Hacker News

Stealing Bitcoin Wallet Keys From Air-Gapped Computers (Cold Storage)

steal-bitcoin-keys

A team of security researchers at Israel’s Ben Gurion University, who previously demonstrated various methods to steal data from an air-gapped computer, has now published new research called “BeatCoin.”

BeatCoin is not a new hacking technique; instead, an experiment wherein researchers demonstrate how all previously discovered out-of-band communication methods can be used to steal private keys for a cold cryptocurrency wallet installed on an air-gapped computer.

For those unaware, keeping your cryptocurrency in a device which is entirely offline is called cold storage. Since online digital wallets carry different security risks, some people prefer keeping their private key offline.

Whereas, air-gapped computers are those that are isolated from the Internet, local networks, Bluetooth and therefore, are believed to be the most secure devices that are difficult to infiltrate or exfiltrate.

If you are new to this topic, we recommend reading our previous articles, detailing how highly-motivated attackers can use specially designed malware to exfiltrate data from an air-gapped computer via light, sound, heat, electromagnetic, magnetic, infrared, and ultrasonic waves.

air-gapped-computer-hacking

For BeatCoin experiment, researchers deployed their malware on an air-gapped computer that runs a Bitcoin wallet application and then performed each attack vector one-by-one to transmit the wallet keys to a nearby device over the covert channels.

“In the adversarial attack model, the attacker infiltrates the offline wallet, infecting it with malicious code. The malware can be pre-installed or pushed in during the initial installation of the wallet, or it can infect the system when removable media (e.g., USB flash drive) is inserted into the wallet’s computer in order to sign a transaction. These attack vectors have repeatedly been proven feasible in the last decade.” paper reads.

The results show that AirHopper, MOSQUITO, and Ultrasonic techniques are the fastest way to transmit a 256-bit private key to a remote receiver, whereas, Diskfiltraition and Fansmitter methods takes minutes.

Researchers have also shared two demonstration videos, where the first video shows how to steal private keys using ultrasonic waves within seconds.

[embedded content]

And in the second video researchers transmitted private keys stored on a Raspberry PI device to the nearby smartphone using the RadIoT attack, i.e., a technique to exfiltrate data from air-gapped internet-of-things (IoT) and embedded devices via radio signals.

[embedded content]

“The radio signals – generated from various buses and general-purpose input/output (GPIO) pins of the embedded devices – can be modulated with binary data. In this case, the transmissions can be received by an AM or FM receiver located nearby the device.”

In their last research, published earlier this month, researchers also showed how hackers could also use power fluctuations in the current flow “propagated through the power lines” to covertly exfiltrate highly sensitive data out of an air gapped-computer.

Similar Posts: