U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

BeatCoin – Researchers demonstrate how to steal Cold Wallet Keys from Air-Gapped PCs

Israeli researchers presented their new research named BeatCoin, it is an experiment wherein they demonstrate how to steal private keys for a cryptocurrency wallet installed on cold storage. How to protect cryptocurrency wallets? Many experts will tell you to store them in air-gapped networks, but let me remind you to check if Ben Gurion experts are far from […]

BeatCoin – Researchers demonstrate how to steal Cold Wallet Keys from Air-Gapped PCs

Israeli researchers presented their new research named BeatCoin, it is an experiment wherein they demonstrate how to steal private keys for a cryptocurrency wallet installed on cold storage.

How to protect cryptocurrency wallets? Many experts will tell you to store them in air-gapped networks, but let me remind you to check if Ben Gurion experts are far from it.

Yes, I’m not joking, a group of researchers at Israel’s Ben Gurion University lead by

Dr. Mordechai Guri presented their new research named BeatCoin, it is an experiment wherein the experts demonstrate how to steal private keys for a cryptocurrency wallet installed on cold storage, preferably an air-gapped computer or a Raspberry Pi.

The air-gapped (cold) wallets are software wallets that stored on air-gapped PC, thus are more secure compared to hot wallets, which are always online.

For BeatCoin research, the Israeli team developed a malware that was installed on an air-gapped computer that runs a Bitcoin wallet software and then used it to transmit the wallet keys to a nearby device over covert channels.

Past studies conducted by Mordechai Guri and his team demonstrated that it is possible to exfiltrate data from air-gapped networks in various ways, including, soundheatlight, electromagnetic, magnetic, infrared, and ultrasonic waves.

Once obtained the private keys, the attacker has full control over the victim’s cryptocurrency wallet.

“In this paper we show how private keys can be exfiltrated from air-gapped wallets. In the adversarial attack model, the attacker infiltrates the offline wallet, infecting it with malicious code.” reads the research paper.

“The malware can be preinstalled or pushed in during the initial installation of the wallet, or it can infect the system when removable media (e.g., USB flash drive) is inserted into the wallet’s computer in order to sign a transaction.”

For BeatCoin research, the Israeli team developed a malware that was installed on an air-gapped computer that runs a Bitcoin wallet software and then used it to transmit the wallet keys to a nearby device over covert channels.

BeatCoin Cold Wallet

Past studies conducted by Mordechai Guri and his team demonstrated that it is possible to exfiltrate data from air-gapped networks in various ways, including, sound, electromagnetic, heatlight, magnetic, infrared, and ultrasonic waves.

Once in the possession of the private keys, the attacker has full control over the cryptocurrency in the compromised wallet.

The researchers published two videos to demonstrate the attack techniques, the first one shows exfiltration of private keys from an air-gapped computer to a nearby smartphone using ultrasonic waves.

The second video shows the researchers transmitting private keys stored on a Raspberry Pi device to the nearby smartphone using the RadIoT attack (radio signals data exfiltration).

The experts also provided countermeasures to prevent such kind of attack, including the adoption of anti-malware software and intrusion detection and prevention systems.

“However, with the emergence of cryptocurrencies (e.g., bitcoin) and the accompanying need to secure private keys from online threats, it has been suggested that private users manage their cryptocurrency wallets offline in isolated, air-gapped computers” concluded the experts.

“We show that despite the high degree of isolation of cold wallets, motivated attackers can steal the private keys out of the air-gapped wallets. With the private keys in hand, an attacker virtually owns all of the currency in the wallet.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Cold Wallets, BeatCoin)

[adrotate banner=”5″]

[adrotate banner=”13″]