Author

Topic: Desktop wallet: any risk of hardware backdoor? (Read 310 times)

legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
October 14, 2019, 12:29:42 PM
#17
In a decade of Bitcoin's existence and with billions of dollars at play. No one has been hacked through hardware backdoor installed in brand new computer hardware. I think you're being over-paranoid.

Not if your threat model is very serious or you're wanted by government (just like Edward Snowden)

But on normal scenario, i'd agree.

B
right, but if you use that old equipment that Libreboot will run on with it's fully free software/open source firmware, then you're still susceptible to CPU microcode flaws that are no longer fixed for those old EOL'ed hardware platforms.

Which is more dangerous since the flaws is revealed in detail, since more people could breach your computer.
legendary
Activity: 3430
Merit: 3080
There are some workaround against IME, and Purism and System76 sell laptops with the IME disabled. They all have Intel laptops, though, not sure how things look with AMD.

Purism aren't safe.. it's an overpriced gimmick. You can't disable IME with the modern CPU's that are used in Purism laptops. It's a workaround with Coreboot but you still have Intel's propietary binary blobs. There's no workaround, you need old hardware, and you need to do the hardware changes I said, if you want to use Intel and be as private as possible. You need Libreboot, not Coreboot, and thus you are limited to a very small array of hardware. Same applies for System76. They are using i5s and i7s.

With AMD there's nothing to do, other than buying older hardware.

right, but if you use that old equipment that Libreboot will run on with it's fully free software/open source firmware, then you're still susceptible to CPU microcode flaws that are no longer fixed for those old EOL'ed hardware platforms.

I agree with you both on all points though. Unfortunately, everything hardware related is a compromise right now, the only fully free new platforms are POWER8/9 (expensive, and IBM are not easy to trust), and RISC-V (expensive, and underpowered, and sponsored by the usual rogues gallery of Intel, Google, IBM etc)

I've opted to: do almost nothing, buy cheap hardware and very infrequently
hero member
Activity: 1358
Merit: 513
In a decade of Bitcoin's existence and with billions of dollars at play. No one has been hacked through hardware backdoor installed in brand new computer hardware. I think you're being over-paranoid.
hero member
Activity: 1358
Merit: 635
snip

I would rather be more concerned about routers' backdoors instead of looking for them  in motherboards, graphic cards, monitors etc  that are full of  various microchips. Almost all  routers are vulnerable to hackers' attacks. Read for example the Huawei case.  Routers by other manufactures are not so different in that  respect.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science

Do you think there is any possibility of hardware backdoor, or any leftovers from Windows, that would put my bitcoin at risk? I plan to use it as my main, home workstation.

Probably no hardware backdoors, but this is a good computer. This is probably going to your daily use computer, right? There are many other risks involved than only hardware backdoor.

As OmegaScream said, just buy a hardware wallet. It will be much safer, and you can use desktop wallets with your hardware wallet (such as electrum, for example).
legendary
Activity: 3682
Merit: 1580
because I wouldn't trust anything made in mainland China, but I know Taiwan exports processors to the whole world.

Almost all hardware is made in china.
legendary
Activity: 1610
Merit: 1183
Not every Intel... you should be safe if you use a Core2Duo, but only if you Libreboot it, which means you will need to do hardware changes unless you buy one that is directly modified by someone you can trust. There are some Laptops like the Thinkpad x60 which only require you to flash the bios and do some changes without modifying the hardware.

If you want it to be ME free by default, you have to go as back as Pentium 4...

With AMD, you have PSP, so it's the same, and you can't disable it, we know less about the PSP than the ME. You would need to back in time too, I think 2013 was the last year it was PSP free. Still faster than a Raspberry.

There are some workaround against IME, and Purism and System76 sell laptops with the IME disabled. They all have Intel laptops, though, not sure how things look with AMD.

Purism aren't safe.. it's an overpriced gimmick. You can't disable IME with the modern CPU's that are used in Purism laptops. It's a workaround with Coreboot but you still have Intel's propietary binary blobs. There's no workaround, you need old hardware, and you need to do the hardware changes I said, if you want to use Intel and be as private as possible. You need Libreboot, not Coreboot, and thus you are limited to a very small array of hardware. Same applies for System76. They are using i5s and i7s.

With AMD there's nothing to do, other than buying older hardware.
legendary
Activity: 3472
Merit: 1722
Not every Intel... you should be safe if you use a Core2Duo, but only if you Libreboot it, which means you will need to do hardware changes unless you buy one that is directly modified by someone you can trust. There are some Laptops like the Thinkpad x60 which only require you to flash the bios and do some changes without modifying the hardware.

If you want it to be ME free by default, you have to go as back as Pentium 4...

With AMD, you have PSP, so it's the same, and you can't disable it, we know less about the PSP than the ME. You would need to back in time too, I think 2013 was the last year it was PSP free. Still faster than a Raspberry.

There are some workarounds against IME, and Purism and System76 sell laptops with the IME disabled. They all have Intel laptops, though, not sure how things look with AMD.
legendary
Activity: 1610
Merit: 1183
Noob question: I am planning to buy a new desktop PC and to store bitcoin on Bitcoin Core Desktop Wallet full node.

I am currently doing that on my laptop. I bought it from ZaReason, it's tailor made designed to run linux.

Now I moved to Taiwan and don't want to import from abroad, since so much hardware is produced here. Knowing that


Do you think there is any possibility of hardware backdoor, or any leftovers from Windows, that would put my bitcoin at risk? I plan to use it as my main, home workstation.

Yes, you have a backdoor, every intel cpu has a backdoor for nsa or their three letter friends to snoop on you.

Go with raspberry pi or arm or amd

Not every Intel... you should be safe if you use a Core2Duo, but only if you Libreboot it, which means you will need to do hardware changes unless you buy one that is directly modified by someone you can trust. There are some Laptops like the Thinkpad x60 which only require you to flash the bios and do some changes without modifying the hardware.

If you want it to be ME free by default, you have to go as back as Pentium 4...

With AMD, you have PSP, so it's the same, and you can't disable it, we know less about the PSP than the ME. You would need to back in time too, I think 2013 was the last year it was PSP free. Still faster than a Raspberry.
jr. member
Activity: 87
Merit: 5
Noob question: I am planning to buy a new desktop PC and to store bitcoin on Bitcoin Core Desktop Wallet full node.

I am currently doing that on my laptop. I bought it from ZaReason, it's tailor made designed to run linux.

Now I moved to Taiwan and don't want to import from abroad, since so much hardware is produced here. Knowing that


Do you think there is any possibility of hardware backdoor, or any leftovers from Windows, that would put my bitcoin at risk? I plan to use it as my main, home workstation.

Yes, you have a backdoor, every intel cpu has a backdoor for nsa or their three letter friends to snoop on you.

Go with raspberry pi or arm or amd
newbie
Activity: 14
Merit: 8
- Why are you paying for windows if you don't want it?

I specify to the vendors that I do not want Windows whatsoever. I do not pay for it. But I can't be sure it wasn't ever installed on my product in the past.

- Why are you purchasing from a vendor that you think is going to install a backdoor in your PC's hardware?

Vendors are just guys who purchase hardware from suppliers and build PCs for clients. Even if I have a good relationship with a vendor it doesn't mean I'm sure about the reliability of every hardware piece. That's why I specified the specs of the PC I intend to buy, and the fact I live in Taiwan, because I wouldn't trust anything made in mainland China, but I know Taiwan exports processors to the whole world.

- I recommend getting a larger SSD if you want to store the whole blockchain on it. If you intend to enable pruning then you don't need a large SSD but if you don't then I suggest getting a 1TB one. You will want to store the whole blockchain if you intend to add/remove wallets regularly. Syncing the blockchain on a hard drive will take longer so you need the SSD for that.
Thanks for the suggestion I really appreciate.
legendary
Activity: 3682
Merit: 1580
- Why are you paying for windows if you don't want it?

- Why are you purchasing from a vendor that you think is going to install a backdoor in your PC's hardware?

- I recommend getting a larger SSD if you want to store the whole blockchain on it. If you intend to enable pruning then you don't need a large SSD but if you don't then I suggest getting a 1TB one. You will want to store the whole blockchain if you intend to add/remove wallets regularly. Syncing the blockchain on a hard drive will take longer so you need the SSD for that.
newbie
Activity: 14
Merit: 8
Good to know. I'll go on with it.
legendary
Activity: 1946
Merit: 1427
Do you think there is any possibility of hardware backdoor, or any leftovers from Windows, that would put my bitcoin at risk? I plan to use it as my main, home workstation.

There is a huge difference between it being possible, and it being likely.

I'd say that, unless you're specifically targeted, the chances of someone tampering with your hardware is extremely small.
Although i also doubt someone would be able to "hack" a processor to spy on you, even if you were to be specifically "targeted". I think it has happend/is possible, but then we're really talking about government operations 95% of the time.

Quote
any leftovers from Windows,
This would be more likely, and much easier for someone to do. But a simple factory reset where you override the previous partitions really should be sufficient. Except of course if the previous owner of your harddrive has worked at the NSA and knows how to create such a persistent virus. -- aka: extremely unlikely if not impossible .

staff
Activity: 3500
Merit: 6152
You should be fine after formatting the device, there is no reason to be that paranoid, especially for a small amount. If you're planning to store large amounts (anything more than 500$), then, you should definitely consider investing in a hardware wallet (Ledger or Trezor).
newbie
Activity: 14
Merit: 8
Noob question: I am planning to buy a new desktop PC and to store bitcoin on Bitcoin Core Desktop Wallet full node.

I am currently doing that on my laptop. I bought it from ZaReason, it's tailor made designed to run linux.

Now I moved to Taiwan and don't want to import from abroad, since so much hardware is produced here. Knowing that


Do you think there is any possibility of hardware backdoor, or any leftovers from Windows, that would put my bitcoin at risk? I plan to use it as my main, home workstation.
Jump to: