Author

Topic: Passing the watch only wallet file to online PC -security (Read 134 times)

full member
Activity: 157
Merit: 100

You can extract WO wallet backups. You'll get 4 lines instead of 2. You can recreate the WO on your online machine in this way, without having to rely on a flash drive.

Great! didn't know that, thx a lot!

legendary
Activity: 1624
Merit: 2481
You can use any qr encoder/decoder to transmit any data between two devices.
You don't have to physically move the file using usb drives.

legendary
Activity: 3794
Merit: 1375
Armory Developer
Look up the stuxnet story for an example of attacking air gapped machines via a USB rootkit. Spoilers: it was pulled by a state actor, took untold resources and still required physical access to the laptop of one of the engineers working on the target system.

I just wish I could pass the watch-only wallet from offline to online in the same way like a transaction (with QR, sound, webcam,etc).

You can extract WO wallet backups. You'll get 4 lines instead of 2. You can recreate the WO on your online machine in this way, without having to rely on a flash drive.
full member
Activity: 157
Merit: 100
The transactions signed and unsigned are pretty safe, I agree.
I just wish I could pass the watch-only wallet from offline to online in the same way like a transaction (with QR, sound, webcam,etc).
Anyway I have learned a lot! thank you both!
legendary
Activity: 1624
Merit: 2481
Compromising an offline computer is not as simple as "copying a malware file onto the USB which copies itself onto the offline computer".

In general the attack, as you have described it, is more or less possible.
But should you be worried about it? I don't think so. If you aren't a well known target, you shouldn't have too much fear regarding this attack vector.

But again.. if you really don't want to risk it, why don't you just use 2 webcams and QR codes to transmit the unsigned and signed transactions?
full member
Activity: 157
Merit: 100
As long as you verify the signature on the software you have downloaded (or built if from source, verifying the sig on the tag), you know your wallet software isn't compromised. Here we're assuming the developer is well established and trusted. This will be our premise for the practical attacks on air gapped signers. We're also assuming there isn't just someone able to point a camera at your screen/keyboard when you type in your password then walk in and steal the signer. We're only addressing software attacks.

How about this kind of software attack:
1. Someone some how detected that I downloaded Armory
2. While copying the armory to my offline PC the attacker succeeds to also copy another malware file also through the USB hardware 
    to my offline PC (the armory itself is valid but he has another spying file).
3. When creating the offline wallet the malware is there spying.
4. When I am copying the watch-only wallet file with the USB hardware to the online PC the attacker passes again a hidden file with all my private keys to the online PC.

Is this kind of attack is not something I should be worried about?

Thanks again!
legendary
Activity: 3794
Merit: 1375
Armory Developer
As long as you verify the signature on the software you have downloaded (or built if from source, verifying the sig on the tag), you know your wallet software isn't compromised. Here we're assuming the developer is well established and trusted. This will be our premise for the practical attacks on air gapped signers. We're also assuming there isn't just someone able to point a camera at your screen/keyboard when you type in your password then walk in and steal the signer. We're only addressing software attacks.

At payment time, there are 3 attack angles:

1. Swap the payment and/or change address when constructing the unsigned transaction.

2. Read decrypted private keys at signature time and write them to the flash drive for extraction.

3. Corrupt the offline software to facilitate either of these 2 attacks (swap addresses at sign time instead of during creation).

At receive time, there is just one:

1. Swap the payment address with the attackers.


Defense against these practices are as follow:

a. Your signer should have a strong user and root password. The wallet's binary files should be set to [execute + read only]. This will prevent malware from modifying the code files.
b. Thanks to the previous step, you can have a strong expectation the code that is running is the one you verified. You can therefor trust the addresses it is rendering on screen.
c. You should always verify what addresses you are paying to and what change amount you are getting back before signing any transaction. You should also procure your payment addresses from the offline signer instead of the online machine (which may be compromised). These practices will thwart address swapping attacks

If you are paranoid about the flash drives you are using and USB rootkits, you need to take extra steps:
d. No amount of USB flashdrive corruption can steal coins until after you bring the flashdrive back from the offline signer.
e. In this case using a brand new flash drive per operations when taking data from the online machine to the offline machine prevents all possible leaks through the flash drive. Discard the flash drive, never reuse it. Formatting it is useless, rootkits persist that because they embed themselves in the USB drive's own controller, not the NVRAM.

f. Extract the signed transaction from your signer through other means. You can print out signed transactions in hex. Either write them down (~260 bytes tx will be ~520 characters), or use fancier stuff, specifically QR codes with a camera on the recipient device.
g. Used a 3rd device. The purpose of this device is to receive the signed transaction for inspection before moving to the online machine. This device must be air gapped as well. This device does not need to run Armory, but it can.
h. On the 3rd device, decode the transaction with some piece of software (a very simple offline html page can do that for you), and check the payment addresses.

Finally, take that signed transaction to an online machine (ideally not the one that generated the transaction, so potentially a 4th) and broadcast it.

Note that this is a super paranoid setup, but if you're worried about USB root kits, you have to understand that they are very difficult to deploy since they need to target the victims specific USB hardware (both online and offline machine) + the USB dongle, as well as the software stack used. Introducing new machines and adding hops where the USB dongle isn't involved, as well as cycling dongles, blocks what is an overly expensive and convoluted attack to pull off in the first place.

