Pages:
Author

Topic: DO NOT plug random cables and sticks into your device. (Read 436 times)

copper member
Activity: 2940
Merit: 1280
https://linktr.ee/crwthopia
~snip
Imagine a targeted attack: a burglar replaces your hardware wallet by a fake one. It looks the same, so you won't notice anything suspicious. Weeks later, when you want to use your hardware wallet, you enter your PIN. It gets uploaded to the burglar's server instantly. The device tells you your PIN is incorrect, and you try again. It gets uploaded again.
By the time you realize something's wrong, the burglar has stolen all your funds.
That's freaking scary, I hope no one gets victimized by that, and make sure that you are buying from legitimate stores from their official websites. These posts make me more paranoid and want to secure everything. Shocked
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Isn't it kinda counter productive knowing that you bought a hardwallet with eSim capabilities?
The seller won't tell you of course.

Quote
Or are you saying that fake products could have that kind of technology then sending the hacker data from what you have produced using the fake HW?
Yes. I did mention "a fake hardware wallet". Now that I think about it, it doesn't even have to be a working hardware wallet. Imagine a targeted attack: a burglar replaces your hardware wallet by a fake one. It looks the same, so you won't notice anything suspicious. Weeks later, when you want to use your hardware wallet, you enter your PIN. It gets uploaded to the burglar's server instantly. The device tells you your PIN is incorrect, and you try again. It gets uploaded again.
By the time you realize something's wrong, the burglar has stolen all your funds.
copper member
Activity: 2940
Merit: 1280
https://linktr.ee/crwthopia
I'm not worried about eSims in your phone, I'm worried about (future) compromised hardware that has an eSim embedded in it. Imagine you enter your seed phrase on what you think is an offline system, but there's a keylogger that has it's own eSim data connection to the attacker's server. It will be very difficult to detect.
Even easier if the eSim is inside a fake hardware wallet. The moment you restore your seed phrase, it gets drained.
Isn't it kinda counter productive knowing that you bought a hardwallet with eSim capabilities? To be stored like cold storage an offline system then have an eSim? Or are you saying that fake products could have that kind of technology then sending the hacker data from what you have produced using the fake HW?
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I have eSim on my phone but it's from a reliable source, a very big network in my country. Is there any possible way that someone could tamper with it or not?
I'm not worried about eSims in your phone, I'm worried about (future) compromised hardware that has an eSim embedded in it. Imagine you enter your seed phrase on what you think is an offline system, but there's a keylogger that has it's own eSim data connection to the attacker's server. It will be very difficult to detect.
Even easier if the eSim is inside a fake hardware wallet. The moment you restore your seed phrase, it gets drained.

if I send you an address via this forum or email, then your malware isn't going to replace the original source (my PM/email).
Why not? A compromised browser could easily replace one address for another. Compromised Tor exit nodes already do that (sslstrip).
legendary
Activity: 2730
Merit: 7065
How are you going to double-check the sending address, if your software is compromised? Usually, I see the sending address on my monitor. If anything on my screen can be compromised, I'll verify the same incorrect address is indeed also showing on my hardware wallet.
It depends what the source of the sending address is. If you are sending coins to yourself on a compromised machine, then the software you are using can also show you a wrong address. But if I send you an address via this forum or email, then your malware isn't going to replace the original source (my PM/email). A clipboard malware would replace the pasted address, but the source remains unaffected.
hero member
Activity: 1036
Merit: 933
Find your Digital Services at- cryptolibrary.pro
There was a time when no password was used on my pc and laptop and my friends and cousins used to come to play games because the configuration of the computer was a little better. But ever since I got involved with this crypto currency I have started using password on my computer and not giving access to anyone other than me.
I think your topic is going to be a warning to those who are new here. Besides, I think it is possible to grab the important information of computer and web browsers through a single pen drive without any kind of hacking device. Like if you give your device to your friend and if he is only plugged a pendrive which has tools like Browser Password decryptor then your all password and data on browser can easily goes to his hand. Moreover, there may be such tools that such software will be auto-run by plugging the pen drive which is capable of taking data. So any unfamiliar device is a plugin on some PCs as well as giving someone else to run your device is risky.
sr. member
Activity: 728
Merit: 388
DGbet.fun - Crypto Sportsbook
Thanks for the warning and the write up OP,  the only thing I connect to my PC is my smartphone, moving files in and out, nothing else, I know about the dangers of connecting any USB into your PC, as I have messes up my whole Windows OS several times this way.

My mistake then was collecting files from friends through USB flash, movies and software and later my windows OS will start misbehaving, people are so careless that they can carry trojan in their USD flash wherever they go and if you are the type that likes freebies, it's possible you will want some freebies out of a infected USB flash.

Till today, I don't take files and software from anyone anymore, its like they are more careless than I am, as for crypto related softwares, I don't run them on my PC anymore, I bought a airgapped crypto wallet some time ago and it's completely offline, I know that the dangers of fake software are possible to penetrate your hardware wallet security, just be careful when you are updating your hardware wallet.

I prefer not rushing to install the latest software update on my hardware wallet, not after few weeks of the software has been available, just in case if something is wrong with the new update.
member
Activity: 364
Merit: 44
★Bitvest.io★ Play Plinko or Invest
Especially do not leave your PC unattended in some strange, unfamiliar place.
How likely is a USB device to gain access to an unattended locked Linux laptop? I'd be more worried about physical theft, so bring a Kensington cable lock:
Image loading...

Other than that, use the basis: an encrypted disk, and a laptop with soldered RAM against liquid nitrogen freezing to read your decryption password, you know, just the basics Cheesy
And don't use Windows of course. "Plug and play" is a huge security risk. It's probably safe to say that as long as you're using Windows, hardware attacks shouldn't be anywhere near the top of your list of potential attack vectors.

Most of this gaget is scaring looking out their manipulating power to high Jack some one data, but for me the best option is to keep once crypto in the hard that , be don't have anything to do with order than transmission only, and before any of such one must know where he always Carry out such and how trust worthy the place is in case if necessity can hold them responsible but all the measure provided one need follow strictly to avoid story that touch.
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
After reading the title, it kind of reminds me of the video I just watched not too long ago about flipper zero and also this O.MG Elite cable which looks like a normal cable but it isn't just a normal charging cable but also a device that can be used to send or execute a command like taking a picture and more. I hope others who are not aware of this should read op and all the replies. It really isn't safe if you are getting something that isn't trusted or the source is not known.
copper member
Activity: 2940
Merit: 1280
https://linktr.ee/crwthopia
I'm getting paranoid about buying things now online.
~
It's quite concerning, to be honest.
It is. Add a €2.50 eSim and any device can suddenly upload your data even if you think it's air-gapped.
I have eSim on my phone but it's from a reliable source, a very big network in my country. Is there any possible way that someone could tamper with it or not? If someone hacked the QR and somewhat put some malicious code or something. Adding it to my phone is really easy.  Huh
member
Activity: 116
Merit: 11
At first when I heard that it is not advisable to share hotspot with unknown persons, I thought it was a joke not until till thread has been able to educate me on this security tips.
That means we would not let our devices into the hands of strangers but if I may ask, what about when we take our devices maybe personal computer or phones for repair and we are not there to monitor what they are doing? even when we are there, we might not know what the technician is doing.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I'm getting paranoid about buying things now online.
~
It's quite concerning, to be honest.
It is. Add a €2.50 eSim and any device can suddenly upload your data even if you think it's air-gapped.
copper member
Activity: 2940
Merit: 1280
https://linktr.ee/crwthopia
I'm getting paranoid about buying things now online. I believe it's easy to put something in something that you order and could put something malicious in a gadget that can look like that. Knowing this, how would you even see or check a specific device that could be malicious?

Software could do this too right? It's quite concerning, to be honest.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
What danger can a keylogger or malware pose to hardware wallet? Malware will not be able to physically press the transaction confirmation buttons for you, given that you probably double-check the sending address for correctness before confirming the sending of the transaction.
Theoretically, hardware wallets are supposed to be safe from these kind of devices.

HOWEVER, that doesn't mean the software wallets themselves are also safe. They can easily be replaced with a fake copy that prompts your hardware wallet to sign a malicious transaction, and you might fall for it if the hardware wallet doesn't show you the amount being transferred out.
How are you going to double-check the sending address, if your software is compromised? Usually, I see the sending address on my monitor. If anything on my screen can be compromised, I'll verify the same incorrect address is indeed also showing on my hardware wallet.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
What danger can a keylogger or malware pose to hardware wallet? Malware will not be able to physically press the transaction confirmation buttons for you, given that you probably double-check the sending address for correctness before confirming the sending of the transaction.

