Author

Topic: Dark-Skippy-proofed wallets. (Read 225 times)

hero member
Activity: 1120
Merit: 540
Duelbits - Play for Free | Win for Real
August 24, 2024, 01:28:19 PM
#13
And it kind of works when one does not have as much technical knowledge as a developer or a hardware wallet maker. This news has personally made me feel vulnerable and I am questioning whether I should use a longer and more complex passphrase in order to increase security... Perhaps I am just over-reacting, though, as others have already said... if there is malicious firmware on your device, it is possible for you to be in trouble anyways, for other reasons.

After this news dropping, I will wait a substantial time before upgrading firmwares and see what the feedback from the community is.
A 24-word wallet would increase security, but i wonder if this is worth it in practice, because from what i could see, in a wallet with a larger number of words, the attacker only needs more signatures than just two signatures (from a 12-word wallet).

It has been shown that the attack exploits the signing process on the targeted device (tampered malware). Care should be taken with the firmware installed on the device, maintain its integrity by checking the fingerprint and gpg signatures of the device's firmware, download software wallets and use open source hardware wallets with a known reputation and widely tested by the community, and consider using multisigs.
legendary
Activity: 1162
Merit: 2025
Leading Crypto Sports Betting & Casino Platform
August 24, 2024, 11:24:54 AM
#12
Yeah, I don't get it.

I think people just want something to freak out about.

And it kind of works when one does not have as much technical knowledge as a developer or a hardware wallet maker. This news has personally made me feel vulnerable and I am questioning whether I should use a longer and more complex passphrase in order to increase security... Perhaps I am just over-reacting, though, as others have already said... if there is malicious firmware on your device, it is possible for you to be in trouble anyways, for other reasons.

After this news dropping, I will wait a substantial time before upgrading firmwares and see what the feedback from the community is.
full member
Activity: 128
Merit: 190
August 16, 2024, 07:03:35 PM
#11
It's not firmware, but don't forget Ledger code was compromised once, https://www.theregister.com/2023/12/16/ledger_crypto_conect_kit/.

Ledger's code has been compromised way more than just once, but Ledger pays bounties with NDA agreements to prevent anyone knowing about the times they've been hacked.

Here's proof:

Quote
In this post, I’m going to discuss a vulnerability I discovered in Ledger hardware wallets. The vulnerability arose due to Ledger’s use of a custom architecture to work around many of the limitations of their Secure Element.

An attacker can exploit this vulnerability to compromise the device before the user receives it, or to steal private keys from the device physically or, in some scenarios, remotely.

I chose to publish this report in lieu of receiving a bounty from Ledger, mainly because Eric Larchevêque, Ledger’s CEO, made some comments on Reddit which were fraught with technical inaccuracy. As a result of this I became concerned that this vulnerability would not be properly explained to customers.

--Saleem Rashid
https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/
hero member
Activity: 1120
Merit: 540
Duelbits - Play for Free | Win for Real
August 16, 2024, 07:45:49 AM
#10
I read the article, but it's still a lot to process:

1st, this type of attack is only possible if my hardware device has compromised firmware.

2nd, the "Dark Skippy" attack can exfiltrate the private key, wallet descriptor, seed bytes, and/or extended private key in just two or more signatures (depending on the seed entropy, even one), hiding information inside the transaction signatures.

3rd, the exfiltration is done inside the signature itself. Security depends on the integrity of the signing device itself.

4th, the attack occurs at the moment you sign a transaction. This means that, even without knowing it, when signing a transaction, the compromised device may be extracting sensitive information and sending it to the attacker. Therefore, the critical moment of vulnerability is during the signing of the transaction?

5th Even if I'm using an extremely strong and random passphrase, does this just require more signatures than normal, as if the code were to crack the combination needed bit by bit to even exfiltrate the amount needed to build the necessary raw seed bytes of the master private key?
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
August 16, 2024, 04:01:00 AM
#9
Thanks for sharing OP. This is theoretically more dangerous than using certain K values when signing TX, which known by the thief.

Yeah, I don't get it. Since most (all?) hardware wallets require signature checks for firmware updates this would either require

1) The hardware manufacturer to be compromised well enough to create and sign an malicious firmware.
--snip--

It's not firmware, but don't forget Ledger code was compromised once, https://www.theregister.com/2023/12/16/ledger_crypto_conect_kit/.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
August 15, 2024, 05:10:18 AM
#8
Although the chance of someone becoming a victim of this attack is relatively small, it is still good to know that it exists so that we can be even more careful when it comes to upgrading the firmware for our hardware wallets.

I would not (at least for now) worry about someone becoming a victim of this attack by installing malicious firmware, but there is a much greater risk that someone will buy a device with malicious firmware that can be compromised anywhere in the production chain or during delivery. I think that second-hand devices and purchases from unofficial sellers should definitely be avoided.
hero member
Activity: 714
Merit: 1298
August 15, 2024, 02:26:12 AM
#7
Another precaution which could make  your stash more safe is its  transfer to multisig wallet. The probability of Dark-Skippy success when attacking  multisig  made from the different vendors/developers cosigners is equal to the product of  the relevant probabilities for each individual cosigner and is noticeably reduced in comparison with the wallet that requires a  single  signature.

Right, but the point people need to understand is this:

Dark Skippy requires firmware that has been tampered with.  It requires malicious firmware.

Period.

If the firmware on your device hasn't been tampered with, Dark Skippy isn't a threat for you.

This is yet another reason why I love using a stateless airgapped hardware wallet like Krux or SeedSigner.  I verify the firmware I download to install on the device, so I know it's legit and untampered with.  The device never connects to the internet, so hackers can't reach it or even see that it exists.

You are hot dog, definitely, but  there are more than 8 billion people on this planet other than you, part of them may not be aware how to verify firmware, the second  part may have  soft  brain to do this, the third  part may not watch closely for their wallets, thus, allowing devil to flash the stuff against their will , and so on , so on ....  many reasons in fact may result in wallet infiltration. Thus, multisig still matters.

Regarding the point of tampered firmware. It was highlighted by me at the start:

TL; DR. Infiltrated hardware wallet can leak your SEED just with  the two signatures (or even with the one in some cases) .

I assume , you have just  missed this point at very beginning.


  
full member
Activity: 128
Merit: 190
August 14, 2024, 02:49:13 PM
#6
Yeah, I don't get it.

I think people just want something to freak out about.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
August 14, 2024, 02:39:58 PM
#5
Yeah, I don't get it. Since most (all?) hardware wallets require signature checks for firmware updates this would either require

1) The hardware manufacturer to be compromised well enough to create and sign an malicious firmware.

or

2) The person with the signing keys to go evil and not have anyone catch it.

Either way, if a wallet is compromised to that point you are probably screwed for other reasons.

-Dave
full member
Activity: 128
Merit: 190
August 14, 2024, 02:15:44 PM
#4
Another precaution which could make  your stash more safe is its  transfer to multisig wallet. The probability of Dark-Skippy success when attacking  multisig  made from the different vendors/developers cosigners is equal to the product of  the relevant probabilities for each individual cosigner and is noticeably reduced in comparison with the wallet that requires a  single  signature.

Right, but the point people need to understand is this:

Dark Skippy requires firmware that has been tampered with.  It requires malicious firmware.

Period.

If the firmware on your device hasn't been tampered with, Dark Skippy isn't a threat for you.

This is yet another reason why I love using a stateless airgapped hardware wallet like Krux or SeedSigner.  I verify the firmware I download to install on the device, so I know it's legit and untampered with.  The device never connects to the internet, so hackers can't reach it or even see that it exists.
hero member
Activity: 714
Merit: 1298
August 14, 2024, 03:26:43 AM
#3
Keep in mind: Dark Skippy requires malicious firmware.

If your firmware is good, you're good.

This is yet another reason why it's so important to only use open source firmware and always verify the signature to make sure it's legit.  Sparrow is great for verifying downloaded firmware.

Yeah, regarding to firmware verification you are correct, the authenticity of its update must be always verified before proceeding to the final step, this is rule of thumb.

Another precaution which could make  your stash more safe is its  transfer to multisig wallet. The probability of Dark-Skippy success when attacking  multisig  made from the different vendors/developers cosigners is equal to the product of  the relevant probabilities for each individual cosigner and is noticeably reduced in comparison with the wallet that requires a  single  signature.
full member
Activity: 128
Merit: 190
August 13, 2024, 02:54:05 PM
#2
Keep in mind: Dark Skippy requires malicious firmware.

If your firmware is good, you're good.

This is yet another reason why it's so important to only use open source firmware and always verify the signature to make sure it's legit.  Sparrow is great for verifying downloaded firmware.
hero member
Activity: 714
Merit: 1298
August 13, 2024, 10:18:36 AM
#1

TL; DR. Infiltrated hardware wallet can leak your SEED just with  the two signatures (or even with the one in some cases) .

Q&A

Q: Do the stuff like airgapping, "stateless" signing, open-sourcing, SE   help?
A: Not at all.

Q: What about 24 words SEED. Will it be harder to steal in comparison with 12-words SEED?
A: Just twice more signing will be enough to  get 24-words-SEED.

Q; Wiil BIP39-passphrase -SEED-extension prevent HW from Dark-Skippy attack.
A: A  strong passphrase could mitigate this attack  due to  the substantial  increase  in the required number of signatures.

Q; Are there any  wallets that completely immune to  Dark Skippy attack?
A: "Blockstream's Jade - when signing over USB cable alongside various wallet software. ShiftCrypto's BitBox - when signing alongside any of their client libraries."

Source: Dark Skippy Disclosure
Jump to: