Air gapped devices: the safest option for cold storage

11 replies 515 views
im_altSenior Member
Posts: 130 · Reputation: 817
#1Aug 21, 2024, 05:56 AM
I've come across the idea that using air gapped devices for cold storage is one of the best ways to keep your bitcoin safe from malware, phishing, and keyloggers targeting your private keys. Sounds pretty solid, but I’ve got some questions. Are we really sure there’s no malware that can target QR codes? I mean, sending the PSBT to the offline device via QR code seems risky. Also, I've seen instances where malware can infect SD cards. If you keep reusing the same SD card, isn't that a potential issue? That's what’s making me skeptical.
5 Reply Quote Share
leo.wolfHero Member
Posts: 540 · Reputation: 2813
#2Aug 21, 2024, 11:45 AM
Firstly there is no one that say there is no malware on QR code, most malware’s coming from QR codes are actually either from the software that it was generated from (that’s why generating your QR code using third party apps is total wrong) or the device that scans the QR code is infected such that it changes the address scanned from the code, and it’s reason why you need to actually verify the transaction yet again. But there are devices which actually gives you the QR code directly for your watch only wallet to derive and example is the Electrum wallet. Yes an SD card can be infected if you actually installed it into a corrupted online device that’s why if it is SD card you’re using use it with an adapter such that you lock and make it a read only or use a USB with read only switch too. But QR code still stands out if not generated by third party
0 Reply Quote Share
hash_bossLegendary
Posts: 1166 · Reputation: 5261
#3Aug 21, 2024, 05:59 PM
If the device used to create PSBT QR code is infected, theoretically the malware could replace the PSBT QR with their own PSBT which send Bitcoin to their address. On Linux, you also can mount external storage as read-only and disallow any running executable from it.
2 Reply Quote Share
john.cobraHero Member
Posts: 408 · Reputation: 2145
#4Aug 21, 2024, 09:43 PM
There is no setup that is completely bulletproof, so we probably cannot say that an air-gapped wallet is a 100% safe way of storing private keys and performing transactions. Honestly, I've always been curious about the possibility of hackers successfully attacking an air-gapped device through QR codes or even an SD card, but I think the chances of that happening are very small if the user knows where such threats come from. In other words, if someone has a habit of using pirated software, downloading multimedia from the internet and visiting suspicious websites, it is very likely that they will pick up something malicious, especially if they do not have any security software. Even then, most ordinary hardware wallets or air-gapped devices will be of great help to any careful user to recognize that something is not as it should be. Therefore, I would conclude that there is no better protection than using an air-gapped wallet with, of course, all the security measures that go along with it.
3 Reply Quote Share
silentchainHero Member
Posts: 473 · Reputation: 2317
#5Aug 22, 2024, 01:22 AM
If malware is already sitting on your device then malicious QR may instruct it to do some bad actions. If your device is clean then you are safe simply because any QR can not contain malware itself because on any existing standarts QR code is far too small to accomodate any meaningful executable. For instance, size of QR subjected to ISO/IEC 18004: ~3K of bytes is far too little to be taken seriously by malware developers.
0 Reply Quote Share
paul.stakeHero Member
Posts: 651 · Reputation: 3798
#6Aug 22, 2024, 04:37 AM
Your airgapped device will decode the QR code and read a PSBT. It will then show the PSBT to the hardware screen, so that you, manually, confirm it spends the correct inputs to the correct outputs. No, it cannot do anything malicious, considering the hardware device is not compromised and you verified the image that was installed in your airgapped device.
1 Reply Quote Share
hash_bossLegendary
Posts: 1166 · Reputation: 5261
#7Aug 22, 2024, 06:29 AM
In this case, i agree with you. But in different scenario where the device of QR scanner have internet access, 3KB is enough to either 1. Add link to phishing website. 2. Include script which download another bigger malicious script. But this require the QR scanner have security vulnerability to execute data of scanner QR code.
2 Reply Quote Share
im_apeHero Member
Posts: 629 · Reputation: 3824
#8Aug 22, 2024, 09:31 AM
Think of it this way, when you choose your wallet type you are eliminating vulnerabilities based on your choices. That way you narrow down all the ways you can lose your coins so that the remaining ways are no longer plausible. Then you can that "secure". For example when you choose an open source wallet compared to closed source, you are eliminating the possibility of running a possible malicious code that you are not aware of. It's the same with using air-gap device, you are eliminating possibility of easy access to your keys. Other that that, there will always be ways to gain access to your coins! Sometimes they are theoretical and crazy methods like the ones categorized as side-channel attacks (eg. measuring electromagnetic emission while your CPU is performing cryptographic computation). You see if you start thinking about all these theoretical ways like through QR code, you would be stepping into a rabbit hole that you may not want to enter...
4 Reply Quote Share
cipher42Full Member
Posts: 133 · Reputation: 682
#9Aug 22, 2024, 12:04 PM
If people want to store and secure their coins on an air-gap device, they must keep that device as air-gap forever. Because if they connect that device with the Internet, just one time, it will be no longer an airgap device and there will be risk of compromisation on that device which in turn can steal their coins stored in wallets on that device.
2 Reply Quote Share
satoshi_degenFull Member
Posts: 40 · Reputation: 375
#10Aug 22, 2024, 04:30 PM
Links or scripts would need to be opened/executed to do any harm. Of course a QR code app shouldn't to that automatically, if security is important.
1 Reply Quote Share
davealphaSenior Member
Posts: 257 · Reputation: 975
#11Aug 25, 2024, 03:20 AM
Air-gapped device is not 100% safe. In general, nothing is 100% safe or guaranteed. An air-gapped device has a risk of side-channel attacks. An air-gapped hardware wallet or a device leaks information physically (acoustic signature of the processing for example can be measured too), which means that an attracker with the right equipment can hack it. The thing is, a random, average person is not under such a threat and sleep without worrying.
3 Reply Quote Share
silentchainHero Member
Posts: 473 · Reputation: 2317
#12Aug 25, 2024, 07:59 AM
“acoustic signature” for QR code? That’s completely new to me. I understand that QR code workflow is more about network isolation than true shield for all threats  as attacks can still come from compromised companion apps or even from the supply chain. But the idea of  “acoustic signature” coming from  QR code really puzzled me. Could you elaborate a bit more on what you meant and how it’s relevant? Pertaining links would be appreciated. In return I’ll share good article that’s definitely worth reading: SoK: Design, Vulnerabilities, and Security Measures of Cryptocurrency Wallets.
3 Reply Quote Share

Related topics