Author

Topic: Dangers in using USB Stick to get signed transactions offline? (Read 391 times)

legendary
Activity: 3472
Merit: 10611
Was doing some reading about "BadUSB" and have a hard time finding out exactly how it works.

Does it need to be some infected firmware USB stick that you bought from a 3rd party or can it be a regular brand new USB Stick from a retail store which gets infected if your computer has some virus.

There was one guy who had like 4 CDROMs and he burned the unsigned transaction on a CD-Writer, put in the CD-Reader on the offline computer and burned the signed transaction with the CD-Writer, and later on with the online computer put it back into the CD-Reader to get the transaction broadcasted. This seems a little tedious to me.

Any safer methods on getting the transactions signed or is this "BadUSB" just something that rarely happens with Bitcoin?

i have never heard of bad USB which has a malicious firmware! if you have any link i would love to read more about it thought.
and as for that method i think it is an overkill and he is not really doing anything extra to make it safer. the best way to have an "air tight" system for signing transactions is an offline linux which you never attach anything to it. and for the transactions you only use QR codes and your camera to scan them.

check this out: https://susestudio.com/a/kp8B3G/ciyam-safe
her is the person who made it: https://bitcointalksearch.org/user/ciyam-44572
hero member
Activity: 761
Merit: 606
We have had several (many) threads chasing the answer to this question.  My opinion is that if you are using Linux you would be much safer than using Windows where the USB issue is concerned.  You will want to make certain that auto play isn't on when you insert the USB.  That is a simple setting, but make sure YOU start anything on the USB and NO auto start of stuff.  I haven't heard of any "in the wild" Linux users that have ever fallen prey to this exploit.  Still, it is possible.  Some will argue Q codes are safer, but then again many in the know will tell you its also vulnerable with the same low percentage of risk on pure Linux stuff.  I ran Electrum for a few years using USB and cold wallet, which I felt was pretty darn safe.  I just got tired of going back and forth between computers so I ended up starting to use a hardware wallet.  The convenience was well worth the small expense because my volume more than justifies it, at least to myself.  Like you mentioned on the CDRs.  Unless I was doing a super large wallet like once or twice year I wouldn't want to keep juggling optical media due to the hassle.  In fairness you have to know that I only use full Linux and never Windows.  You will find members here that may disagree and we are free to make our own choices.  We must also be willing to live with the outcome of the choices.  Hope you make the best one for YOUR needs.
legendary
Activity: 3808
Merit: 1723
Was doing some reading about "BadUSB" and have a hard time finding out exactly how it works.

Does it need to be some infected firmware USB stick that you bought from a 3rd party or can it be a regular brand new USB Stick from a retail store which gets infected if your computer has some virus.

There was one guy who had like 4 CDROMs and he burned the unsigned transaction on a CD-Writer, put in the CD-Reader on the offline computer and burned the signed transaction with the CD-Writer, and later on with the online computer put it back into the CD-Reader to get the transaction broadcasted. This seems a little tedious to me.

Any safer methods on getting the transactions signed or is this "BadUSB" just something that rarely happens with Bitcoin?
Jump to: