Enlarge / Simplified figurative process of a Cryptocurrency transaction.
Researchers have defeated a key protection against cryptocurrency theft with a series of attacks that transmit private keys out of digital wallets that are physically separated from the Internet and other networks.
Like most of the other attacks developed by Ben-Gurion University professor Mordechai Guri and his colleagues, the currency wallet exploits start with the already significant assumption that a device has already been thoroughly compromised by malware. Still, the research is significant because it shows that even when devices are airgappedmeaning they aren't connected to any other devices to prevent the leaking of highly sensitive dataattackers may still successfully exfiltrate the information. Past papers have defeated airgaps using a wide array of techniques, including electromagnetic emissions from USB devices, radio signals from a computer's video card, infrared capabilities in surveillance cameras, and sounds produced by hard drives.
On Monday, Guri published a new paper that applies the same exfiltration techniques to "cold wallets," which are not stored on devices connected to the Internet. The most effective techniques take only seconds to siphon a 256-bit Bitcoin key from a wallet running on an infected computer, even though the computer isn't connected to any network. Guri said the possibility of stealing keys that protect millions or billions of dollars is likely to take the covert exfiltration techniques out of the nation-state hacking realm they currently inhabit and possibly bring them into the mainstream.
"I think that the interesting issue is that the airgap attacks that were thought to be exotic issues for high-end attacks may become more widespread," he wrote in an email. "While airgap covert channels might be considered somewhat slow for other types of information, they are very relevant for such brief amounts of information. I want to show the security of 'cold wallet' is not hermetic given the existing airgap covert channels."
One technique can siphon private keys stored in a cold wallet running on a Raspberry Pi, which many security professionals say is one of the best ways to store private cryptocurrency keys. Even if the device became infected, the thinking goes, there's no way for attackers to obtain the private keys because it remains physically isolated from the Internet or other devices. In such cases, users authorize a digital payment in the cold wallet and then use a USB stick or other external media to transfer a file to an online wallet. As the following video demonstrates, it takes only a few seconds for a nearby smartphone under the attacker's control to covertly receive the secret key.
BeatCoin: Leaking bitcoin's private keys from air-gapped wallets.
The technique works by using the Raspberry Pi's general-purpose input/output pins to generate radio signals that transmit the key information. The headphones on the receiving smartphone act as an antenna to improve the radio-frequency signal quality, but in many cases they're not necessary.
A second video defeats a cold wallet running on a computer. It transmits the key by using inaudible, ultrasonic signals. Such inaudible sounds are already being used to covertly track smartphone users as they move about cities. It wouldn't be a stretch to see similar capabilities built into malware that's designed to steal digital coins.
BeatCoin: Leaking bitcoin's private keys from air-gapped wallets.
As already mentioned, the exfiltration techniques described in this post assume the device running the cold wallet is already infected by malware. Still, the widely repeated advice to use cold wallets is designed to protect people against this very scenario.
"We show that, despite the high degree of isolation of cold wallets, motivated attackers can steal the private keys out of the air-gapped wallets," Guri wrote in the new paper. "With the private keys in hand, an attacker virtually owns all of the currency in the wallet."
To protect keys, people should continue to store them in cold wallets whenever possible, but they should consider additional safeguards, including keeping cold wallets away from smartphones, cameras, and other receivers. They should also shield cold-wallet devices with metallic materials that prevent electromagnetic radiation from leaking. Of course, people should also prevent devices from becoming infected in the first place.
See the rest here:
New hacks siphon private cryptocurrency keys from ...
- Investors who lost $190m demand exhumation of cryptocurrency mogul - The Guardian - December 14th, 2019
- This little-known cryptocurrency is heading towards the top ten - Decrypt - December 14th, 2019
- Moonday Mornings: IRS readies to tax your cryptocurrency no matter what - The Next Web - December 14th, 2019
- $1.6B in Bitcoin bought during 2017s bull run hasnt moved - The Next Web - December 14th, 2019
- ING bank wants to give clients a compliant way to store cryptocurrency, report - The Next Web - December 14th, 2019
- Wondering About The Tax Treatment Of A Cryptocurrency Hard Fork And Airdrop? - JD Supra - December 14th, 2019
- Cryptocurrency scammers carefully built up their target's trust, then they fleeced him mercilessly - Mirror Online - December 14th, 2019
- Police arrest head of $2.7M Ugandan cryptocurrency scam - The Next Web - December 14th, 2019
- US arrests three in alleged USD 722 mn cryptocurrency fraud - Business Standard - December 14th, 2019
- What is Cryptocurrency? A Simple Explanation - December 4th, 2019
- 8 Best Blockchain & Cryptocurrency Books To Read in 2019 ... - December 4th, 2019
- What Is Cryptocurrency Mining? - Mycryptopedia - December 4th, 2019
- Best Places to Earn Interest on Your Cryptocurrency - Crypto Briefing - December 4th, 2019
- Cryptocurrency 101 in the South Bronx - The New Yorker - December 4th, 2019
- Bitcoin Corrects And What's Next - Seeking Alpha - December 4th, 2019
- Drugs hidden in childs toy lead police to massive $1M cryptocurrency stash - The Next Web - December 4th, 2019
- Want to Pay for Your Stay with Cryptocurrency? Head to Vir Island - Total Croatia News - December 4th, 2019
- Thai SEC to Amend its Royal Decree on Cryptocurrency - The Tokenist - December 4th, 2019
- German Banks Will Be Allowed to Buy, Sell, and Store Cryptocurrency Starting New Years Day Crypto.IQ | Bitcoin and Investment News from Inside... - December 4th, 2019
- India vs. the people: The battle over cryptocurrency ownership continues - Forkast News - December 2nd, 2019
- Cryptocurrency This Week: Binance Launches Ethereum Futures, Hackers Steal $50 Mn From Korean Exchange And ... - Inc42 Media - December 2nd, 2019
- China Shuts Down 173 Cryptocurrency Exchanges and Token-Issuing Platforms - BeInCrypto - December 2nd, 2019
- More traditional investors are eyeing cryptocurrency to diversify their portfolios - Forkast News - December 2nd, 2019
- U.S. Authorities Arrest Virgil Griffith For Teaching Cryptocurrency And Blockchain - Forbes - November 30th, 2019
- What Hides Behind South Korean Cryptocurrency Regulation Policy? - The Diplomat - November 30th, 2019
- CipherTrace Q3 2019 Cryptocurrency AML Report: 2/3 of the Top 120 - AiThority - November 30th, 2019
- Cryptocurrency Crime Spikes This Year and SMBs are Paying the Price - Commercial Integrator - November 30th, 2019
- $150 Billion Cryptocurrency Boom Is Here Buy This ETF to Profit - Banyan Hill Publishing - November 30th, 2019
- Cryptocurrency crime surges, losses hit $4.4 billion by end-September: CipherTrace report - Reuters - November 28th, 2019
- More traditional investors are eyeing cryptocurrency to diversity their portfolios - Forkast News - November 28th, 2019
- Binance CEO: China has never been pro-Bitcoin or pro-cryptocurrency - AMBCrypto - November 28th, 2019
- The Cryptocurrency Market Update: Bitcoin back on recovery track, Ripple and Ethereum follow the lead - FXStreet - November 28th, 2019
- Thailand: Cryptocurrency Law Will Change in 2020 to Stay Competitive - Cointelegraph - November 28th, 2019
- Navigating the Token Crypt: What Options Are Available For Investing Cryptocurrency? - Nasdaq - November 28th, 2019
- This Cryptocurrency Is Up 11310% in a Week. Legit Scam or Just Legit? - CCN.com - November 28th, 2019
- The Cryptocurrency Market Update: Bitcoin sits above $7,000 as the trading range is narrowing - FXStreet - November 28th, 2019
- Cryptocurrency policies must combat snake oil without stifling innovation - The Globe and Mail - November 28th, 2019
- Akon has started building Akon City in Senegal with focus on cryptocurrency and renewable energy - Evening Standard - November 28th, 2019
- Cryptocurrency steps closer to legalization in South Korea - CoinGeek - November 28th, 2019
- Dwight Schrute tells Bitcoin holders to give their worthless cryptocurrency to a non-profit - The Next Web - November 22nd, 2019
- VinDAX Is the Seventh Cryptocurrency Exchange Hacked This Year: What Should Investors Be Considering? - Lexology - November 22nd, 2019
- Bitfinex Announces Strategic Collaboration with ODEM to Expand Cryptocurrency and Blockchain Education - PRNewswire - November 22nd, 2019
- The cryptocurrency market update: Bitcoin bears have an upper hand - FXStreet - November 22nd, 2019
- This week in Cryptocurrency - Born2Invest - November 22nd, 2019
- PayPal CEO Holds Bitcoin and Only Bitcoin - Cointelegraph - November 22nd, 2019
- Cryptocurrency exchange that went dark with $16M in user funds only has $45k, report - The Next Web - November 20th, 2019
- Cryptocurrency market update: $5 billion wiped off as Bitcoin bears take a breather - FXStreet - November 20th, 2019
- The cryptocurrency market update: Bitcoin bears hit the pause button - FXStreet - November 20th, 2019
- This cryptocurrencys price just pumped 7,000%, but why? - Decrypt - November 20th, 2019
- Swedish gold-for-cryptocurrency scammer finally extradited to US - The Next Web - November 20th, 2019
- Binance US Adds Nano (NANO) as Its 26th Cryptocurrency - SludgeFeed - November 20th, 2019
- Is the IRS HODLing Out on Us? IRS Issues Additional Cryptocurrency Guidance Addressing Hard Forks, Soft Forks, and Airdrops - JD Supra - November 20th, 2019
- Maksim Zaslavskiy of the cryptocurrency Recoin was sentenced to 18 months in prison for lying to investors - Crain's New York Business - November 20th, 2019
- Cryptocurrencies | Category | Fox Business - November 1st, 2019
- Best cryptocurrency to Invest 2019 - The Complete Guide - November 1st, 2019
- Best Cryptocurrency to Invest 2019 Our Top 4 Picks - October 22nd, 2019
- Buy Cryptocurrency with Credit Card or Bank Transfer now ... - September 30th, 2019
- Best 10 Cryptocurrency Brokers - Updated for 2019 (Safe ... - September 30th, 2019
- Fidelity Said to Offer Cryptocurrency Trading Within a Few ... - May 10th, 2019
- Is This Cryptocurrency The Next Bitcoin? - forbes.com - April 28th, 2019
- Cryptocurrency Definition | Bankrate.com - April 26th, 2019
- Samsung is developing its own blockchain network, report claims - April 26th, 2019
- 2019s best cryptocurrency wallets | 70+ compared | finder.com - April 26th, 2019
- What is cryptocurrency? - Definition from WhatIs.com - April 25th, 2019
- A Beginner's Guide to Cryptocoin Mining: What You Need to ... - April 25th, 2019
- How Cryptocurrency Assets Are Becoming A New Battleground In ... - April 21st, 2019
- What is Cryptocurrency: Cryptocurrency Explained the Easy Way - April 13th, 2019
- How to trade cryptocurrency in the UK - finance.yahoo.com - April 8th, 2019
- Cryptocurrency Trading | TD Ameritrade - April 8th, 2019
- Cryptocurrency Prices, Charts, and Market Cap Data - UNHASHED - April 8th, 2019
- Blow To Bitcoin As World's Largest Cryptocurrency IPO Is Iced - April 2nd, 2019
- How and where do I report Cryptocurrency coin-to-coin ... - March 22nd, 2019
- Hundreds of Millions in Cryptocurrency Vanishes After ... - March 11th, 2019
- Fidelity's new cryptocurrency company is up and running ... - March 9th, 2019
- Cryptocurrency Exchange Says It Can't Access $190 Million ... - February 5th, 2019
- What's the Best Cryptocurrency to Invest in Today? - January 9th, 2019
- Cryptocurrency Trading Easy tips to get started | AvaTrade - January 9th, 2019
- Thailand Issues 4 Cryptocurrency Licenses, Rejects 2 ... - January 9th, 2019
- NASDAQ, Fidelity Invest in New Cryptocurrency Exchange ... - January 9th, 2019
- Cryptocurrency News | Cryptocurrency News | Blockchain ... - January 9th, 2019