Author

Topic: If I use the real GPG verified electrum, am I vulnerable to fake updates? (Read 307 times)

legendary
Activity: 3472
Merit: 10611
Curious that the OP suggested that.  I've downloaded software that doesn't provide a signature file for the binaries, but instead includes a PGP signed list of checksum hashes.  I can't remember if it's TOR browser of Oracle VM that does that, but it seems like a viable way of doing it, even if it requires an second step and knowledge of both PGP, and how to check for hash values.

It's something I've thought about in the past, why doesn't Electrum publish their checksum hashes?  A lot of us old-timers have been verifying the checksum of downloaded software for some time now.

it doesn't make any difference to provide the PGP signature of the file itself or provide hash of the file and then PGP signature of the hash. i don't yet know why some projects do it but they do it nonetheless. for instance Ubuntu does exactly this. under Linux both of these steps take only two steps to write a small line in terminal so it is not that big a deal.

besides under the hood things are happening the same way! for example when you are verifying PGP signature you first compute hash of the file then check the signature versus that. so hashing is still a part of it.
HCP
legendary
Activity: 2086
Merit: 4363
Curious that the OP suggested that.  I've downloaded software that doesn't provide a signature file for the binaries, but instead includes a PGP signed list of checksum hashes.  I can't remember if it's TOR browser of Oracle VM that does that, but it seems like a viable way of doing it, even if it requires an second step and knowledge of both PGP, and how to check for hash values.
Or perhaps you are thinking of Bitcoin Core? Wink

https://bitcoincore.org/bin/bitcoin-core-0.19.1/SHA256SUMS.asc


It's something I've thought about in the past, why doesn't Electrum publish their checksum hashes?  A lot of us old-timers have been verifying the checksum of downloaded software for some time now.
I don't really see any difference between checking the signature on the binary file... and checking the signature on the file of the checksums and then checking the checksums... except, for the latter, it's a two step process!

Which I would guess is the reason why the Electrum devs sign the binaries Tongue


Quote
Has the source of fraudulent message been found?  How were so many servers infected?
Servers were not "infected"... Someone modified the server code to display the message instead of standard server responses... then they deliberately ran that code on a bunch of servers that were spun up on services like AWS in various locations... basically, create one, clone it 100s of times... let them go.

By flooding the network with "malicious" servers, chances were good that people would end up "randomly" connected to one. Undecided
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Curious that the OP suggested that.  I've downloaded software that doesn't provide a signature file for the binaries, but instead includes a PGP signed list of checksum hashes.  I can't remember if it's TOR browser of Oracle VM that does that, but it seems like a viable way of doing it, even if it requires an second step and knowledge of both PGP, and how to check for hash values.

It's something I've thought about in the past, why doesn't Electrum publish their checksum hashes?  A lot of us old-timers have been verifying the checksum of downloaded software for some time now.


Neither do, I checked just now.

I trust SHA256 hashes contained in PGP messages signed with a verified fingerprint/public key more than a bunch of SHA256 hashes in a plain text file, because the hacker who puts a malicious binary on the website can also upload a new file of corresponding hashes. They can't do that if the hashes are contained inside a signed message and the key hasn't been compromised.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
by comparing file hashes contained in GPG signed keys,
you are not comparing file hashes here, instead you are verifying that the digital signature is made from the key that you choose to trust.

Curious that the OP suggested that.  I've downloaded software that doesn't provide a signature file for the binaries, but instead includes a PGP signed list of checksum hashes.  I can't remember if it's TOR browser of Oracle VM that does that, but it seems like a viable way of doing it, even if it requires an second step and knowledge of both PGP, and how to check for hash values.

It's something I've thought about in the past, why doesn't Electrum publish their checksum hashes?  A lot of us old-timers have been verifying the checksum of downloaded software for some time now.


Quote
The default setup of electrum selects a server automatically. How does it know which server to sync with, and that it's not malicious?
Electrum "servers" or with their correct descriptive name: "bitcoin core full nodes with additional indexing" can not be malicious! even those exploiting the vulnerability in pre 3.3.4 version weren't exactly malicious since they are not doing anything apart from replying to you with block headers, transaction,... it was user's mistake that they downloaded a malicious file from a website without verifying its signature.

Has the source of fraudulent message been found?  How were so many servers infected?
HCP
legendary
Activity: 2086
Merit: 4363
I doubt it, using PGP is hard task for most people. I doubt anyone perform PGP verification aside from security expert, geeks or anyone with serious security concern.
Most people is more likely to ask whether a website is real or not.
So which do think would be "harder" to handle for most users... verifying the digital signatures... or losing their life savings? Huh

Be Your Own Bank == Be Your Own Bank's Security Department

If you're not going to do it properly, then the outcome should not be a surprise.

Checking the PGP signatures is NOT hard or beyond the ability of the majority of computer users. The problem is that is takes time and effort to learn... usually the first one is in short supply for most people, however in the current environment, most people have a lot more time. Now they just need to make the effort.

Adbussamad's step-by-step guides are very good and should be easy enough to follow for anyone: https://bitcoinelectrum.com/how-to-verify-your-electrum-download/
legendary
Activity: 2464
Merit: 3878
Hire Bitcointalk Camp. Manager @ r7promotions.com
I doubt it, using PGP is hard task for most people. I doubt anyone perform PGP verification aside from security expert, geeks or anyone with serious security concern.
Most people is more likely to ask whether a website is real or not.
Yeah I get you point. I was in the same position when I had not idea about PGP but later when I felt that I need to see it for the sake of my security, I never found it too hard. It's as easy as exploring other simple computer applications. We can create the awareness for it as a community.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
I see that some users wrote that they uninstall the older Electrum version before updating to a newer one. I have never done that either. I have updated my Electrum software 4 times at least and never uninstalled the old client before. 

Given that Electrum stores its configuration in ~/.electrum, at least on Linux, and that I use the Python bundle of electrum which just needs to be extracted to run, I think I can just download a newer version of electrum's python bundle when it comes and extract that to another folder, without worrying about deleting the old one. Granted, newer updates might change the configuration format and make it incompatible with older versions so I would delete older versions of electrum as they are merely unnecessary. Like this I don't think it's necessary to uninstall/delete older versions before you use new ones.
legendary
Activity: 2730
Merit: 7065
Just turn off the auto-update notifications. They aren't really needed. If you are a regular on this forum, you will probably see a thread or a post somewhere that a never version of Electrum has been released on the same day of the release. Check the official site from time to time as well. I have never checked if there are new updates from within the Electrum app myself and I am not planning to do it. I see no need for it.

I see that some users wrote that they uninstall the older Electrum version before updating to a newer one. I have never done that either. I have updated my Electrum software 4 times at least and never uninstalled the old client before. 
legendary
Activity: 2170
Merit: 1789
I am on the same page here. This will create a caution for the users and users will be encouraged to take verification seriously.

I'm kinda pessimistic about it. There have been multiple instances where users are reminded to verify the files that they downloaded first before installing it, let alone checking the web page. It's just like the old saying goes, as long as it doesn't happen to you, you'll feel safe. Which is why lots of users fall for the scams, to begin with.

But well, something is still better than nothing though.
legendary
Activity: 3472
Merit: 10611
by comparing file hashes contained in GPG signed keys,
you are not comparing file hashes here, instead you are verifying that the digital signature is made from the key that you choose to trust.

Quote
is there any way a stock electrum installation could be fooled into showing a fake update screen?
there is no way, but it should not matter because even if you downloaded a new installation file from somewhere else you still should verify its signature. additionally you shouldn't keep your keys on an online machine in first place. storing them offline would remove nearly all possibilities of losing your coins.

Quote
The default setup of electrum selects a server automatically. How does it know which server to sync with, and that it's not malicious?
Electrum "servers" or with their correct descriptive name: "bitcoin core full nodes with additional indexing" can not be malicious! even those exploiting the vulnerability in pre 3.3.4 version weren't exactly malicious since they are not doing anything apart from replying to you with block headers, transaction,... it was user's mistake that they downloaded a malicious file from a website without verifying its signature.
legendary
Activity: 2464
Merit: 3878
Hire Bitcointalk Camp. Manager @ r7promotions.com
Then possibly I messed up something. I can clearly recall once or few times I guess, I have seen the pop up that was asking to update but I did not proceed from there. And if this was at that time when there was a vulnerable code in the server then I was lucky I guess.

Anyway, this is what my current setup and as far as I can remember I am practicing this from long time.




On a side note, maybe the should include a note in that dialog to remember to verify the download! Huh
I am on the same page here. This will create a caution for the users and users will be encouraged to take verification seriously.
 
HCP
legendary
Activity: 2086
Merit: 4363
Nope... just the notification:



and then the popup with the link to the official download:



On a side note, maybe the should include a note in that dialog to remember to verify the download! Huh
legendary
Activity: 2464
Merit: 3878
Hire Bitcointalk Camp. Manager @ r7promotions.com
It's not an "instant auto update"... you get a notification that a new version is available, and clicking on it will lead you to the "standard" electrum.org download page.

https://github.com/spesmilo/electrum/blob/5d4f8f316480776eb78d98ea9ac9c3b2a05ef01d/electrum/gui/qt/update_checker.py#L21


You are still advised to do the verification even if you have the update notification on.
You got me there. Bad choice of words from me. I have seen few time the pop up to notify but never proceeded from there so my understanding was that it will do the update in the system like other apps do, if I click on the button that triggers the update.

Good to know that it takes to the official site to do things manually. Yeah, signature verification is the most important part for me always.
HCP
legendary
Activity: 2086
Merit: 4363
The instant auto update is very easy but I somehow do not feel secure about it.
It's not an "instant auto update"... you get a notification that a new version is available, and clicking on it will lead you to the "standard" electrum.org download page.

https://github.com/spesmilo/electrum/blob/5d4f8f316480776eb78d98ea9ac9c3b2a05ef01d/electrum/gui/qt/update_checker.py#L21


You are still advised to do the verification even if you have the update notification on.
legendary
Activity: 2464
Merit: 3878
Hire Bitcointalk Camp. Manager @ r7promotions.com
So assuming I only get newer versions of electrum by comparing file hashes contained in GPG signed keys, is there any way a stock electrum installation could be fooled into showing a fake update screen? Assuming that electrum even has any update screens coded into it, because if it doesn't, then I guess all such dialogs should not be trusted. What should I do in a situation like that?
I go with the old fashioned way. I uncheck the auto update option in my Electrum and when there are any new update, I just uninstall my current Electrum and then download the newer version, verify the application file and then install it.

The instant auto update is very easy but I somehow do not feel secure about it.
legendary
Activity: 3710
Merit: 1586
the way electrum works is you are not supposed to have to trust the server you are connected to. so don't worry about malicious servers.
legendary
Activity: 1876
Merit: 3139
[...] is there any way a stock electrum installation could be fooled into showing a fake update screen?

Versions older than 3.3.4 are vulnerable to phishing. New versions include built-in update notifier. The address which is used for signing these messages is apparently hardcoded into Electrum. You should be safe if you always verify the installation file.

What should I do in a situation like that?

Ignore the malicious message. Always download Electrum from the official website and verify the installer. You should also search the Internet to see if anyone also has a similar problem. We have warned a lot of people before they followed malicious instructions.


How does it know which server to sync with, and that it's not malicious?

Here you can learn about peer discovery. There's no easy way of telling which node is malicious. Here's an example on the recent exploit.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
To my understanding, there is no command within Electrum to update itself. So assuming I only get newer versions of electrum by comparing file hashes contained in GPG signed keys, is there any way a stock electrum installation could be fooled into showing a fake update screen? Assuming that electrum even has any update screens coded into it, because if it doesn't, then I guess all such dialogs should not be trusted. What should I do in a situation like that?

The default setup of electrum selects a server automatically. How does it know which server to sync with, and that it's not malicious?

I am running Electrum 3.3.8.
Jump to: