Bitcoin Forum>Bitcoin>Development & Technical Discussion
Author

Topic: risks of sharing Watch-only wallets (Read 186 times)

ABCbits
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
risks of sharing Watch-only wallets
March 19, 2021, 06:12:43 AM
#13
Quote from: o_e_l_e_o on March 18, 2021, 09:17:40 AM
Quote from: ?? on ??
Even if you edit the wallet file, i doubt you can tamper/modify the unsigned transaction which created by the software.
I'm not sure I follow. Why would an attacker need to edit an unsigned transaction?

If an attacker can insert their own address in to a watch only wallet, presumably they are hoping their victim either gives out the attacker's address to an exchange or other service to process a withdrawal, or the victim sends coins to the address from another wallet. Any transaction would be created at a later date to the address being inserted.

I know, but i simply mention scenario that OP fear might happen.
NotATether
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Re: risks of sharing Watch-only wallets
March 18, 2021, 12:14:54 PM
#10
Quote from: BitcoinivaX on March 17, 2021, 06:30:54 AM
If my computer contains viruses, is there a risk of modifying watch-only data and inserting a suspicious public key? I mean, scammer adds their address when I click deposit.

Incorrect new transaction sign request created. scammer will change my sign data request.

any other risks?

It is not possible to sign a transaction from a request using a watch-only wallet, and when you create watch-only wallets it can only contain the public keys and addresses which can be derived from its master public key, not some arbitrary public key.

So the answer is no (and the signing will fail anyway because your airgapped computer does not have the attacker's private key).
o_e_l_e_o
legendary
Activity: 2268
Merit: 18748
Re: risks of sharing Watch-only wallets
March 18, 2021, 09:17:40 AM
#9
Quote from: ?? on ??
Even if you edit the wallet file, i doubt you can tamper/modify the unsigned transaction which created by the software.
I'm not sure I follow. Why would an attacker need to edit an unsigned transaction?

If an attacker can insert their own address in to a watch only wallet, presumably they are hoping their victim either gives out the attacker's address to an exchange or other service to process a withdrawal, or the victim sends coins to the address from another wallet. Any transaction would be created at a later date to the address being inserted.
mocacinno
legendary
Activity: 3584
Merit: 5243
https://merel.mobi => buy facemasks with BTC/LTC
Re: risks of sharing Watch-only wallets
March 17, 2021, 08:57:52 AM
#8
Quote from: o_e_l_e_o on March 17, 2021, 08:49:06 AM
--snip--
Quote from: mocacinno on March 17, 2021, 07:39:54 AM
This isn't a real problem... It would only work for a non-HD wallet without encryption
Not necessarily. It may still be possible, depending on the wallet software being used, to edit a wallet file based on a master public key and insert malicious addresses in to it.

True, i was thinking about one specific wallet implementation where this would be impossible and i might have overgeneralised. That being said, the attacker would still have to get his victim to use the edited wallet... In the OP's case this still seems like a non-issue... Who would give his watch-only wallet to somebody he/she doesn't know, receives it back from said person and then starts using it...

It might be an issue when the hacker gains access to a vulnerable operating system and is able to edit a watch-only wallet without the owner's knowledge. But even then, i think encryption would solve the problem in most cases.
o_e_l_e_o
legendary
Activity: 2268
Merit: 18748
Re: risks of sharing Watch-only wallets
March 17, 2021, 08:49:06 AM
#7
Quote from: pooya87 on March 17, 2021, 07:20:34 AM
-snip-
The confusion might stem from poor terminology. A lot of people use "master public key" to refer to "account extended public key". This is why you can give your "master public key" to a service and yet still derive addresses as m/44'/0'/0'/0/0, for example, which shouldn't be possible given the hardened paths. In actual fact you giving your "account extended public key" at m/44'/0'/0', so the service in question only needs to derive unhardened paths at 0/0.

Quote from: mocacinno on March 17, 2021, 07:39:54 AM
This isn't a real problem... It would only work for a non-HD wallet without encryption
Not necessarily. It may still be possible, depending on the wallet software being used, to edit a wallet file based on a master public key and insert malicious addresses in to it.
mocacinno
legendary
Activity: 3584
Merit: 5243
https://merel.mobi => buy facemasks with BTC/LTC
Re: risks of sharing Watch-only wallets
March 17, 2021, 07:39:54 AM
#6
I find the question a tad bit difficult to understand, and most aspects have already been answered...

I do have an alternative way to interprete your question that hasn't been fully answered. The way i look at (or interpret) your question is that you're afraid that if you share a watch only wallet, a hacker could insert his own address into said wallet and you'd be funding the hacker's address instead of your own.
This isn't a real problem... It would only work for a non-HD wallet without encryption (or with encryption but a weak password) that you've shared with a hacker, received back from the hacker, and then started using the wallet you received from the hacker instead of the original one.

If a hacker gets his hands on a watch-only wallet because you decided to share it, and modifies said wallet, he/she still has to convice you to start using said modified wallet instead of the original one... If you're gullible enough to do this, you're probably gullible enough to just share your seed phrase (not that i'm saying you're gullible, i'm just saying that every wallet is vulnerable if you over-share and have no clue as to what you're doing)
pooya87
legendary
Activity: 3472
Merit: 10611
Re: risks of sharing Watch-only wallets
March 17, 2021, 07:20:34 AM
#5
Quote from: ranochigo on March 17, 2021, 07:04:41 AM
Quote from: pooya87 on March 17, 2021, 06:43:47 AM
Only if the derivation path doesn't contain any hardened index.
Yep. Hardened derivation paths doesn't have master public keys, or am I wrong?
They have, you just can't derive hardened child keys using them (you can however derived non-hardened children). Master public key is essentially the corresponding public key of the master private key plus the chain code.
ranochigo
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
Re: risks of sharing Watch-only wallets
March 17, 2021, 07:04:41 AM
#4
Quote from: pooya87 on March 17, 2021, 06:43:47 AM
Only if the derivation path doesn't contain any hardened index.
Yep. Hardened derivation paths doesn't have master public keys, or am I wrong?
pooya87
legendary
Activity: 3472
Merit: 10611
Re: risks of sharing Watch-only wallets
March 17, 2021, 06:43:47 AM
#3
Whenever you spend bitcoin you are revealing your public key and there is no security issue when doing so.

Quote from: BitcoinivaX on March 17, 2021, 06:30:54 AM
If my computer contains viruses, is there a risk of modifying watch-only data and inserting a suspicious public key? I mean, scammer adds their address when I click deposit.

Incorrect new transaction sign request created. scammer will change my sign data request.
When you want to make payments you normally use an address not public keys, and it is easy for a malware (commonly known as clipboard hijacker to modify that address while it is being copied).
This is why you have to double check everything before signing and before broadcasting it again.

Quote from: ranochigo on March 17, 2021, 06:35:04 AM
If you share your master public key, the BIP32 one, it can be compromised when an attacker has both that and one of the child private key generated from its corresponding master private key.
Only if the derivation path doesn't contain any hardened index.
ranochigo
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
Re: risks of sharing Watch-only wallets
March 17, 2021, 06:35:04 AM
#2
Quote from: BitcoinivaX on March 17, 2021, 06:30:54 AM
I share my public key with a lot of untrusted third parties or unprotected devices. And the following questions arise in my mind:
If you share your master public key, the BIP32 one, it can be compromised when an attacker has both that and one of the child private key generated from its corresponding master private key.
Quote from: BitcoinivaX on March 17, 2021, 06:30:54 AM
If my computer contains viruses, is there a risk of modifying watch-only data and inserting a suspicious public key? I mean, scammer adds their address when I click deposit.

Incorrect new transaction sign request created. scammer will change my sign data request.
I'm assuming you're talking about an air-gapped wallet setup? There is a reason why most hardware wallets also have a screen on the device itself so the user can check the address again to see if it has been changed. Otherwise, there is no real risk of exposing your addresses (or public keys), they are pretty much available publicly when you spend the coins anyways.

You cannot change the address of a signed raw transaction without invalidating it.
BitcoinivaX
newbie
Activity: 9
Merit: 7
Re: risks of sharing Watch-only wallets
March 17, 2021, 06:30:54 AM
#1
We will ignore the privacy issues. I am talking about the risks related to losing your money or accessing the private key.

I share my public key with a lot of untrusted third parties or unprotected devices. And the following questions arise in my mind:

If my computer contains viruses, is there a risk of modifying watch-only data and inserting a suspicious public key? I mean, scammer adds their address when I click deposit.

Incorrect new transaction sign request created. scammer will change my sign data request.

any other risks?
Bitcoin Forum>Bitcoin>Development & Technical Discussion
Jump to: