel vulnerability have compromised private keys?

manchester93

sr. member

Activity: 251

Merit: 257

Quote from: codewench on January 22, 2018, 02:26:14 AM

Quote from: figmentofmyass on January 21, 2018, 06:41:13 PM

what makes you think that such vulnerabilities don't exist in hardware wallets? considering the entire thinking around the security architecture of modern processors and speculative execution was wrong, it stands to reason that this is possible for hardware wallet architecture as well.

Hardware wallets don't execute arbitrary code. They have a defined communication interface that doesn't allow other actions.

The software running on the hardware wallet is also simple enough that one individual can know everything that is happening in the wallet. They can thus verify that there is nothing malicious in the code.

The Meltdown attack was possible because everyone fundamentally misunderstood how authorization worked for memory processes. The same can indeed happen to hardware wallets. Not the Meltdown attack specifically, mind you, but heretofore unknown exploits can and likely do exist for hardware wallets. Anyone who assumes otherwise is incredibly naive.

Quote from: cellard on January 22, 2018, 09:45:05 AM

You have to trust their propietary RNG and you have to trust they will not have any leaks or try to phone home as we have seen already with Trezor

Generally I can't trust hardware wallets. Linux airgaped computer is the best, because you are never online, but the problem is crafting the raw transaction because the Core client has no other way to do it, I still have to practice that with testnet coins before I consider myself safe to do it with real money.

Same here. I wish that Core wallets were capable of signing transactions in an air-gapped (un-synced) environment. The next best thing is Electrum, which has various weaknesses.

Hamphser

sr. member

Activity: 2604

Merit: 338

Vave.com - Crypto Casino

Quote from: HeRetiK on January 04, 2018, 01:26:12 PM

Quote from: cellard on January 04, 2018, 12:35:02 PM

[...]

Even if I moved all of my private keys into an airgapped laptop which has never seen the internet after being formatted, when I wanted to sign an offline transaction into the online node... the node is still connected to the internet, could somehow a exploit happen in the process?

Signing an offline transaction with an airgapped device won't compromise your private keys, since the online device that transmits the transaction has no access to the private keys on the airgapped device.

However, the following possible exploits still prevail, regardless of Meltdown and Spectre:

-) A compromised USB stick could still grab your private keys from the airgapped device while copying the signed transaction for later transmission using the online device.

-) Simply moving a private key from an online device to an airgapped device will do little for your security. The private keys should be generated by the airgapped device itself.

-) Make sure your device is indeed airgapped and doesn't try to connect to any open Wifis that may be around.

Basically, every offline approach to wallet security still holds. Hot wallets are more susceptible to attacks than ever, at least until the security updates are out.

No matter which way you would go the risk is there since you are importing came from a device thats already connected online. I cant think off that you would able to generate keys offline or on airgapped device.Its little bit worrying about these infomation that even hardwares do already have the possibilities to transmit any other sensible data specially its connection on wallet informations or any other important data.

cellard

legendary

Activity: 1372

Merit: 1252

Quote from: codewench on January 22, 2018, 02:26:14 AM

Quote from: figmentofmyass on January 21, 2018, 06:41:13 PM

what makes you think that such vulnerabilities don't exist in hardware wallets? considering the entire thinking around the security architecture of modern processors and speculative execution was wrong, it stands to reason that this is possible for hardware wallet architecture as well.

Hardware wallets don't execute arbitrary code. They have a defined communication interface that doesn't allow other actions.

The software running on the hardware wallet is also simple enough that one individual can know everything that is happening in the wallet. They can thus verify that there is nothing malicious in the code.

The concern with hardware wallets is if someone gains physical access to your device. The chip(s) may have undocumented ways to gain access. Perhaps if 12 volts is applied to a certain pin, then program code can be injected or observed via other pins. Such a feature may used during manufacture - perhaps for initial wafer level testing. (Decades ago I was able to dump the mask programmed ROM of an embedded microcontroller using just such a feature. This happened to be hinted at in the chip's data sheet.)

