Pages:
Author

Topic: I am panicking (Read 338 times)

hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
July 03, 2022, 07:33:28 AM
#30
What about running a big magnet over the hard drive? Wouldn't that irreversibly delete everything on it and even break the whole disk?
There is no way you could do this unless you are using really old hard drives or magnetic tapes for storing data, and if you use several strong industrial grade magnets for this purpose.
I don't think that modern SSD are affected by magnets, but you can use metal shredders or anything else that recycles electronics.
There are professional data erasure degaussers which are certified for proper and permanent data erasure, but you don't want to pay for those. As far as I see it, they work also well for current technology hard drives and other magnetic storage media.

An example (I have no affiliation with them): https://www.pro-device.com/en/degaussers/


Modern hard drives with coated glass platters (check hardware specs!) are even easier to destroy. Just use a nail gun or hammer and a few nails. Very unlikely to be able to reconstruct the glass shards/splinters afterwards. I doubt even that from significantly deformed aluminum platters enough data could be extracted.
legendary
Activity: 2212
Merit: 7064
July 02, 2022, 04:21:45 PM
#29
What about running a big magnet over the hard drive? Wouldn't that irreversibly delete everything on it and even break the whole disk?
There is no way you could do this unless you are using really old hard drives or magnetic tapes for storing data, and if you use several strong industrial grade magnets for this purpose.
I don't think that modern SSD are affected by magnets, but you can use metal shredders or anything else that recycles electronics.

Now that's scary.  Assuming the device wasn't compromised along the supply chain, one would still need physical access to the device to attack it this way, correct?
They don't need physical access to your device if they have control over servers that distribute firmware, that all devices need to download and install.
Speaking about that, everyone should know that ledger is doing something similar with ledger live app having no signatures to verify.
ledger co-founder aka reddit moderator btchip is aware of this problem, and they are migrating to new github repo:
https://www.reddit.com/r/ledgerwallet/comments/voodkd/ledger_live_2431_and_no_signatures_to_verify/
hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
July 02, 2022, 01:56:40 PM
#28
There's a hardware difference between volatile memory and non-volatile memory. You can't really make something that has the properties of non-volatile memory, but if chosen can lose the data like a piece of volatile memory does.
That's what I thought, but I would only be making assumptions about the hardware configuration, not my area of expertise.  I guess from a manufacturing perspective it wouldn't make sense to use non-volatile storage when volatile storage would do what you want without having to bother programming piece of code to get it done.  Not to mention that any difference in price between the two is likely negligible considering how little capacity is needed.
There's no way around non-volatile memory if you want the wallet to be more than a pure 'signer' which requires the user to input the seed every time they start it up.

Even worse, if you own a device whose firmware source code is closed, someone could gain access to the code by bribing a developer or reverse engineering a firmware file; use it for evil and nobody would be notified about it.
Now that's scary.  Assuming the device wasn't compromised along the supply chain, one would still need physical access to the device to attack it this way, correct?
The firmware file (compiled binary) can be downloaded from the manufacturer's website wherever you find your firmware upgrades.
Attacks don't have to be physical. Leaked or reversed source code can help you find bugs that can be exploited with or without hardware access. But generally it's easier to attack these devices if you do have hardware access; that's what they're ultimately made for.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
July 02, 2022, 01:53:04 PM
#27
There's a hardware difference between volatile memory and non-volatile memory. You can't really make something that has the properties of non-volatile memory, but if chosen can lose the data like a piece of volatile memory does.

That's what I thought, but I would only be making assumptions about the hardware configuration, not my area of expertise.  I guess from a manufacturing perspective it wouldn't make sense to use non-volatile storage when volatile storage would do what you want without having to bother programming piece of code to get it done.  Not to mention that any difference in price between the two is likely negligible considering how little capacity is needed.


As for BitcoinGirl.Club's panic attack; The Trezor and it's clones have open source hardware, which is partially why they are vulnerable to this attack vector
From what I can tell from the video, that's not what makes the wallet vulnerable. Kingpin did use the firmware source code (software!) to identify a flaw. To identify that there's a point in time where the secure memory is transferred to secure memory.
He then introduced a voltage glitch with a variety of offsets from the device boot, and let it run until it 'hit' the right spot and could freeze it in just the right moment & read out the seed.
Being open-source hardware didn't really make this attack easier, since such a 'brute-force' approach will work with other wallets too, if they have such a flaw in the source code.

Open source software, thanks for the correction.


Even worse, if you own a device whose firmware source code is closed, someone could gain access to the code by bribing a developer or reverse engineering a firmware file; use it for evil and nobody would be notified about it.

Now that's scary.  Assuming the device wasn't compromised along the supply chain, one would still need physical access to the device to attack it this way, correct?
hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
July 02, 2022, 07:53:19 AM
#26
Being open-source hardware didn't really make this attack easier, since such a 'brute-force' approach will work with other wallets too, if they have such a flaw in the source code.
Not the hardware part, but the open-source software made the attack easier. If you remember the video, Joe mentions that the seed appeared on the screen at one point, but he didn't pay attention to it because he didn't believe it was right. He was trying to do something else at the time. He then tried to recreate it and have the seed pop up again, but he couldn't. He then started going through the source code and found the part where it explains how the seed and PIN are moved to RAM on power up. Without the open nature of the software code, who knows if he would ever have made that discovery or find it by accident. 
He could have reverse engineered the code and found that part, especially when comparing various different firmware versions. It stood out because it was removed in the very next update, so he would have noticed it when bindiffing those versions, as well. Definitely harder than just reading plaintext code, but noticeable especially in the binary diff.
In general, open source just makes it so much easier to spot something like that even from static code analysis and to fix it early. As evidenced by this very case, where the vulnerability was fixed many years ago. It's possible that other wallets which are not open-source do still have such vulnerabilities, because people are less likely to go through binary firmware updates and check those than to just read the code alterations on GitHub (except if they're paid a lot of money by a legitimate or illegitimate customer).
legendary
Activity: 2268
Merit: 18771
July 02, 2022, 06:22:02 AM
#25
What about running a big magnet over the hard drive? Wouldn't that irreversibly delete everything on it and even break the whole disk?
Three problems with this approach. First, most modern hard drives are well protected against magnetic fields. You can't just grab a magnet off your fridge and wave it around. You would need particularly strong magnets which most people don't have access to, and even then, you probably need to disassemble the drive first. Second, you don't know if it's worked. Maybe you manage to corrupt enough of the hard drive that it seems dead when you connect it up, but someone with more advanced hardware than you could still recover data from it. Third, things like flash drives and SSDs do not store data magnetically at all, and most people probably don't know the difference. Such drives would be unaffected by a magnetic field unless you were also to move the drive or the magnetic field fast enough to induce a powerful enough electrical current to wipe the data.

In short, you'd be safer physically destroying the drive.
legendary
Activity: 2730
Merit: 7065
July 02, 2022, 03:24:12 AM
#24
Instead of a hammer, I'd use an angle grinder. But even then it's theoretically still possible to find back some bits. It just became a lot harder.
What about running a big magnet over the hard drive? Wouldn't that irreversibly delete everything on it and even break the whole disk?

Being open-source hardware didn't really make this attack easier, since such a 'brute-force' approach will work with other wallets too, if they have such a flaw in the source code.
Not the hardware part, but the open-source software made the attack easier. If you remember the video, Joe mentions that the seed appeared on the screen at one point, but he didn't pay attention to it because he didn't believe it was right. He was trying to do something else at the time. He then tried to recreate it and have the seed pop up again, but he couldn't. He then started going through the source code and found the part where it explains how the seed and PIN are moved to RAM on power up. Without the open nature of the software code, who knows if he would ever have made that discovery or find it by accident. 
legendary
Activity: 2212
Merit: 7064
June 30, 2022, 02:50:13 PM
#23
In general, if your hardware wallet falls into a thief's hands, you should just consider the seed compromised and quickly move the funds. Any security measures like secure element and PIN are simply ways to buy time.
Except in the case when those devices are using non-persistent storage like it's the case with SeedSigner and Krux, nothing is stored on devices and you can't extract anything once you turn power off from device.
Downside is that you have to import seed each time you power on your device, but that is quick enough with QR code scanning.
As for passphrases, I would argue that you shouldn't keep them in the exact same place with your seed words, because that would make them almost pointless, but keeping them in different safe location is very important.
hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
June 29, 2022, 04:18:12 PM
#22
This topic is closely related to something that's been occupying my mind lately.  I recently bought a ColdCard, and I've spent a few hours tinkering with it before I christen it "The Hardware Wallet."  One of the things about the ColdCard that I like (it's a Mk4, btw,) is that it has a small amount of storage that can be mounted when plugged into a computer's USB port.  The storage can be used to transfer wallet files to the PC after generating them in the cold card.  When the ColdCard is unplugged all the data that was stored in said mount is automatically erased.

What I'm wondering, is if the data is just merely erased, or is completely purged?  I doubt it's overwritten, but since it appears to be RAM is it completely unrecoverable when it loses power?  The device also erases any Bip39 passphrase that's been entered when it's logged off or disconnected from power.  I wonder how secure the device's memory features are.
There's a hardware difference between volatile memory and non-volatile memory. You can't really make something that has the properties of non-volatile memory, but if chosen can lose the data like a piece of volatile memory does.

As for BitcoinGirl.Club's panic attack; The Trezor and it's clones have open source hardware, which is partially why they are vulnerable to this attack vector
From what I can tell from the video, that's not what makes the wallet vulnerable. Kingpin did use the firmware source code (software!) to identify a flaw. To identify that there's a point in time where the secure memory is transferred to secure memory.
He then introduced a voltage glitch with a variety of offsets from the device boot, and let it run until it 'hit' the right spot and could freeze it in just the right moment & read out the seed.
Being open-source hardware didn't really make this attack easier, since such a 'brute-force' approach will work with other wallets too, if they have such a flaw in the source code.

Even worse, if you own a device whose firmware source code is closed, someone could gain access to the code by bribing a developer or reverse engineering a firmware file; use it for evil and nobody would be notified about it.

The risk can largely be mitigated by adding a Bip39 passphrase to your hardware wallet.  This is especially important for the Trezor wallets, and any that use their source code.  Even if the hacker is able to steal your hardware, and break into it to extract your seed phrase, there's no way for him to get to your funds if they are locked behind a strong passphrase.  I certainly wouldn't consider this a cure, more like buying you a little bit of extra time to create a new seed and transfer all the funds.

I use passphrases on all my hardware wallets now, even if they are not vulnerable to the attack vector demonstrated in that video.
Passphrases are a whole new topic we can discuss somewhere else, but they have their downsides. For example, if not backed up with your seed, there could be all sorts of issues when you (or someone else) will need to restore the seed.
In general, if your hardware wallet falls into a thief's hands, you should just consider the seed compromised and quickly move the funds. Any security measures like secure element and PIN are simply ways to buy time.
legendary
Activity: 2212
Merit: 7064
June 29, 2022, 03:06:43 PM
#21
Instead of a hammer, I'd use an angle grinder. But even then it's theoretically still possible to find back some bits. It just became a lot harder.
Than just throw it in volcano, melted lava, or metal factory if you live near one of those, or use good old fire to destroy it, but I don't think we need to be that much paranoid, unless you are holding Satoshi's coins.
This just reminded me on something we all saw in movie Terminator 2 ending scene  Cheesy
Here available in 4K 3D Remastered video:


https://www.youtube.com/watch?v=cmmbBo8RYoE
 
What I'm wondering, is if the data is just merely erased, or is completely purged?  I doubt it's overwritten, but since it appears to be RAM is it completely unrecoverable when it loses power?  The device also erases any Bip39 passphrase that's been entered when it's logged off or disconnected from power.  I wonder how secure the device's memory features are.
RAM should be deleted when power is turned off, so in theory you should be fine, unless there are some flaws in memory design.
Bigger problem with Coldcard and other hardware wallets is their main microchip that many times showed issues in past, and you don't know what's happening inside that little thing.
After they added two closed source secure elements they only made things more complicated, not safer in my opinion.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
June 29, 2022, 09:20:16 AM
#20
This topic is closely related to something that's been occupying my mind lately.  I recently bought a ColdCard, and I've spent a few hours tinkering with it before I christen it "The Hardware Wallet."  One of the things about the ColdCard that I like (it's a Mk4, btw,) is that it has a small amount of storage that can be mounted when plugged into a computer's USB port.  The storage can be used to transfer wallet files to the PC after generating them in the cold card.  When the ColdCard is unplugged all the data that was stored in said mount is automatically erased.

What I'm wondering, is if the data is just merely erased, or is completely purged?  I doubt it's overwritten, but since it appears to be RAM is it completely unrecoverable when it loses power?  The device also erases any Bip39 passphrase that's been entered when it's logged off or disconnected from power.  I wonder how secure the device's memory features are.


As for BitcoinGirl.Club's panic attack; The Trezor and it's clones have open source hardware, which is partially why they are vulnerable to this attack vector, but the risk can largely be mitigated by adding a Bip39 passphrase to your hardware wallet.  This is especially important for the Trezor wallets, and any that use their source code.  Even if the hacker is able to steal your hardware, and break into it to extract your seed phrase, there's no way for him to get to your funds if they are locked behind a strong passphrase.  I certainly wouldn't consider this a cure, more like buying you a little bit of extra time to create a new seed and transfer all the funds.

I use passphrases on all my hardware wallets now, even if they are not vulnerable to the attack vector demonstrated in that video.
hero member
Activity: 1659
Merit: 687
LoyceV on the road. Or couch.
June 29, 2022, 08:59:12 AM
#19
Instead of a hammer, I'd use an angle grinder. But even then it's theoretically still possible to find back some bits. It just became a lot harder.

Even with full disk encryption, I still wouldn't send it for warranty.
legendary
Activity: 1792
Merit: 1296
Playbet.io - Crypto Casino and Sportsbook
June 29, 2022, 08:49:34 AM
#18
Returning your hard drive to the manufacturer (even after formatting the disk) under warranty with your seed-pharse is the last thing.
Usually, when a drive breaks, format isn't possible anymore.
For more paranoid confidence and peace of mind, you can "format" a broken hdd with a regular hammer, as already suggested above. It is desirable to "format" the physical disk itself (a metal plate inside the hdd), because even from broken hhd, in some cases (when the disk is not damaged), it is theoretically possible to recover information.

After that, you can safely throw such a hdd into the trash without fear that someone will find it and restore your data from it.

If it still works I'd overwrite it a few times.
How about installing encrypted version linux/ubuntu on hdd, which will also make it impossible to restore the old data?
hero member
Activity: 1659
Merit: 687
LoyceV on the road. Or couch.
June 29, 2022, 08:19:46 AM
#17
Returning your hard drive to the manufacturer (even after formatting the disk) under warranty with your seed-pharse is the last thing.
Usually, when a drive breaks, format isn't possible anymore. If it still works I'd overwrite it a few times.
legendary
Activity: 1792
Merit: 1296
Playbet.io - Crypto Casino and Sportsbook
June 28, 2022, 09:23:28 AM
#16
Situation 1. My desktop has broken and I can no longer use it. Which part of the device I need to burn to destroy all information from it or keep for safety.
Anything that stores data. This is the reason I don't claim warranty on hard drives.
Returning your hard drive to the manufacturer (even after formatting the disk) under warranty with your seed-pharse is the last thing. Therefore, when choosing a hard drive to work with crypto, it is preferable to buy more reliable devices, despite the fact that they will be more expensive. So it will be possible to at least reduce the likelihood of a hard drive disk failure, and in this case it is better to forget about the warranty.

Situation 1: The hardware device is not functional anymore. Should I panic and burn it to destroy the data completely?
Why not just keep it in a drawer? You never know when it comes in handy.
Precisely, it can be used as spare parts in the event of a breakdown of the same device model. For some manufacturers, hardware device breakdowns have already become normal.
hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
June 28, 2022, 08:50:13 AM
#15
The video of the Trezor seed extraction doesn't really have anything to do with the questions you asked.
That hack was only possible because the owner of the Trezor still had an old firmware installed on his device. That old firmware had a vulnerability where the PIN and seed were loaded into the RAM. What Joe did was find a way to access this information to get to the seed. Since that loading of sensitive information into RAM does no longer happen with the newer firmware versions, the same type of attack would no longer work. But the chip could potentially be vulnerable to other manipulations. Kraken and Ledger hacked the Trezor as well.   

It took a hardware hacker 3 months to extract the seed. It's safe to say, that it isn't something that too many people could do. I would still not be interested in giving away or selling my used hardware wallet. 
It's also worth mentioning this is a device without secure chip and one of the world's best hardware hackers still spent 3 months on it. I don't think anyone should 'panic' because of that. Especially if you're in physical control of your hardware wallet.
legendary
Activity: 2730
Merit: 7065
June 28, 2022, 04:27:43 AM
#14
The video of the Trezor seed extraction doesn't really have anything to do with the questions you asked.
That hack was only possible because the owner of the Trezor still had an old firmware installed on his device. That old firmware had a vulnerability where the PIN and seed were loaded into the RAM. What Joe did was find a way to access this information to get to the seed. Since that loading of sensitive information into RAM does no longer happen with the newer firmware versions, the same type of attack would no longer work. But the chip could potentially be vulnerable to other manipulations. Kraken and Ledger hacked the Trezor as well.  

It took a hardware hacker 3 months to extract the seed. It's safe to say, that it isn't something that too many people could do. I would still not be interested in giving away or selling my used hardware wallet.  
hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
June 27, 2022, 06:52:26 PM
#13
How safe it is to hand out a used and reset hardware wallet to someone else who does not know the seed I had for it?
It's not safe to give anyone used hardware wallet, but you can do simple thing again, send all your coins to different wallet/device  and reset your hardware wallet.
Never again use seed words from previous hardware wallet.
In theory, if the device does get hacked though and memory is restored, the privacy of the previous owner would be broken. For sure regarding previous transactions and potentially for future transactions, for instance if the user didn't mix their coins in the transfer from the old to the new wallet.
legendary
Activity: 2212
Merit: 7064
June 27, 2022, 12:59:41 PM
#12
I just saw this video. He hacked the hardware wallet and restored the seed. Goosebumps experience for me.
It's (very) old news and we talked about it before, and I honestly don't understand why would you panic about something that was fixed long time ago.
I guess this is how sensation video marketing works... getting you with your emotions.

I have reset my windows to remove all files. Is it safe to sell it or give it away to someone to use?
Simple. Just sell it without hard drive, and you can do whatever you want with it.
You can do secure SSD deletion (encryption is created) of hard drive letter, that makes it almost impossible to recover data after that.

How safe it is to hand out a used and reset hardware wallet to someone else who does not know the seed I had for it?
It's not safe to give anyone used hardware wallet, but you can do simple thing again, send all your coins to different wallet/device  and reset your hardware wallet.
Never again use seed words from previous hardware wallet.
If you want to be sure burn your seed words, use hammer to destroy your hardware wallet, and use hypnosis to forget everything.

Wouldn't it be easier to just send the coins to a new wallet so that you don't have to worry about the old seed?
Not if you watched that video like he did  Cheesy
He made everything look so complicated, along with self-advertisement.

hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
June 26, 2022, 06:50:08 PM
#11
Wouldn't it be easier to just send the coins to a new wallet so that you don't have to worry about the old seed?
I would absolutely do that. There's no real point importing an old device's seed, in my opinion. Especially if you're worried about the integrity and secrecy of the old seed.
Pages:
Jump to: