Topic: Flipper Zero and NFC wallets- is this an issue? (Read 218 times)

No I am not looking to buy this, but if you are selling than tell me how much would you ask for it?
I think I am done buying gadgets for some time, most of gadgets I have are just collecting dust and I don't have real use case for them.  

PS
I hope some amazing new hardware wallet/gadget won't come out soon and ''force me'' to buy it  

Wanna buy mine?

It's hard to tell. I don't know that much devices that use NFC, and the only way to know for sure is to review the code (if available) or reverse engineer it (which is more difficult)...


That was probably Tibu (https://bitcointalksearch.org/user/tibu-160007) that donated the card, he is much more active on the forum than me! Glad that you liked it :-)

That is completely implementation-specific. We will probably never know about the wallets that are closed-source (unless someone does some reverse engineering research on them).
You could have a look at Coinkite's implementation for instance, though: https://github.com/Coldcard/firmware

Thanks for all the info. I would imagine most btc NFC wallets run a similar pattern as you guys? Curious if you know any (you don’t have to mention by name if you don’t want) that are currently available out there that don’t use encryption, and would be vulnerable to tools such a flipper?

I think you or someone from your team donated a wallet card to a charity auction I ran a few years back. I don’t see it in your past posts so maybe it was someone else with Satochip ? Either way it was much appreciated!

Hi,

Just a few comments about NFC security with respect to NFC skimming and other vulnerabilities. I am the developer of Satochip (https://satochip.io),  a hardware wallet based on a smartcard. Our devices support NFC (e.g. for mobile integration).

All communications with the card uses a secure channel which is encrypted and protected against replay attacks (among other). This means that even if a flipper 'sniff' the communication,  it will only get encrypted data. If it records a communication and ty to replay it (repeating same data), it will also not work.

Moreover any sensitive operation such as signing a transaction is protected by a PIN code, and this PIN is also sent encrypted to the card. In any case, the private keys are never exported outside of the chipcard!

The firmware running on the card is open-source and available on Github, so you can check in details what is being exchanged and verify that it is secured: https://github.com/Toporin/SatochipApplet

We also provide 2 other products based on smartcards:
* Satodime (satodime.io): a bitcoin bearer card to store bitcoin like a physical note with the private key stored on the card
* SeedKeeper (seedkeeper.io): a backup solution for your seeds

You can have a look on Google Scholar, there is a whole bunch of research on NFC relay / tunneling attacks. It is in my opinion the trickiest attack to mitigate; but 'copying an NFC tag' requires your target to be, well, a 'dumb' tag that just transfers a fixed data set whenever it is energized.

You mean decoding the data? As far as I can tell, Safepal is the only wallet that encrypts the PSBTs; other wallets transmit them in the clear.

The problem with AliExpress links is that they sometimes don't work from other locations, but try looking for 'NFC tag reader' or 'NFC replicator'. You want a set with a bunch of cards and / or keychains and a programmer device. Some programmers are more restrictive and self-contained running off batteries, and others allow you more programmability / control through an Arduino.

Here you can see the NFC copying capability of Flipper Zero:
https://www.youtube.com/watch?v=hZMU4kPJ_zQ

You can actually clone some NFC tags with your phone and the right app:
https://www.youtube.com/watch?v=v-uwPh1dgkE

You can also have a look here how people use the old RFID / NFC cloners:
https://www.youtube.com/watch?v=0SewclaC8Y4
https://www.youtube.com/watch?v=VsZLFqE_iLc

And here something about the 13.56MHz Arduino modules:
https://www.youtube.com/watch?v=CMTPWwRxgQg

That's true, and I do get that! Let's see what those guys are going to come up with in the future..

I am really no expert for NFC and I don't understand how they work for wallets that support NFC, but it could be different with different models of hardware wallets.

I know you need camera, but main thing about QR code data is decoding the signal.
You can for example get code from Safepalk wallet but it won't be compatible with any other wallets so you won't know what you have, so not all QR codes are made equal.

I see you are familiar with them better than me  
Can you please name few of them or send link for me check them out?

Yes but people seem to like this ''mashup'' very much, and they write much more scripts  
Maybe Joe Grand Kingpin can think if this device can be used for hardware wallets somehow, he likes to think outside the box.

Bigger threat to our lives is using to much of modern technology and trusting in blindly.
Flipper zero and similar devices are just exposing how fragile everything around is, it's al lbuilt on glass foundation.
As for NFC, many modern everyday wallets (for cards and cash) now have implemented NFC protection, because NFC theaft is becoming a widespread thing.

Slightly different but yes you can relay the bluetooth Tesla open / start

https://www.youtube.com/watch?v=5mdU4ksOc2w
https://www.youtube.com/watch?v=myW2cxyOHEQ

As for these devices, I was actually thinking that they will start to be seen in more and more cases of theft from locations that were only using RFID for the door locks.
A lot of corporate buildings are using very basic readers & cards for access.

Back to the BTC side of things. I was thinking about the cards that are tied to a lightning wallet that don't really require a lot of interaction. I can see that (and them in general) as a point of loss. But it's a edge case for now. If and when they get more popular they *will* be attacked.

-Dave

Yeah it's a really interesting little device.  I am sure there's some potential to hack in to some very poorly established bitcoin wallets that utilize very poorly established security, but I'm not tech savvy enough to know of any examples.  

Yeah this think certainly poses a threat to many other things in our lives, like you said I could see this messing with Tesla cars, safes, credit cards, building security passes etc.  The "Kia Boys" are doing a good (also sad and disgusting) job of showing us just how vulnerable many of our things are, including our cars - https://www.youtube.com/watch?v=fbTrLyqL_nw



That's exactly what I was thinking from the get go.  The fact that many wallets require you to confirm physically and what not, would make this much more difficult to use as a hacking tool for bitcoins.  

I have also always wondered the same..I guarantee a lot of those credit card skimmers are placed on by employees and owners of the shops.





I'm getting ready to look in to all this, as I'm now even more curious how Teslas tech compares to say Kia's, as a buddy just told me about these scumbags who found the vulnerability with Kia cars and now well known as the "Kia Boys"- https://www.motorbiscuit.com/who-are-the-kia-boys-showing-tiktok-users-how-to-steal-your-car/

I don't think that's how NFC-based wallets work. There is a difference between using NFC and being an NFC tag; the latter is a subset of the former.
An NFC tag for instance will typically return static information, meanwhile a more sophisticated device might want to transmit PSBTs and potentially even perform a key agreement step with symmetric encryption afterwards. I have no idea whether e.g. ColdCard does all of this, but it would be possible and make sniffing / copying a hardware wallet a whole lot harder.
Your main attack scenario in that case would be NFC tunnelling; something that Flipper Zero is not really made for.

To copy QR codes you only need a camera. You can do that with any old smartphone; IR will be of no help here. My only recommendation for QR codes is: make sure to scan your own phone's screen when signing the unsigned PSBT; and not some malicious PSBT off of somewhere else. Just.. you know, don't scan random QR codes with your hardware wallet. I don't think that's too hard.

Again; they've existed long before Flipper Zero. Price under 50 bucks.

Yes, you can do that with the existing NFC readers and some scripting long before Flipper Zero existed. I don't dislike the product; but it's mostly a mashup of existing hardware.

May want to read that video description:
Good point! I've always thought to myself: how does a store owner not notice someone modifying their payment terminal?

Anything NFC is an issue. BUT, so long as there has to be a bit of human interaction both ways there is a VERY TINY BIT of security.
So long as you have to click something on your phone or PC to complete the action then you are a bit more secure then just a tap to pay thing.
BUT, if the card has no 2nd form of verifying what you want to do then there is the potential for fraud.

On that same note, that also extends to dishonest merchants. Do you know that they are using a legit RFID tap to pay or are they doing something dishonest in the background.

Makes you wonder how many credit card skimmers were installed by the operators themselves.....

-Dave

Now you got me interested to research more information about Flipper zero, and I watched few videos how this device works.
This is replicator device that can record and replay any signal from many devices, and with various scripts it can mess around with Tesla cars, it can open safes, copy credit cards.
So if the question is can this be a danger to some hardware wallets than the answer is YES, if wallets have NFC, WiFi and Bluetooth communication this can be copied and modified with FlipperZero.
It can even serve as infrared device controller, but I am not sure if it can copy data from QR codes, so this remains safe option in my opinion.
I see there is high demand for this devices so it's only matter of time when cheap alternative clone device will appear from China.

Oh it's much more, with custom scripts you can control and copy almost anything.
Check out videos of people opening Tesla's charging door with FlipperZero:
https://www.youtube.com/watch?v=VCkvIpAe_do

The webpage actually tells you to what extent this device supports NFC.


Since hardware wallets using NFC absolutely should not be 'HF tags', but rather employ a more complex protocol between host device software and hardware wallet, such as a challenge-response protocol, it should be pretty difficult to hack them.

In any way; since you asked whether 'this could potentially be bad for Bitcoin wallets': making an NFC reader accessible & fun to use is always going to be a good thing for Bitcoin wallets. You never want to rely on your technology being hard to access as a means of security.
Another example: someone using USB for data transfer shouldn't rely on USB sniffers being uncommon & expensive as a means of security. Someone using Bluetooth for communication should not rely on frequency hopping and a wide frequency band and hope nobody will intercept the communication.

Always assume that someone has the hardware required and build your system around that.
In this case: NFC tag sniffers and 'emulators' have been around (even for cheap) for a long time. If you have a look on Amazon or AliExpress, you should find them as 'NFC duplicator', 'NFC reader writer' and similar for very cheap. What's in Flipper Zero is not really anything more, from what I can tell.

That’s exactly what I was thinking might be the case, but I certainly don’t have the expertise to know for sure. I have also never used an NFC device for bitcoin.




I don’t know how it popped up on my radar but it did a few days ago and did the same, had it in my bookmarks to come back to (story of my life lol). I have been keeping an eye out for them on Ebay but $250 is the best deal you can get atm.  However my inquiry was not about using it for bitcoin, it’s about wondering if this hacking tool could potentially pose a threat to any bitcoin wallets out there,  of course mainly NFC wallets. I’ve never used an NFC wallet so I don’t know the procedures and what not.

I saw this interesting device few months ago, and I have it in my bookmarks but I never managed to write anything about it in forum.
This can certainly be used as some kind of  Bitcoin signing device, but there are two problems at the moment for this.
First, Flipper Zero is Sold Out currently, and second, price of $169 is way to expensive for me to even consider doing this.
I wouldn't consider it is very safe to be used for Bitcoin, since it has antennas, RFID, NFC, Bluetooth, etc.
On positive side, it's cool that code is released with open source firmware.

I may be confusing this with something else but I thought these were popular a few months ago

The security of the wallet/system using the nfc chip will determine how secure it is. If you have to do a gesture for example (tracked by a smart watch) or actually touch a button/screen to confirm.a transaction, it becomes a lot more secure and harder to crack.

I don't think there are many ways these could be used with something like a private key on the nfc chip that gets scanned by the merchant and not something that communicates with a phone to confirm the transaction and send it - I think this is mostly what's mentioned.

It seems like the signal might get interrupted when a device moves too quickly too.(ie if you're walking it might be harder for the initial signal to hit the nfc tag that'd normally be the thing requesting information or providing a charge).

I somehow ran in to this hacker tool called Flipper Zero ( https://flipperzero.one/ )  Their website first explains it as "Flipper Zero is a tiny piece of hardware with a curious personality of a cyber-dolphin. It can interact with digital systems in real life and grow while you use it. Explore any kind of access control system, RFID, radio protocols, and debug hardware using GPIO pins".

It then got me wondering how this could potentially be bad for bitcoin wallets, specifically NFC storage. Thoughts?  




There's a bunch of NFC wallets out there, and I'm assuming they likely have different tech/security..possibly an issue for some of them but not others?






 (Mods-Wasn't sure what board this best fits on)