BeatCoin Shows How To Steal Private Keys For Cold-Storage Crypto Wallet
Most experts encourage protection of cryptocurrency wallets through storing them in Air-gapped networks. Air-gapped networks are software wallets that are stored on an air-gapped PC, making it more secure when compared to hot wallets that are always online. The PC is not connected to any other device in order prevents sensitive data from leaking.
However, how secure are they? A group of Israeli researchers from Israel’s Ben Gurion University led by Dr. Mordechai Guri has just proven that cold storage of cryptocurrency wallets is not as secure as we might have thought.
BeatCoin Shows How To Steal Private Keys
Through their new research known as BeatCoin, they demonstrate how to steal private keys for a cryptocurrency wallet that has been installed on a cold storage on an air-gapped computer or a Raspberry Pi.
The group first developed a malware, which they installed on an air-gapped computer that runs bitcoin wallet software in order to infiltrate the wallet. The malware can be preinstalled or can be pushed in when the wallet is being installed. A removable media such as USB flash drive can also infect the system when it is inserted into the wallet’s computer in order to sign a transaction.
They then used the malware to transmit the wallet keys to a nearby device such as a smartphone over covert channels. Once the private keys have been obtained, the attacker can control the victim’s cryptocurrency wallet.
In his previous research, Dr. Mordechai Guri has been able demonstrate the possibility of obtaining data from air-gapped networks through techniques such sound from hard drives, radio signals from a PC’s video card, heat, ultrasonic waves, electromagnetic emission from USB devices, and infrared from surveillance cameras.
“In this paper we show how private keys can be exfiltrated from air-gapped wallets. In the adversarial attack model, the attacker infiltrates the offline wallet, infecting it with malicious code. The malware can be preinstalled or pushed in during the initial installation of the wallet, or it can infect the system when removable media (e.g., USB flash drive) is inserted into the wallet’s computer in order to sign a transaction,” part of the research paper reads.
The researchers provided two videos demonstrating the attack techniques. The first video illustrates how to exfiltrate the private keys from an air-gapped computer and then use ultrasonic waves to transfer them to a nearby smartphone in seconds. The second video illustrates how to transmit private keys that are stored on a Raspberry Pi device to a smartphone that is nearby using radio signals data exfiltration.
The Need For Extra Security
The group of researchers concluded by highlighting how the emergence of cryptocurrencies has borne the need to secure private keys from online threats or attacks and the suggested method to do this is through users managing their offline cryptocurrency wallets in isolated air-gapped computers.
They also highlighted how despite the high degree of isolation of cold wallets it is still possible for attackers to steal the private keys out of their air-gapped wallets. The attacker virtually owns all of the currency in the wallet by owning the private keys.
To protect themselves from such attacks users should continue to store their keys in cold wallets however they should implement measures recommended by the team. The measures included adopting anti-malware software and installation of intrusion detection and prevention systems. Additional measures include keeping the cold wallets (like the Ledger Wallet) away from receivers such as smartphones and cameras.