Considering using an old computer or smartphone as cold wallet rather than placing your trust in a third party’s hardware wallet? Research suggests you may want to think twice, as air-gapped computers and smartphones are rife with vulnerabilities that a hacker can exploit to get at your private keys. This article will explain why repurposing your old device just can’t substitute for using a professional hardware wallet.
Air-Gapped Computers as Cold Wallets
Storing private keys on an offline device, particularly with computers, is a cold storage solution that has been around for a long time. In his report Beatcoin: Leaking Private Keys from Air-Gapped Cryptocurrency Wallets, Dr. Mordechai Guri demonstrates just how unsafe this practice is. His work outlines how private keys can be stolen from an air-gapped computer in three steps:
- A virus infiltrates the air-gapped computer, most commonly through USB.
- The virus takes control and sends instructions to a specific component of the computer.
- The virus leverages its control over the component to exfiltrate (export) the private keys.
Dr. Guri’s major finding was in the number of ways steps 2 and 3 could be accomplished once a virus has infiltrated a device. His research is particularly relevant to personal computers as they are multifunctional devices with numerous components that have emissions of one sort or another. Dr. Guri described ingenious yet realistic ways to exploit these emissions, some of which you wouldn’t believe:
- Virus takes control of the computer fan to exfiltrate information through sound;
- Virus manipulates hard disk drive noise to exfiltrate information;
- Virus causes the air-gapped computer to output radio signals generated by the computer’s electromagnetism;
- And in the most alarming example, a virus was even able to use ultrasonic waves to output the private key information stored on an air-gapped computers and air-gapped Raspberry Pis.
Dr. Guri’s team demonstrated how these outputs — whether they be light, sound, or radio signal emissions — can be picked up and converted by nearby devices to exfiltrate private keys.
Private keys can escape from air-gapped computers through covert channels such as ultrasonic waves.
The only question Dr. Guri’s findings seem to leave to the imagination is, How easy is it to actually install malware on an air-gapped computer? To the untrained observer, it may seem fairly improbable that a virus can be transmitted to a device that isn’t connected to the internet. However, all cold wallets need some means of connecting to the network to execute transactions or download operating system or wallet software. With air-gapped computers, data transmission usually happens by USB.
USB data transmissions are notoriously vulnerable. To take an example anyone can appreciate the severity of, in 2008, a USB drive left in the parking lot of a Middle East US military base succeeded in installing a software virus on the Department of Defense’s internal network. Having the appearance of being lost, the USB was picked up by a Department of Defense employee who unwittingly allowed the virus agent.btz to infiltrate a laptop attached to the United States Central Command. Pentagon IT security personnel spent 14 months trying to rid the network of all traces of the virus.
Many crypto enthusiasts use USB drives to transmit their transaction information in and out of air-gapped computers. Not only is this practice unsafe, but it’s particularly inviting to hackers because of the large attack surface on a computer.
The dangers to air-gapped computers don’t stop there for users of third-party operating system or wallet software. In an example of how even software downloaded from trusted official pages can carry its own risk, hackers in 2016 replaced the Linux Mint download icon with their own backdoor program. In the same way everyone who clicked the malware link inserted on the Linux Mint download page was affected, a virus can infiltrate an air-gapped computer in the form of “trusted” software.
Android Devices as Cold Wallets
We’ve pointed out the various reasons why offline computers cannot be considered truly air-gapped. But what about smartphones, which have no fans or mechanical hard drives?
Let’s first take a look at Android phones. Android phones rely on TrustZone for security (let’s take it for granted that private keys are actually being stored in TrustZone, although there have been known to be incidences where unscrupulous vendors weren’t doing so). Demonstrations of leaking private keys through side-channel attacks show that TrustZone can be quite vulnerable. This means that if an attacker gains physical access to an air-gapped Android, they can steal its private keys through complex but practically achievable methods. Android chip manufacturers can release patches once zero-day attacks are discovered, but Android device makers then need to pass them on to users, which they sometimes don’t agree to doing.
iPhones as Cold Wallets
iPhones use something called the Secure Enclave, which can be understood as a Secure Element embedded in the main processor. As the likeness in name suggests, Apple’s Secure Enclave pioneered the use of Secure Elements in smartphones. The Secure Enclave is capable of performing pretty much every function of a Secure Element including true random number generation (TRGN) and even shares most of its physical properties.
Despite what the Secure Enclave is capable of, it’s completely useless for cryptocurrencies because Apple has complete custodianship of the private keys and does not open their use up to any other party. Not only is Secure Enclave based on secp256r1 elliptic curve encryption while Bitcoin uses secp256k1, but even if Secure Enclave supported secp256k1, Apple doesn’t provide an API for extracting private keys or the recovery seed.
Because you cannot use the Secure Enclave for anything other than Apple ecosystem functions, you need a third-party app to use an iPhone as a cold wallet. The fact that transaction signing and private key storage then have to happen on the iOS level and not within the Secure Element represents an incomparable difference in terms of security. Private keys stored on the iOS level are an easier target for the side-channel attacks described above as possible on TrustZone. Furthermore, as all random number generation on wallet apps is algorithm-based, you’ll end up with a pseudorandom rather than true random number for your recovery seed.
While an iPhone has a smaller attack surface than a computer and does not use USB data transmissions, it isn’t much safer because Secure Enclave can’t perform transaction signing and private key storage in a secure environment or TRGN in a way that is recoverable. Even if Apple was to add support for secp256k1, you would lose all your assets if anything happened to the iPhone. Neither will Apple’s release of CryptoKit signify a change for cold storage — here “Crypto” refers to cryptography, not cryptocurrency.
Keeping it Simple
Hardware wallets are minimalistic devices with drastically reduced attack surfaces. While air-gapped smartphones are somewhat safer than air-gapped computers, don’t be lulled into a false sense of security by the tradition of using either. If you’re truly interested in securing your assets, you should only be looking at hardware wallets with a Secure Element. To learn more about how we go even further in minimizing the possibility of attack, read on about how the transparency of the Cobo Vault’s QR code transmissions.