You have to trust their propietary RNG and you have to trust they will not have any leaks or try to phone home as we have seen already with Trezor

Generally I can't trust hardware wallets. Linux airgaped computer is the best, because you are never online, but the problem is crafting the raw transaction because the Core client has no other way to do it, I still have to practice that with testnet coins before I consider myself safe to do it with real money.

ProfWigSlipper

jr. member

Activity: 63

Merit: 2

Quote from: codewench on January 22, 2018, 02:26:14 AM

Quote from: figmentofmyass on January 21, 2018, 06:41:13 PM

what makes you think that such vulnerabilities don't exist in hardware wallets? considering the entire thinking around the security architecture of modern processors and speculative execution was wrong, it stands to reason that this is possible for hardware wallet architecture as well.

Hardware wallets don't execute arbitrary code. They have a defined communication interface that doesn't allow other actions.

The software running on the hardware wallet is also simple enough that one individual can know everything that is happening in the wallet. They can thus verify that there is nothing malicious in the code.

The concern with hardware wallets is if someone gains physical access to your device. The chip(s) may have undocumented ways to gain access. Perhaps if 12 volts is applied to a certain pin, then program code can be injected or observed via other pins. Such a feature may used during manufacture - perhaps for initial wafer level testing. (Decades ago I was able to dump the mask programmed ROM of an embedded microcontroller using just such a feature. This happened to be hinted at in the chip's data sheet.)

I am light years away from being a qualified expert, but this topic is worthy of continued discussion, imo.

codewench

member

Activity: 93

Merit: 39

Quote from: figmentofmyass on January 21, 2018, 06:41:13 PM

what makes you think that such vulnerabilities don't exist in hardware wallets? considering the entire thinking around the security architecture of modern processors and speculative execution was wrong, it stands to reason that this is possible for hardware wallet architecture as well.

Hardware wallets don't execute arbitrary code. They have a defined communication interface that doesn't allow other actions.

The software running on the hardware wallet is also simple enough that one individual can know everything that is happening in the wallet. They can thus verify that there is nothing malicious in the code.

The concern with hardware wallets is if someone gains physical access to your device. The chip(s) may have undocumented ways to gain access. Perhaps if 12 volts is applied to a certain pin, then program code can be injected or observed via other pins. Such a feature may used during manufacture - perhaps for initial wafer level testing. (Decades ago I was able to dump the mask programmed ROM of an embedded microcontroller using just such a feature. This happened to be hinted at in the chip's data sheet.)

figmentofmyass

legendary

Activity: 1652

Merit: 1483

Quote from: hatshepsut93 on January 19, 2018, 01:55:12 AM

Quote from: ProfWigSlipper on January 19, 2018, 01:21:42 AM

This topic is vital how can there be so little response?
Are people 100% scared by reality?

You are too dramatic, these attacks haven't changed anything, as computer systems were always weak in terms of security - there are tons of different bugs, vulnerabilities and backdoors. If you are using Bitcoin in potentially unsecure environment, like your home Windows machine, then you were vulnerable even before Spectre and Meltdown.
This is why people are using cold storages and hardware wallets - they are isolating private keys from their systems, so even if they are vulnerable, it won't result in a loss of their coins. This doesn't mean that you should be careless about security of your work/home computers, but you have to accept that they will never be secure enough to entrust them with your cryptocurrency saving wallets.

this experience does raise questions for me about the perceived safety of things like hardware wallets, though. if a rogue process can read all memory without authorization because of an intel chip vulnerability, what makes you think that such vulnerabilities don't exist in hardware wallets? considering the entire thinking around the security architecture of modern processors and speculative execution was wrong, it stands to reason that this is possible for hardware wallet architecture as well. i certainly don't feel safe having my keys on one and plugging it into an untrusted online computer.

ProfWigSlipper

jr. member

Activity: 63

Merit: 2

Quote from: hatshepsut93 on January 19, 2018, 01:55:12 AM

Quote from: ProfWigSlipper on January 19, 2018, 01:21:42 AM

This topic is vital how can there be so little response?
Are people 100% scared by reality?

You are too dramatic, these attacks haven't changed anything, as computer systems were always weak in terms of security - ...

Thank you for constructive feedback. // Respect

hatshepsut93

legendary

Activity: 3024

Merit: 2148

Quote from: ProfWigSlipper on January 19, 2018, 01:21:42 AM

This topic is vital how can there be so little response?
Are people 100% scared by reality?

You are too dramatic, these attacks haven't changed anything, as computer systems were always weak in terms of security - there are tons of different bugs, vulnerabilities and backdoors. If you are using Bitcoin in potentially unsecure environment, like your home Windows machine, then you were vulnerable even before Spectre and Meltdown.
This is why people are using cold storages and hardware wallets - they are isolating private keys from their systems, so even if they are vulnerable, it won't result in a loss of their coins. This doesn't mean that you should be careless about security of your work/home computers, but you have to accept that they will never be secure enough to entrust them with your cryptocurrency saving wallets.

ProfWigSlipper

jr. member

Activity: 63

Merit: 2

This topic is vital how can there be so little response?
Are people 100% scared by reality?

ProfWigSlipper

jr. member

Activity: 63

Merit: 2

Quote from: ccie38216 on January 05, 2018, 12:26:32 AM

Just by opening your wallet, this exploit cannot be used to steal your private keys. However if you send a transaction and you decrypt your private keys using your passphrase then YES that data is cached by the kernel when processing the instructions to sign the transaction in which case can be extracted.

....

I was thinking everything including "passphrases" would be exposed to memory even when opening an encrypted wallet. Thanks, for clearing that up.

ps. Did this huge story fade out fast in the mainstream news, or was I just not paying attention recently?

cellard

legendary

Activity: 1372

Merit: 1252

Quote from: pebwindkraft on January 05, 2018, 06:34:47 PM

Quote from: cellard on January 05, 2018, 01:31:10 PM

And since I saw this, I don't trust Trezor:

https://www.reddit.com/r/TREZOR/comments/6yti7p/trezor_bridge_trezordexe_calling_home/

Using a librebooted Linux laptop you would never have these kind of surprises in the behaviour of the software controlling your private keys.

Another "weak" area in many LINUX systems are the blobs (eg. the graphic cards, the wifi cards, and more). For sure you don't need graphics or wifi on your (cold storage) signing system. OpenBSD can be an alternative here Wink

I can further minimize the risk with cold storage and multisig. But as usual, security is a trade-off between costs and comfort. It sure is easier to have a hardware wallet.

With a librebooted setup, you can use open source wifi if you want for the online node, offline it doesn't really matter, for the airgapped laptop you are supposed to remove your wifi card physically, as long as any additional GPU or anything not really needed.

Even if you are not an expert to install Gentoo or OpenBSD... just get Xubuntu, and in my opinion it's a more complete and robust package than the Trezors etc. I love the control given by bitcoin Core in terms of inputs and outputs (coin control). Core devs just need to improve the cold storage features (moving the raw transaction from the cold storage to the node, signing transactions on the node.. etc). Right now you can't do it on the GUI, you require the console and it could lead to fatal mistakes.

leopard2

legendary

Activity: 1372

Merit: 1014

I am pretty sure if you enter a password or a seed on an affected device you could be compromised, yes.

On the other hand fixes are being released as we speak. I wonder if these software based fixes can even provide sufficient security, as the flaw is in the hardware. How is a software fix in an antivirus or operating system going to prevent other software from reading the cache tables? Cool

For the next few days it may be best, not to open wallets with large balances on any device.

pebwindkraft

sr. member

Activity: 257

Merit: 343

Quote from: cellard on January 05, 2018, 01:31:10 PM

And since I saw this, I don't trust Trezor:

https://www.reddit.com/r/TREZOR/comments/6yti7p/trezor_bridge_trezordexe_calling_home/

Using a librebooted Linux laptop you would never have these kind of surprises in the behaviour of the software controlling your private keys.

Another "weak" area in many LINUX systems are the blobs (eg. the graphic cards, the wifi cards, and more). For sure you don't need graphics or wifi on your (cold storage) signing system. OpenBSD can be an alternative here Wink

I can further minimize the risk with cold storage and multisig. But as usual, security is a trade-off between costs and comfort. It sure is easier to have a hardware wallet.

cellard

legendary

Activity: 1372

Merit: 1252

Quote from: achow101 on January 05, 2018, 12:28:22 PM

Quote from: cellard on January 05, 2018, 11:22:42 AM

Why do you trust dedicated hardware wallets more than a general purpose laptop? Have you audited your Trezor/Ledger or whatever you are using chips?

Have you audited your general purpose laptop and all of the chips it is using? It is far easier to audit the hardware wallet if you know what you are doing. Furthermore their firmware and bootloaders are mostly open source (for the Trezor, they are all open source, for Ledger, only partially) whereas the firmware for your laptop is most definitely not.

Im using a librebooted old lenovo laptop, so no proprietary bios, drivers and so on. I can also run any software I want on it. I don't like being limited by the Trezor/Ledger thing.

And yes, my point was, we can't audit everything.

And since I saw this, I don't trust Trezor:

https://www.reddit.com/r/TREZOR/comments/6yti7p/trezor_bridge_trezordexe_calling_home/

Using a librebooted Linux laptop you would never have these kind of surprises in the behaviour of the software controlling your private keys.

achow101

staff

Activity: 3458

Merit: 6793

Just writing some code

Quote from: cellard on January 05, 2018, 11:22:42 AM

Why do you trust dedicated hardware wallets more than a general purpose laptop? Have you audited your Trezor/Ledger or whatever you are using chips?

Have you audited your general purpose laptop and all of the chips it is using? It is far easier to audit the hardware wallet if you know what you are doing. Furthermore their firmware and bootloaders are mostly open source (for the Trezor, they are all open source, for Ledger, only partially) whereas the firmware for your laptop is most definitely not.

cellard

legendary

Activity: 1372

Merit: 1252

Quote from: hatshepsut93 on January 04, 2018, 06:28:09 PM

Quote from: Spendulus on January 04, 2018, 04:17:09 PM

Without camera GITHUB style source code, it's impossible to know that the camera isn't sending your scan data somewhere and for example many phone QR scanners routinely do just that, not to steal from you but to track your habits and look the code up in their database. It's a small step from that for a minor two bit consultant or employee working for the company that did the app to check incoming QR data for crypto address data streams, and then you are screwed.

For USB it's trivial to put data into an encrypted package like a zip file for the short time it moves via the USB thumb drive.

The latter method is demonstrably secure.

What do you mean "screwed"? You are scanning signed transactions, the same transactions that are normally broadcast to the network and included in blocks, it's not private keys and private keys can't be derived from them. Worst case someone will link those transactions to your phone, which can be pretty bad for privacy in some cases, but like you've said, you can get an open source QR scanner.

As for USB, it might be possible that some very sophisticated malware from online machine will infect a flash drive and will then steal private keys from airgapped machine and will send them to remote server when it will get inserted in online machine again to broadcast signed transaction.

Could you recommend a QR scanner? Like you said, putting your QR data in a regular smartphone and expecting any level of privacy is delusional. An open source QR scanner (open source including the hardware) makes more sense, but im not sure where to buy the right one.

Quote from: Coin-Keeper on January 04, 2018, 02:35:58 PM

Quote

Hot wallets are more susceptible to attacks than ever, at least until the security updates are out.

The best solution where "mobility and actual use" of BTC are needed: hardware wallet

HW's are completely untouched by this newest annoyance and security threat. It is so reassuring to safely move coins easily overcoming computer malware and other crap. Just move cautiously and make sure the destination address showing on the HW screen is accurate and you are good to go. 100-150 bucks for a HW vs 15K + per coin. No brainer.

Why do you trust dedicated hardware wallets more than a general purpose laptop? Have you audited your Trezor/Ledger or whatever you are using chips?

ccie38216

newbie

Activity: 9

Merit: 0

Just by opening your wallet, this exploit cannot be used to steal your private keys. However if you send a transaction and you decrypt your private keys using your passphrase then YES that data is cached by the kernel when processing the instructions to sign the transaction in which case can be extracted.

There are currently two exploits found on the dark web thus far, a Java script based exploit which runs in a web browser whereas all you have to do is just visit a website and boom you're screwed. The second exploit currently "for sale" via bitcoin haha is a usb disk image which executes the exploit when plugged in and exfiltrates data back to a file system on the flash drive.

I'm sure there are many more programs written to exploit this vulnerability Wink

These are the two that I know of thus far.

ProfWigSlipper

jr. member

Activity: 63

Merit: 2

This is a scary way to start a New Year

Quote from: HeRetiK on January 04, 2018, 01:26:12 PM

....
Basically, every offline approach to wallet security still holds. Hot wallets are more susceptible to attacks than ever, at least until the security updates are out.

One article I read said hackers can (potentially) access everything in your currently active memory including sensitive data and passwords. This seems to include opening/using your wallet gives complete access to all your PC's private keys(?)

Assuming the keys are encrypted, the same hacker can find the data needed to decrypt your keys, especially if they know how your "secure" wallet works.

hatshepsut93

legendary

Activity: 3024

Merit: 2148

Quote from: Spendulus on January 04, 2018, 04:17:09 PM

Without camera GITHUB style source code, it's impossible to know that the camera isn't sending your scan data somewhere and for example many phone QR scanners routinely do just that, not to steal from you but to track your habits and look the code up in their database. It's a small step from that for a minor two bit consultant or employee working for the company that did the app to check incoming QR data for crypto address data streams, and then you are screwed.

For USB it's trivial to put data into an encrypted package like a zip file for the short time it moves via the USB thumb drive.

The latter method is demonstrably secure.

What do you mean "screwed"? You are scanning signed transactions, the same transactions that are normally broadcast to the network and included in blocks, it's not private keys and private keys can't be derived from them. Worst case someone will link those transactions to your phone, which can be pretty bad for privacy in some cases, but like you've said, you can get an open source QR scanner.

As for USB, it might be possible that some very sophisticated malware from online machine will infect a flash drive and will then steal private keys from airgapped machine and will send them to remote server when it will get inserted in online machine again to broadcast signed transaction.

Spendulus

legendary

Activity: 2926

Merit: 1386

Quote from: hatshepsut93 on January 04, 2018, 03:15:42 PM

Quote from: HeRetiK on January 04, 2018, 01:26:12 PM

-) A compromised USB stick could still grab your private keys from the airgapped device while copying the signed transaction for later transmission using the online device.

Signed transactions can be easily trasnferred via QR-codes, I did this with Electrum and everything worked well. The problem is to transfer unsigned transactions, which can also be done via QR-codes, but would require a dedicated digital camera and a software that can decode them from images. But I think the risk of malware getting into air-gapped system via USB stick is very small.

Quote from: cellard on January 04, 2018, 12:35:02 PM

As you may know, Intel has been exposed heavily in the past few hours with 2 different exploits that can deliver pretty scare results if used maliciously

Hardware wallet are probably unaffected, which made them more appealing than airgapped computers in my eyes:

https://twitter.com/pavolrusnak/status/948863100194836480

Without camera GITHUB style source code, it's impossible to know that the camera isn't sending your scan data somewhere and for example many phone QR scanners routinely do just that, not to steal from you but to track your habits and look the code up in their database. It's a small step from that for a minor two bit consultant or employee working for the company that did the app to check incoming QR data for crypto address data streams, and then you are screwed.

For USB it's trivial to put data into an encrypted package like a zip file for the short time it moves via the USB thumb drive.

The latter method is demonstrably secure.

Topic: Could the Intel vulnerability have compromised private keys? (Read 510 times)