Honestly, you can boil down good security practices to the following few steps and sleep safe:
- check the sig on the software you download
- don't install garbage on your online machine, bitcoin related or otherwise, do not trust any wallet you had to pay for, only use open source software. If you can't help yourself, have a machine that's cleaner for your actual personal stuff (email, banking, WO wallet, etc...).
- use an offline signer
- keep some fractions of a coin in a hot wallet on your online machine, makes spending small sums painless and acts as a canary.
- check your payment and change addresses at signature time.
- grab payment addresses from your offline machine, not the online one.
full member
Activity: 157
Merit: 100
bob123,

Thanks a lot for your patience and through answers!

legendary
Activity: 1624
Merit: 2481
How can I know that there is no malware inside my USB which copy itself automatically as a hidden file to my offline

To actually be sure about that, you need to make sure that the hardware (USB flash drive) has not been tampered with and that your online pc is not infected with a malware which spread itself this way onto your USB.
The latter is quite tricky considering that the setup should still be secure even if used with an compromised online PC.

One of the easiest way would be to not use USB flash drives, but webcams and QR codes.
Even tho a possibility exists that a sophisticated malware might exploit a potential vulnerability in the encoding of the QR reading software, that probability is close to zero. At least if you aren't the most looked for criminal in this century.
Using QR's is considered a pretty neat and secure approach to that.

If you definitely want to use USB flash drives, you might as well use a 3rd system as an intermediary which is only used to get the necessary data (unsigned transaction) from the usb device, then formats it, and stores it again on the flash drive.
If you use a virtual machine for that, you can even restore it after each time. But this is is slowly heading towards the level of paranoia at this point.


The easiest and most secure ways are these, where you can actually control the data you are transmitting. Even if your online pc is compromised.
QR codes and webcams are extremely good for this. You could even encode the transaction and simply type it into your offline device. That's secure too, but takes time and isn't very practicable.



Maybe I am paranoid but Armory has been here for quite a while, isn't it possible that this sort of malware exist?

It is possible, but quite unlikely i'd say.
At least, there aren't any known cases which do exactly this.

Malware to exfiltrate data from air-gapped devices, does exist. There is malware to exfiltrate data using the sound of hard drives, their led's, the powerline, etc...
But there hasn't been any known case someone losing cryptocurrencies from an air-gapped wallet through something like this.

You won't ever achieve 100% security. It is all about probabilities. And the probability to get your coins stolen from an air-gapped wallet with a few security measurements is relatively low.
At least as long as you don't make it a challenge and ask to get infiltrated.
full member
Activity: 157
Merit: 100
Thanks a lot!
But this does solve the problem only partially though I think.
How can I know that there is no malware inside my USB which copy itself automatically as a hidden file to my offline,
getting all the data and bringing it back to the online PC in a different hidden file or something when I think I am only coping the watch-only wallet?
Maybe I am paranoid but Armory has been here for quite a while, isn't it possible that this sort of malware exist?
legendary
Activity: 1624
Merit: 2481
But can you please explain what signature and how to create it? (noob here sorry)

The releases are signed by the developer using PGP.

After downloading them, you can verify the integrity by verifying the signature (a malicious version of the file would make the signature invalid).

There are quite some tutorials available on how to verify pgp signatures.

In your case:
Check out https://github.com/goatpig/BitcoinArmory/releases and you'll see there is a file called sha256sum.txt.asc.
This file cointains the hashes of the executable files and a pgp signature.

You'd want to check that 1) the signature of the file sha256sum.txt.asc matches the public key of the developer (goatpig) and 2) that the hash of your executable file is the same as seen in sha256sum.txt.asc.


I'd recommend to check out a tutorial on how to verify pgp signatures. You can find some here on the forum as well as by searching on google.
If you still have questions or struggle verifying the signature, feel free to ask.
full member
Activity: 157
Merit: 100
Thanks!
But can you please explain what signature and how to create it? (noob here sorry)
legendary
Activity: 1624
Merit: 2481
Is it a possible attack vector? Yes, definitely.
Is it a "big security fail"? No, definitely not.

Most malware is not sophisticated enough to exfiltrate data from air-gapped devices.
The most common malware people lose funds to is a simple clipboard hijacking malware (which only changes the clipboard) and a malicious version of electrum (which supposedly also only steals BTC from the electrum wallet).
Long story short: BTC thieves are kind of narrow-minded and wouldn't be able to create (or even think of) such a malware which could exfiltrate the data from an air-gapped device.


Now, to circumvent the security risk in your specific example:
Verify the signature prior moving it to your offline device / installing it. This way, you won't install any malware on your air-gapped device.
full member
Activity: 157
Merit: 100
Hi,
Probably not the first to ask it but can't find this here.
Copying armory software with USB to offline PC and installing it there can bring a virus to the offline PC.
Then even when using a new USB to pass watch-only wallet fie to online PC the virus can go back to the online with all the offline wallet data.
Isn't this a big security fail? What am I missing?
Thanks
Jump to: