Dark-Skippy-proofed wallets. | Bitcointalksearch.org

Forsyth Jones

hero member

Activity: 1120

Merit: 540

Duelbits - Play for Free | Win for Real

Quote from: Hispo on August 24, 2024, 11:24:54 AM

And it kind of works when one does not have as much technical knowledge as a developer or a hardware wallet maker. This news has personally made me feel vulnerable and I am questioning whether I should use a longer and more complex passphrase in order to increase security... Perhaps I am just over-reacting, though, as others have already said... if there is malicious firmware on your device, it is possible for you to be in trouble anyways, for other reasons.

After this news dropping, I will wait a substantial time before upgrading firmwares and see what the feedback from the community is.

A 24-word wallet would increase security, but i wonder if this is worth it in practice, because from what i could see, in a wallet with a larger number of words, the attacker only needs more signatures than just two signatures (from a 12-word wallet).

It has been shown that the attack exploits the signing process on the targeted device (tampered malware). Care should be taken with the firmware installed on the device, maintain its integrity by checking the fingerprint and gpg signatures of the device's firmware, download software wallets and use open source hardware wallets with a known reputation and widely tested by the community, and consider using multisigs.

Hispo

legendary

Activity: 1162

Merit: 2025

Leading Crypto Sports Betting & Casino Platform

Quote from: Meuserna on August 14, 2024, 02:49:13 PM

Quote from: DaveF on August 14, 2024, 02:39:58 PM

Yeah, I don't get it.

I think people just want something to freak out about.

And it kind of works when one does not have as much technical knowledge as a developer or a hardware wallet maker. This news has personally made me feel vulnerable and I am questioning whether I should use a longer and more complex passphrase in order to increase security... Perhaps I am just over-reacting, though, as others have already said... if there is malicious firmware on your device, it is possible for you to be in trouble anyways, for other reasons.

After this news dropping, I will wait a substantial time before upgrading firmwares and see what the feedback from the community is.

Meuserna

full member

Activity: 128

Merit: 190

Quote from: ABCbits on August 16, 2024, 04:01:00 AM

It's not firmware, but don't forget Ledger code was compromised once, https://www.theregister.com/2023/12/16/ledger_crypto_conect_kit/.

Ledger's code has been compromised way more than just once, but Ledger pays bounties with NDA agreements to prevent anyone knowing about the times they've been hacked.

Here's proof:

Quote

In this post, I’m going to discuss a vulnerability I discovered in Ledger hardware wallets. The vulnerability arose due to Ledger’s use of a custom architecture to work around many of the limitations of their Secure Element.

An attacker can exploit this vulnerability to compromise the device before the user receives it, or to steal private keys from the device physically or, in some scenarios, remotely.

I chose to publish this report in lieu of receiving a bounty from Ledger, mainly because Eric Larchevêque, Ledger’s CEO, made some comments on Reddit which were fraught with technical inaccuracy. As a result of this I became concerned that this vulnerability would not be properly explained to customers.

--Saleem Rashid
https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/

Forsyth Jones

hero member

Activity: 1120

Merit: 540

Duelbits - Play for Free | Win for Real

I read the article, but it's still a lot to process:

1st, this type of attack is only possible if my hardware device has compromised firmware.

2nd, the "Dark Skippy" attack can exfiltrate the private key, wallet descriptor, seed bytes, and/or extended private key in just two or more signatures (depending on the seed entropy, even one), hiding information inside the transaction signatures.

3rd, the exfiltration is done inside the signature itself. Security depends on the integrity of the signing device itself.

4th, the attack occurs at the moment you sign a transaction. This means that, even without knowing it, when signing a transaction, the compromised device may be extracting sensitive information and sending it to the attacker. Therefore, the critical moment of vulnerability is during the signing of the transaction?

5th Even if I'm using an extremely strong and random passphrase, does this just require more signatures than normal, as if the code were to crack the combination needed bit by bit to even exfiltrate the amount needed to build the necessary raw seed bytes of the master private key?

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Thanks for sharing OP. This is theoretically more dangerous than using certain K values when signing TX, which known by the thief.

Quote from: DaveF on August 14, 2024, 02:39:58 PM

Yeah, I don't get it. Since most (all?) hardware wallets require signature checks for firmware updates this would either require

1) The hardware manufacturer to be compromised well enough to create and sign an malicious firmware.
--snip--

It's not firmware, but don't forget Ledger code was compromised once, https://www.theregister.com/2023/12/16/ledger_crypto_conect_kit/.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Although the chance of someone becoming a victim of this attack is relatively small, it is still good to know that it exists so that we can be even more careful when it comes to upgrading the firmware for our hardware wallets.

I would not (at least for now) worry about someone becoming a victim of this attack by installing malicious firmware, but there is a much greater risk that someone will buy a device with malicious firmware that can be compromised anywhere in the production chain or during delivery. I think that second-hand devices and purchases from unofficial sellers should definitely be avoided.

satscraper

hero member

Activity: 714

Merit: 1298

Quote from: Meuserna on August 14, 2024, 02:15:44 PM

Quote from: satscraper on August 14, 2024, 03:26:43 AM

Another precaution which could make your stash more safe is its transfer to multisig wallet. The probability of Dark-Skippy success when attacking multisig made from the different vendors/developers cosigners is equal to the product of the relevant probabilities for each individual cosigner and is noticeably reduced in comparison with the wallet that requires a single signature.

Right, but the point people need to understand is this:

Dark Skippy requires firmware that has been tampered with. It requires malicious firmware.

Period.

If the firmware on your device hasn't been tampered with, Dark Skippy isn't a threat for you.

This is yet another reason why I love using a stateless airgapped hardware wallet like Krux or SeedSigner. I verify the firmware I download to install on the device, so I know it's legit and untampered with. The device never connects to the internet, so hackers can't reach it or even see that it exists.

You are hot dog, definitely, but there are more than 8 billion people on this planet other than you, part of them may not be aware how to verify firmware, the second part may have soft brain to do this, the third part may not watch closely for their wallets, thus, allowing devil to flash the stuff against their will , and so on , so on .... many reasons in fact may result in wallet infiltration. Thus, multisig still matters.

Regarding the point of tampered firmware. It was highlighted by me at the start:

Quote from: satscraper on August 13, 2024, 10:18:36 AM

TL; DR. Infiltrated hardware wallet can leak your SEED just with the two signatures (or even with the one in some cases) .

I assume , you have just missed this point at very beginning.

Meuserna

full member

Activity: 128

Merit: 190

Quote from: DaveF on August 14, 2024, 02:39:58 PM

Yeah, I don't get it.

I think people just want something to freak out about.

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Yeah, I don't get it. Since most (all?) hardware wallets require signature checks for firmware updates this would either require

1) The hardware manufacturer to be compromised well enough to create and sign an malicious firmware.

or

2) The person with the signing keys to go evil and not have anyone catch it.

Either way, if a wallet is compromised to that point you are probably screwed for other reasons.

-Dave

Meuserna

full member

Activity: 128

Merit: 190

Quote from: satscraper on August 14, 2024, 03:26:43 AM

Another precaution which could make your stash more safe is its transfer to multisig wallet. The probability of Dark-Skippy success when attacking multisig made from the different vendors/developers cosigners is equal to the product of the relevant probabilities for each individual cosigner and is noticeably reduced in comparison with the wallet that requires a single signature.

Right, but the point people need to understand is this:

Dark Skippy requires firmware that has been tampered with. It requires malicious firmware.

Period.

If the firmware on your device hasn't been tampered with, Dark Skippy isn't a threat for you.

This is yet another reason why I love using a stateless airgapped hardware wallet like Krux or SeedSigner. I verify the firmware I download to install on the device, so I know it's legit and untampered with. The device never connects to the internet, so hackers can't reach it or even see that it exists.

satscraper

hero member

Activity: 714

Merit: 1298

Quote from: Meuserna on August 13, 2024, 02:54:05 PM

Keep in mind: Dark Skippy requires malicious firmware.

If your firmware is good, you're good.

This is yet another reason why it's so important to only use open source firmware and always verify the signature to make sure it's legit. Sparrow is great for verifying downloaded firmware.

Yeah, regarding to firmware verification you are correct, the authenticity of its update must be always verified before proceeding to the final step, this is rule of thumb.

Another precaution which could make your stash more safe is its transfer to multisig wallet. The probability of Dark-Skippy success when attacking multisig made from the different vendors/developers cosigners is equal to the product of the relevant probabilities for each individual cosigner and is noticeably reduced in comparison with the wallet that requires a single signature.

Meuserna

full member

Activity: 128

Merit: 190

Keep in mind: Dark Skippy requires malicious firmware.

If your firmware is good, you're good.

This is yet another reason why it's so important to only use open source firmware and always verify the signature to make sure it's legit. Sparrow is great for verifying downloaded firmware.

satscraper

hero member

Activity: 714

Merit: 1298

Quote from: https://x.com/utxoclub/status/1820520960476561825

TL; DR. Infiltrated hardware wallet can leak your SEED just with the two signatures (or even with the one in some cases) .

Q&A

Q: Do the stuff like airgapping, "stateless" signing, open-sourcing, SE help?
A: Not at all.

Q: What about 24 words SEED. Will it be harder to steal in comparison with 12-words SEED?
A: Just twice more signing will be enough to get 24-words-SEED.

Q; Wiil BIP39-passphrase -SEED-extension prevent HW from Dark-Skippy attack.
A: A strong passphrase could mitigate this attack due to the substantial increase in the required number of signatures.

Q; Are there any wallets that completely immune to Dark Skippy attack?
A: "Blockstream's Jade - when signing over USB cable alongside various wallet software. ShiftCrypto's BitBox - when signing alongside any of their client libraries."

Source: Dark Skippy Disclosure

Topic: Dark-Skippy-proofed wallets. (Read 221 times)