Theoretically, hardware wallets are supposed to be safe from these kind of devices.

HOWEVER, that doesn't mean the software wallets themselves are also safe. They can easily be replaced with a fake copy that prompts your hardware wallet to sign a malicious transaction, and you might fall for it if the hardware wallet doesn't show you the amount being transferred out.

Will the following gadgets pose a threat if the computer has a password to access it?

Yes, because they can download a malicious payload from the internet exploiting a zero-day vulnerability in Windows and then install a keylogger which records your password.
jr. member
Activity: 43
Merit: 6
When they say avoid plugin unnecessary devices to your device it is actually for our own good. Especially the USB device it is an easy way for people who wants to harm or steal a file that is important to us from our devices without us being aware of what is coming. Seen it on movies and most persons think it's just an act but it is not. In reality there are professional hackers who work for all these scam companies, and they do the dirty work for them. However, the temptation is much so some people cannot withhold the urge to see what is in the USB that is why up till this day people are still falling victims in this kind of attacks because of ignorance.
To say the worse isnt it madness that a supposed enlightened crypto holder would find a lone USB or flash drive and will of all places to check what's inside it is a gadget in which he has his crypto stored he chooses to use in doing that. to be plain such a person doesn't deserve owning a bitcoin by carrying such a lame act. Intermittently we contribute to making this hackers appear very smart and wise by an act of stupidity on our end that ordinarily we don't need an elementary certificate to know about it and doing the right simple things. 
legendary
Activity: 1750
Merit: 1329
Top Crypto Casino
Ive seen a lot of news before related to data stealing with the use of charging cables in different stations, and stores, people see this as one of their convenient ways to get a temporary charge or connect to the internet, and these items are one of the reason why i don't rarely use those plugs came from them because i know already the possibilities, even connected in the wifi there's a lot of information can be get to your device or else possible getting compromised. Good compilations at least people are aware of their security and of course, people have cryptocurrencies bound to their devices. Im curious if this device can be blocked with our anti-virus or just ideally disable the port.
sr. member
Activity: 924
Merit: 329
Hire Bitcointalk Camp. Manager @ r7promotions.com
If you use your computer to store any amount of crypto, or even if you use a hardware wallet, you should avoid plugging random stuff into your computer that you don't know about, because it is very easy to disguise a cable or a USB flash drive as a malware that logs your keystrokes and copies wallet files.
Do not also allow friend or family members who may want to borrow your computer for use to plug anything into your computers. In fact, do not let another person use your personal computer without supervision, it is not advised. Individuals can be careless with properties that are not their personal belongings, this is why supervision is very necessary for it especially as it is more important to you.
legendary
Activity: 1792
Merit: 1296
Playbet.io - Crypto Casino and Sportsbook
If you use your computer to store any amount of crypto, or even if you use a hardware wallet, you should avoid plugging random stuff into your computer that you don't know about, because it is very easy to disguise a cable or a USB flash drive as a malware that logs your keystrokes and copies wallet files.
What danger can a keylogger or malware pose to hardware wallet? Malware will not be able to physically press the transaction confirmation buttons for you, given that you probably double-check the sending address for correctness before confirming the sending of the transaction.

The following is a list of gadgets you should be particularly concerned of. If you see them anywhere in sight, get your computer away. Especially do not leave your PC unattended in some strange, unfamiliar place.
Will the following gadgets pose a threat if the computer has a password to access it?
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Especially do not leave your PC unattended in some strange, unfamiliar place.
How likely is a USB device to gain access to an unattended locked Linux laptop? I'd be more worried about physical theft, so bring a Kensington cable lock:
Image loading...

Other than that, use the basis: an encrypted disk, and a laptop with soldered RAM against liquid nitrogen freezing to read your decryption password, you know, just the basics Cheesy
And don't use Windows of course. "Plug and play" is a huge security risk. It's probably safe to say that as long as you're using Windows, hardware attacks shouldn't be anywhere near the top of your list of potential attack vectors.
Pages:
Jump to: