Author

Topic: New research paper exploting air-gapped wallets: "BeatCoin" (Read 182 times)

legendary
Activity: 2126
Merit: 1001
https://cyber.bgu.ac.il//advanced-cyber/airgap
There are a couple of videos on the page above, but this is the direct link to the "BeatCoin" paper's pdf.

I've seen exploits of this nature in the past but this one can use the GPIO pins on a raspberry pi to transmit the data (see first video). Given that historically Armory has offered downloads for the raspberry pi, and many here use the split online-offline/cold storage setup, I've posted here for awareness/discussion. Relevant to more typical computers/laptops too.

This all assumes the offline machine has been compromised. While we can minimise the chances of that by not attaching USB drives and other external media, the reality is that software upgrades to the offline system (i.e. Armory's signer) do need to happen to ensure compatibility from time to time. Excluding that, there is still the need to get transactions on and off the offline system, which provides the opportunity for an attacker if the online system is compromised.
For the RPi: this thread by TierNolan seems to offer an alternative to using USB devices for data transfer in order to help keep the offline system clean/secure. I'm unsure whether the GPIO being in use would mitigate outgoing transmissions by malware, but inclined to assume not.

I'm not an expert, but it certainly unnerves me to see a layer of the security model eroded like this - the suggestion of needing some sort of Faraday cage doesn't seem as excessively cautious as it used to be. Certainly a win for dedicated hardware wallets that only have the required components included Undecided

Quote
"ODINI : Escaping Sensitive Data from Faraday-Caged, Air-Gapped Computers via Magnetic Fields"
..right from https://cyber.bgu.ac.il//advanced-cyber/airgap
SCNR :-)

Ente
member
Activity: 178
Merit: 10
that's an impressive and varied list of side channel attacks...
member
Activity: 270
Merit: 36
https://cyber.bgu.ac.il//advanced-cyber/airgap
There are a couple of videos on the page above, but this is the direct link to the "BeatCoin" paper's pdf.

I've seen exploits of this nature in the past but this one can use the GPIO pins on a raspberry pi to transmit the data (see first video). Given that historically Armory has offered downloads for the raspberry pi, and many here use the split online-offline/cold storage setup, I've posted here for awareness/discussion. Relevant to more typical computers/laptops too.

This all assumes the offline machine has been compromised. While we can minimise the chances of that by not attaching USB drives and other external media, the reality is that software upgrades to the offline system (i.e. Armory's signer) do need to happen to ensure compatibility from time to time. Excluding that, there is still the need to get transactions on and off the offline system, which provides the opportunity for an attacker if the online system is compromised.
For the RPi: this thread by TierNolan seems to offer an alternative to using USB devices for data transfer in order to help keep the offline system clean/secure. I'm unsure whether the GPIO being in use would mitigate outgoing transmissions by malware, but inclined to assume not.

I'm not an expert, but it certainly unnerves me to see a layer of the security model eroded like this - the suggestion of needing some sort of Faraday cage doesn't seem as excessively cautious as it used to be. Certainly a win for dedicated hardware wallets that only have the required components included Undecided
Jump to: