LL-Cosmo
commented
3 years ago This is just opening for this bounty by little help to understand about airgapped devices vulnerabilities
Closed LL-Cosmo closed 2 years ago
LL-Cosmo
commented
3 years ago This is just opening for this bounty by little help to understand about airgapped devices vulnerabilities
jaekwon
commented
3 years ago Thank you, the plan is to detail how to mitigate these risks.
An air-gapped computer is often heralded as an impervious defense to an online attack, but is that really true? Is there some way that a hacker from outside can infiltrate an air-gapped network? All cold wallets need some means of connecting to the network to execute transactions or download operating system or wallet software. With air-gapped computers, data transmission usually happens by USB.
Possible scenarios:
A virus infiltrates the air-gapped computer, most commonly through infected USB.
The virus takes control and sends instructions to a specific component of the computer
The virus leverages its control over the component to exfiltrate (export) the private keys
Side channel attacks
Not common but possible:
-Virus takes control of the computer fan to exfiltrate information through sound
-Virus manipulates hard disk drive noise to exfiltrate information
-Virus causes the air-gapped computer to output radio signals generated by the computer’s electromagnetism
-And in the most alarming example, a virus was even able to use ultrasonic waves to output the private key information stored on an air-gapped computers and air-gapped Raspberry Pis
The dangers to air-gapped computers don’t stop there for users of third-party operating system or wallet software. In an example of how even software downloaded from trusted official pages can carry its own risk, hackers in 2016 replaced the official Linux Mint download icon with their own backdoor program. Just as this malware link affected everyone who clicked where it was inserted on the Linux Mint download page, a virus can infiltrate an air-gapped computer in the form of “trusted” software.
Android Devices as Cold Wallets:
Above pointed out the various reasons why offline computers cannot be considered truly air-gapped. But what about smartphones, which have no fans or mechanical hard drives?
Let’s first take a look at Android phones. Android phones rely on TrustZone for security (Let’s take it for granted that private keys are actually being stored in TrustZone, although there have been known to be incidents where unscrupulous vendors weren’t doing so). Demonstrations of leaking private keys through side-channel attacks show that TrustZone can be quite vulnerable. This means that if an attacker gains physical access to an air-gapped Android, they can steal its private keys through complex but practically achievable methods. Android chip manufacturers can release patches once zero-day attacks are discovered, but Android device makers then need to pass them on to users, which they sometimes don’t agree to do.
iPhones as Cold Wallets:
iPhones use something called the Secure Enclave, which can be understood as a Secure Element embedded in the main processor. As the likeness in name suggests, Apple’s Secure Enclave pioneered the use of Secure Elements in smartphones. The Secure Enclave is capable of performing pretty much every function of a Secure Element including true random number generation (TRGN) and even shares most of its physical properties
Despite what the Secure Enclave is capable of, it’s completely useless for cryptocurrencies because Apple has total custodianship of the private keys and does not open their use up to any other party. Not only is Secure Enclave based on secp256r1 elliptic curve encryption while Bitcoin uses secp256k1, but even if Secure Enclave supported secp256k1, Apple doesn’t provide an API for extracting private keys or the recovery seed
Because you cannot use the Secure Enclave for anything other than Apple ecosystem functions, you need a third-party app to use an iPhone as a cold wallet. The fact that transaction signing and private key storage then have to happen on the iOS level and not within the Secure Element represents an incomparable difference in terms of security. Private keys stored on the iOS level are an easier target for the side-channel attacks described above as possible on TrustZone. Furthermore, as all random number generation on wallet apps is algorithm-based, you’ll end up with a pseudorandom rather than true random number for your recovery seed
While an iPhone has a smaller attack surface than a computer and does not use USB data transmissions, it isn’t much safer because Secure Enclave can’t perform transaction signing and private key storage in a secure environment or TRGN in a way that is recoverable. Even if Apple were to add support for secp256k1, you would not be able to backup your wallet if anything happened to the iPhone. Neither will Apple’s release of CryptoKit signify a change for cold storage.
Sum-up: Hardware wallets are minimalistic devices with drastically reduced attack surfaces. While air-gapped smartphones are somewhat safer than air-gapped computers, don’t be lulled into a false sense of security by the tradition of using either. If you’re truly interested in securing your assets, you should only be looking at hardware wallets with a Secure Element.