Enlarge / Simplified figurative process of a Cryptocurrency transaction.
Researchers have defeated a key protection against cryptocurrency theft with a series of attacks that transmit private keys out of digital wallets that are physically separated from the Internet and other networks.
Like most of the other attacks developed by Ben-Gurion University professor Mordechai Guri and his colleagues, the currency wallet exploits start with the already significant assumption that a device has already been thoroughly compromised by malware. Still, the research is significant because it shows that even when devices are airgappedmeaning they aren't connected to any other devices to prevent the leaking of highly sensitive dataattackers may still successfully exfiltrate the information. Past papers have defeated airgaps using a wide array of techniques, including electromagnetic emissions from USB devices, radio signals from a computer's video card, infrared capabilities in surveillance cameras, and sounds produced by hard drives.
On Monday, Guri published a new paper that applies the same exfiltration techniques to "cold wallets," which are not stored on devices connected to the Internet. The most effective techniques take only seconds to siphon a 256-bit Bitcoin key from a wallet running on an infected computer, even though the computer isn't connected to any network. Guri said the possibility of stealing keys that protect millions or billions of dollars is likely to take the covert exfiltration techniques out of the nation-state hacking realm they currently inhabit and possibly bring them into the mainstream.
"I think that the interesting issue is that the airgap attacks that were thought to be exotic issues for high-end attacks may become more widespread," he wrote in an email. "While airgap covert channels might be considered somewhat slow for other types of information, they are very relevant for such brief amounts of information. I want to show the security of 'cold wallet' is not hermetic given the existing airgap covert channels."
One technique can siphon private keys stored in a cold wallet running on a Raspberry Pi, which many security professionals say is one of the best ways to store private cryptocurrency keys. Even if the device became infected, the thinking goes, there's no way for attackers to obtain the private keys because it remains physically isolated from the Internet or other devices. In such cases, users authorize a digital payment in the cold wallet and then use a USB stick or other external media to transfer a file to an online wallet. As the following video demonstrates, it takes only a few seconds for a nearby smartphone under the attacker's control to covertly receive the secret key.
BeatCoin: Leaking bitcoin's private keys from air-gapped wallets.
The technique works by using the Raspberry Pi's general-purpose input/output pins to generate radio signals that transmit the key information. The headphones on the receiving smartphone act as an antenna to improve the radio-frequency signal quality, but in many cases they're not necessary.
A second video defeats a cold wallet running on a computer. It transmits the key by using inaudible, ultrasonic signals. Such inaudible sounds are already being used to covertly track smartphone users as they move about cities. It wouldn't be a stretch to see similar capabilities built into malware that's designed to steal digital coins.
BeatCoin: Leaking bitcoin's private keys from air-gapped wallets.
As already mentioned, the exfiltration techniques described in this post assume the device running the cold wallet is already infected by malware. Still, the widely repeated advice to use cold wallets is designed to protect people against this very scenario.
"We show that, despite the high degree of isolation of cold wallets, motivated attackers can steal the private keys out of the air-gapped wallets," Guri wrote in the new paper. "With the private keys in hand, an attacker virtually owns all of the currency in the wallet."
To protect keys, people should continue to store them in cold wallets whenever possible, but they should consider additional safeguards, including keeping cold wallets away from smartphones, cameras, and other receivers. They should also shield cold-wallet devices with metallic materials that prevent electromagnetic radiation from leaking. Of course, people should also prevent devices from becoming infected in the first place.
See the rest here:
New hacks siphon private cryptocurrency keys from ...
- As Bitcoin Flounders, This Tiny Cryptocurrency Has Soared Over 200%Heres Why - Forbes - May 23rd, 2020
- What to Know About Billions' Cryptocurrency Drama If You Know Nothing About Cryptocurrency - Vulture - May 23rd, 2020
- Tether, the most promising stable coin, now the third most valuable cryptocurrency - Nairametrics - May 23rd, 2020
- Taxation on the Cryptocurrency - Live Bitcoin News - May 23rd, 2020
- Bitcoin Worth $282K from the 2016 Bitfinex Hack on the Move - Bitcoin News - May 23rd, 2020
- A detailed overview of Cryptocurrency Market [PDF] with innovation in technology, various aspects of the industry players, regions, types, and... - May 23rd, 2020
- Why Have Cryptocurrency Payments Failed to Take Off So Far? - Cointelegraph - May 22nd, 2020
- Cryptocurrency and COVID-19: Bitcoins Path to a Safe Haven - Cointelegraph - May 22nd, 2020
- Analysis on Impact of COVID-19- Cryptocurrency Mining Hardware Market 2020-2024 | Rising Popularity Of Mining Pools to Boost Growth | Technavio -... - May 22nd, 2020
- Top Cryptocurrency Trading Bots 2020 - Conquer The World - KryptoMoney - May 22nd, 2020
- Crypto hedge funds struggle to recover from bloodbath - Financial Times - May 22nd, 2020
- Bitcoins prices slip amid speculation that a block of the cryptocurrency possibly linked to creator Satoshi Nakamoto just changed hands - MarketWatch - May 20th, 2020
- Is 2020 the year to invest in cryptocurrency? - About Manchester - May 20th, 2020
- Ripple, third most valuable cryptocurrency, gets approval from the US for money transfers - Nairametrics - May 20th, 2020
- PODCAST | Why is Africa the most promising region for cryptocurrency? - Business Day - May 20th, 2020
- Learn how to invest in the stock market and cryptocurrency - New York Post - May 20th, 2020
- COVID-19 Impact ON Cryptocurrency Exchanges Market: Size, Market Analysis, Application, Growth Drivers, Trends, status and Research Report by 2025 -... - May 20th, 2020
- Cryptocurrency Market 2020 Size & Share Outlook with COVID-19 Impact Analysis and Forecast to 2026 - Cole of Duty - May 20th, 2020
- Cryptocurrency Receiving Massive Favor Amidst Inflation - Move Your Money - May 20th, 2020
- Cryptocurrency Mining Hardware Market 2020 Global Overview, Growth, Size, Opportunities, Trends, Leading Company Analysis and Forecast to 2026 - Cole... - May 20th, 2020
- Telegram shuts down its cryptocurrency operation - The Verge - May 18th, 2020
- The Global Digital Asset & Cryptocurrency Association in Chicago wants to be the one to regulate digital currencies - Crain's Chicago Business - May 15th, 2020
- Bitcoin halving Q&A: what it's all about and what it means for the cryptocurrency - The Conversation US - May 15th, 2020
- This Minor Cryptocurrency Is On Track To Smash Bitcoin In 2020 - Forbes - May 15th, 2020
- FATF: How Will the Guidelines Affect Canadas Crypto Industry? - Finance Magnates - May 15th, 2020
- Cryptocurrency market update: Donald Trump will send Bitcoin to the moon - FXStreet - May 15th, 2020
- Bitcoin and cryptocurrency markets: Where next? - FXStreet - May 15th, 2020
- Thailand Sticks by its Cryptocurrency Commitment - The Phuket News - May 15th, 2020
- Man charged over cryptocurrency investment fraud - The Star Online - May 15th, 2020
- Cryptocurrency Market News: Bitcoin in tactical retreat to $9,600 before another jump to $10,000 - FXStreet - May 15th, 2020
- No way around it: the irreparable damage cryptocurrency does to the environment - Green Prophet - May 15th, 2020
- Cryptocurrency Market News: Bitcoin fails to hit 10K but could make another push - FXStreet - May 15th, 2020
- Teen Hackers Accused of Cryptocurrency Theft, Sued For $71 Mn - CISO MAG - May 11th, 2020
- Paul Tudor Jones calls bitcoin a 'great speculation,' says he has almost 2% of his assets in it - CNBC - May 11th, 2020
- Coinbase CEO Says New Cryptocurrency Bill Would Have Major Impact on Future of Finance - The Daily Hodl - May 11th, 2020
- Cryptocurrency Market Update: Bloodbath as Bitcoin nosedives to $8,000, Ethereum $180 and Ripple $0.1780 - FXStreet - May 11th, 2020
- Cryptocurrency Mining Hardware Market Growth by Top Companies, Trends by Types and Application, Forecast to 2026 - Cole of Duty - May 11th, 2020
- The IRS Wants to Know About Your Cryptocurrency Transactions - Interesting Engineering - May 11th, 2020
- Bitcoin's halving might see a large influx of investors wanting a piece of the cryptocurrency market - Mashable SE Asia - May 11th, 2020
- Investors Who Bought iMining Blockchain and Cryptocurrency (CVE:IMIN) Shares A Year Ago Are Now Up 56% - Simply Wall St - May 11th, 2020
- Cryptocurrency Market Update: Bitcoin, Ethereum and Ripple have a bullish start to Saturday, following Fridays drop - FXStreet - May 11th, 2020
- What is a cryptocurrency and why is it needed? - AMBCrypto English - May 11th, 2020
- Cryptocurrency Litecoin dipped to 12% - The Times Hub - May 11th, 2020
- Hong Kong Cryptocurrency Platform Crypto.com Announces New $100 Million Insurance Policy Led By Arch Underwriting That Extends Total Coverage to $360... - May 11th, 2020
- Verady Unveils Ledgible Accounting Partnerships With Blockchain.Com and Algorand - AiThority - May 7th, 2020
- Cryptocurrency Market Update: Bitcoin leaves behind Ethereum and Ripple in the dust as bulls start consolidating their positions pre-halving -... - May 7th, 2020
- 7 Explosive Cryptocurrencies to Buy for the Bitcoin Halvening - InvestorPlace - May 7th, 2020
- Talking Crypto: Learn to really understand the world of cryptocurrency - Financial Post - May 5th, 2020
- Cryptocurrency This Week: Crypto Exchanges Seeks GST Clarification From RBI & More - Inc42 Media - May 5th, 2020
- Google Profits off Impersonations of Banned Cryptocurrency Celebs and Companies - Bitcoin News - May 5th, 2020
- Andreessen Horowitz Creates Second Cryptocurrency Fund With $515M Investment - Benzinga - May 5th, 2020
- Cryptocurrency And Blockchain Technology Market to Observe Strong Development by 2022 - Kentucky Journal 24 - May 5th, 2020
- Bitcoin Accounts For 78% Of The Cryptocurrency Derivatives Market In Q1 2020, Study Finds - CryptoPotato - May 5th, 2020
- MyCryptoMixer 2020 - The Best Bitcoin Mixer Necessary To Protect User's Anonymity and Privacy | Press release - Bitcoin News - May 5th, 2020
- TenX Debit Card Allows Spending Crypto as Cash - Move Your Money - May 5th, 2020
- Cryptocurrencies are gaining major traction as global economy shrinks - IOL - May 5th, 2020
- Total Cryptocurrency Market Cap Adds $20 Billion In Less Than 24 Hours - newsBTC - April 29th, 2020
- US Congress Considering More Than Two Dozen Cryptocurrency and Blockchain Proposals - The Daily Hodl - April 29th, 2020
- Congress Has Now Introduced 32 Crypto And Blockchain Bills - Forbes - April 29th, 2020
- Did This Norwegian Multimillionaire Invent a Cryptocurrency Ransom to Cover Up the Murder of His Wife? - Vanity Fair - April 29th, 2020
- Drawbacks of Cryptocurrency Exchanges - How Non-Custodial Services Are the Solution | Sponsored - Bitcoin News - April 29th, 2020
- Circuit Breakers Could Be Coming to CryptoBut Will they Be Effective? - Finance Magnates - April 29th, 2020
- North Koreas Alleged $670M Cryptocurrency Stash in Question Amid Rumors of Kim Jong-Uns Death - BeInCrypto - April 29th, 2020
- Tips to Understand Cryptocurrency and White Paper - Crypto Daily - April 29th, 2020
- Ethereum Near Levels That Sent Price 25% Down in 2019 - newsBTC - April 29th, 2020
- $8.8 Trillion Traded in Cryptocurrency Spot and Futures Markets in Q1: Reports | Markets and Prices Bitcoin News - Bitcoin News - April 29th, 2020
- Things You Should Be Aware Of Behind the Cryptocurrency And 5G Covid-19 Plot - The Coin Republic - April 29th, 2020
- New cryptocurrency 'CRO' to list on CoinDCX crypto exchange, to be traded in two pairs - CNBCTV18 - April 29th, 2020
- Binance-backed Cryptocurrency Derivatives Exchange FTX to Launch Spot Trading in the US - Crowdfund Insider - April 29th, 2020
- Some US Citizens Look to Be Splashing Their Stimulus Cash on Cryptocurrency - CoinDesk - April 24th, 2020
- There's Cryptocurrency Twist in Crazy 5G COVID-19 Conspiracy - U.Today - April 24th, 2020
- Cryptocurrency predictions: what coins to choose in 2020? - Capital.com - April 24th, 2020
- This is what happens to cryptocurrency paid out in sextortion campaigns - ZDNet - April 24th, 2020
- This AI-focused cryptocurrency is up 300%, but on-chain fundamentals spell trouble - CryptoSlate - April 24th, 2020
- Cryptocurrency Market Update: Bitcoin. Ethereum and Ripple in total lockdown as consolidation takes over - FXStreet - April 24th, 2020
- Tether Surpasses XRP to Become the Third-Largest Cryptocurrency - newsBTC - April 24th, 2020
- TaxBit Simplifies Cryptocurrency Taxes with Innovative Reporting and Audit Tools - BTCMANAGER - April 24th, 2020
- Cryptocurrency Price Analysis: Bitcoin, Ethereum, Ripple, and ChainLink Where Are They Heading? - Coingape - April 24th, 2020
- Is Chinas National Cryptocurrency The Beginning Of A New Financial Era? - The Coin Republic - April 24th, 2020
- Ripple Executive Says Institutional Trading Boosting XRP Behind the Scenes, With Cryptocurrency Exchange Bitso Taking the Lead - The Daily Hodl - April 24th, 2020