This thread shows one method of infection (malware on optical media, usb optical drive) and one way to get the data out (optical media). You can't do anything against the "infected computer sends privkeys out", as there are unlimited possibilities (computer doing abnormal memory write patterns to create high-frequency-signals the attacker can pick up via antenna or an infected smartphone, my favorite so far).
Much worse is that we have to actually get data from the offline computer online, the signed transaction.
So, the only option we have is to not get the offline box infected in the first place. That's what our dedicated offline computer is there for.
USB:
It's possible to infect USB sticks, or most USB devices (which routinely have flashable firmware memory) for that matter. For that, we must connect a vulnerable device to a host we control, aka infected.
More dumb media, which has no firmware, is immune to this by definition. One of the few things that I am sure have no firmware, are optical media. Floppy disks, all right. Besides that, only dumb things like qr-codes, audio, printed paper and the like.
The only scenario for malware on a dumb medium, a rewriteable cd-rw for example, to infect the offline computer or the usb-dvd-drive (which is basically the same, the machine has to be infected), is a security flaw in the operating system. Like in the kernel, or in one the drivers which read the medium, talk to the drive, the chipset on the motherboard or something along that path. It must be an exploitable hole too, not simply a "send a million letters and it crashes" bug. Now this would be quite a spectacular security hole. Such a wide-open, low-level exploitable hole, well, means a disaster of epic proportions. It probably would be used against the highest, most valuable and secured targets, like billion dollar industryespionage, sabotage as with the stuxnet worm (which used simple usb drives) and other "big" targets.
And it would take little time to find out how these attacks worked, "burning" those attack vectors after a few uses.
I don't say this isn't possible. I don't say the NSA doesn't have such attack vectors in their safe. But I say it doesn't make any sense at all to "waste" such attack vectors on peanuts like a few million dollars in crypto-blowstamps :-)
If you want to do something to sleep better: deactivate all unused USB drivers. You probably won't need the LEGO Mindstorms driver in your ARmory offline machine, right? ;-)
You might try to get alternative drivers for the one, two left over. If you can trust them, that is. OpenBSD drivers, just as a non-working example.
If you follow up on those, I'd be interested to hear about it!
Ente
From now on, I'm going to be assuming that everything goes through USB somehow on the offline computer's motherboard. Even an internal DVD drive. Even SD cards. Everything. So, nothing is safe; anything can infect the offline computer via the dreaded USB risk. This is why I have come up with a new security policy for my offline machine. The security policy consists of two simple rules:
- As soon as ejecting / taking out a data transfer device (USB key, SD card, CD, DVD, etc.) from the offline computer, I destroy it completely beyond recovery. (In practice, this means I should only use CDs/DVDs to get data onto the offline machine because those are cheap enough to destroy after use.)
- The only allowed way to transfer data out of the offline machine is through text or images (in practice QR codes) on the screen.
This is how I use the offline computer in practice:
- I install Ubuntu Linux on my offline computer from a DVD. Then I eject the DVD and destroy it.
- I transfer other required software (such as Armory, R, an image showing the 52 cards of a deck of cards, QR code generation software, and whatever I else I need for my offline wallet purposes) to the offline computer through a CD. Then I eject the CD and destroy it.
- Once I'm set up, I transfer unsigned Armory transactions to the offline computer either through QR codes and the webcam, or using CDs and destroying the CDs.
- I get the signed transactions back to the online world through QR codes shown on the offline computer's screen.
I grant that this does not guard against the side-channel frequency attacks you mentioned. But it's the best I can come up with at this time. Maybe if bitcoin hits 10k one day I can afford to purchase a Faraday cage or some shit like that. But until that day, I'm afraid what I've got now will have to do.