The universal law
The universal, immutable law of security is: if a thing can be accessed legally, it can also be accessed illegally.
I would add a corollary: this law is doubly true of any system that claims to be "unhackable".
A crypto-currency wallet heavily promoted as "unhackable" – complete with endorsements from the security industry's loopy old uncle John McAfee and a $350,000 bounty challenge – has, inevitably, been hacked within a week. The $120 Wi-Fi-connected Bitfi wallet is a hardware device that stores your crypto-coins and assets, and …
> if a thing can be accessed legally, it can also be accessed illegally.
It's your use of the word 'if' that's caught my attention. What would it take to make a physical object inaccessible to a well-resourced attacker? You might put it in a bank vault, but that means trusting the bank - and the state, since it's the police who prevent robbers with cutting equipment taking a leisurely week to attack the vault. You might put it in a safe, but that merely means that the item to be accessed is now a physical key - a physical object, which is just making the problem recursive. You could use a passcode on your safe - but beware shiny button syndrome or the micro camera in the wall behind you. And again, in a lawless state the attackers can take as long as they want to physically break the safe. You might bury it in the woods, but again that just means the attacker only needs information to access your precious item.
It's your use of the word 'if' that's caught my attention. What would it take to make a physical object inaccessible to a well-resourced attacker?
If they're dedicated to getting into your secure device specifically, then there's very little you can do.
But in most cases you don't have to outrun the bear, you just have to outrun the next person.
Enterprising young hacker should have rewritten the software on the xevive to publish the password when entered, copied the encrypted data, faked a hack with incorrect data, returned the device and claimed the prize.
No doubt John would have, to some fanfare on stage, entered the real password on the device to prove it was never hacked. Hacker gets sms with real password opens wallet, profits a cool quarter of a million.
Really? I am shocked that his endorsement of a product might be considered a plus that product based not just on the man himself but also on the concept of "endorsement for hire" like a certain sports and actor/actresses. I daresay any celebs endorsement is just about as valuable as the paper it's printed on.
at least he can blame mind altering substances for most of his tweets.
Quite possibly Trump could as well. One of his doctors prescribed him a medication that's basically an amphetamine back in 1982, and he took until "no later than 1990". It would explain a lot if he's still taking them, although even if he isn't, long term ampetamine use causes lasting damage to the body.
That is some BS article!
" The most obvious one: modifying the device so that it records and sends the key to a malicious third party. But this is excluded from the bounty. Why is this? Because the bounty is a sham."
Another title for you: "Unhackable device can be hacked if the hardware is modified, therefore it is worthless."
This is so stupid I have no words. What next? "Incredible: You can die of poisoning if healthy food is mixed with poison" ?
Hacking something with a "warranty is void if broken" sticker is infinitely harder than one without, maybe I should suggest that as a upgrade to the device, you can pick them up on ebay cheap enough, if they'd have skipped the endorsement and spent the money on stickers, they'd have a MUCH more secure device.
First of all, you're calling out the Register's article as 'BS', but using a quote from a completely different source: the article, in that section, is quoting what Andrew Tierney wrote elsewhere. You can call bullshit on Tierney's opinions (and you'd be wrong) but you can't call bullshit on El Reg, since they're just accurately reporting someone else's (relevant and informed) opinion on the story.
Secondly, and finally, you seem to think 'hacking' is exclusively about using code to manipulate factory standard kit. Social engineering, bugs/key loggers, rubber duckies, etc etc are presumably not 'hacks' in your world, since they don't fit your absurdly narrow requirements that hacks use only stock hard/soft ware. You'd presumably also argue that even software exploits aren't technically vulnerabilities, because people aren't supposed to use software that way. God help anyone who relies on you for tech/security advice.
I still don't buy this definition of "hackable' (even though most people are not with me here; that's fine).
So if this device was sold with all electronics encased in a solid block of black epoxy, suddenly it would be the bee's knees?
Not trying to be smart (and you would say there is no chance of that happening), but I wish all "hackable" devices required modifying the hardware to gain access, like this one apparently does. I happily would settle for that for now.
What next? "Incredible: You can die of poisoning if healthy food is mixed with poison" ?
You can see that, yet you fail to see the stupidity of a food producer who sells loose items of food while claiming that their product cannot be poisoned. Planting malicious code that transmits passwords to a 3rd party is an extremely common method that hackers use to gain unauthorised access. If I can plant a backdoor in a device by gaining physical possession of it for a few minutes, then it cannot possibly be described as "unhackable." At the *very* least the case should be made such that it would be obvious if someone had opened it.
Android sits at both ends of the security scale. Run-of-the-mill unhardened Android like this (and 99.9% of consumer Android devices) offer next to no security. On the other hand, some of the most secure comms handsets also run android - albeit properly hardened and probably unrecognisable to the layperson.
If this device "holds" your digital stash, then to have it stolen means you lose your imaginary money.
The only operation that a bad person needs to perform in order to profit from this is to steal someone's Bitfi and send a ransom note to the owner.
Sometimes the "old fashioned" methods are the most effective.
Stealing the device physically and demanding a ransom isn't hacking. A device with substantial hacking resistance still can be worthwhile to have.
On the other hand, if this was just a cellphone and someone stole it, it would typically be findable remotely.
iPhone has that feature; I understand it also is fussy about interference with its internal parts. I don't have one, but it seems to me that an iPhone is a better one of what this is, than this is.
... you lose your imaginary money.
It is no more imaginary than the bits of coloured paper or plastic in your wallet, or the magnetic ones and zeros on the HDDs of your bank's computer. Earlier this year I enjoyed a very nice holiday in a distant and exotic land paid for entirely by what you are calling "imaginary money"
I didn't count breathing air as it is (for the most part) too freely available on Earth to charge for (though people still manage, to a small degree, I realise, and if we can just pollute enough of it we can make it even more monetisable!).
Potable water can, however, be valuable too. I missed that one!
"There is software present that allegedly and potentially collects personal information, tracks the whereabouts of the device, and beams it off to Baidu and Adups servers in China. "
Why is it sending data there?
"And, yes, inevitably, you can gain root access to the device to reprogram it."
Pretty poor security by design
Such a device should ideally accept two pass phrases - one opens up your whole wallet as standard. A second passcode that you can enter when under duress will open it to reveal the equivilent of just $12.
It's the digital equivilent if carrying a second wallet with a fiver and old library card to give to muggers.
"Such a device should ideally accept two pass phrases - one opens up your whole wallet as standard. A second passcode that you can enter when under duress will open it to reveal the equivilent of just $12."
But someone who knows about duress codes would just shake you down more for, "Now the OTHER code!" Duress codes are counterproductive in that sense since once you know they exist, you assume they exist and keep torturing even if they don't exist.
And the best counter to the wrench is to either be a masochist or a wimp...and an orphan. Either way, the wrench doesn't make you cough up (you LIKE it if you're the former, you faint if the latter), and if you're an orphan, there's no family to duress you.
But someone who knows about duress codes would just shake you down more for, "Now the OTHER code!"
"It doesn't have one"
"Enter the OTHER CODE"
"It doesn't have one, but if you insist". Enters the access code backwards, which wipes the unit (at that point you should consider the device irretrievably lost/inaccessible to you anyway).
"See, it's empty. Here, you can have it"
"It doesn't have one, but if you insist". Enters the access code backwards, which wipes the unit (at that point you should consider the device irretrievably lost/inaccessible to you anyway)."
At which point you'really shot for being expendable and a prick since you'd be doing something he'd ALSO know about and warn against.
Given that cryptocurrency wallets are open to all to view - only the most idiotic physical attackers would not check the wallet's contents.
A physical attacker going after a cryptocurrency wallet is almost certainly knowledgeable about what he's going after.
The 2 codes presumes an attacker who is randomly selecting victims *and* just barely cognizant of cryptocurrencies and technology. Or in other words, a straw man attacker.
I will also add that cryptocurrency wallets are delightful from a physical attacker point of view in that they combine the hostage and the ransom all in one. No more messy negotiating with 3rd parties.
I would be very nervous if I held any significant amount of cryptocurrency in a nation with kidnapping for profit...
Given that cryptocurrency wallets are open to all to view - only the most idiotic physical attackers would not check the wallet's contents. <...> I would be very nervous if I held any significant amount of cryptocurrency in a nation with kidnapping for profit..."
Yes, you can easily find out how much cryptocurrency a wallet with a certain ID holds. But how do you find out who owns that wallet? And how do you find out the ID of a wallet a particular person has? If you were to buy something from me using BTC, I would create a new wallet and transfer the amount you want into that wallet before transferring it to you. You can trace both transactions, but for all you know the fat wallet belongs to a BTC vendor that I bought the BTC from to pay you.
Surely we all know there is no such thing as "perfect" security (or "perfect" anything), and that phrases like "100% unhackable" are doomed to disproof. In IT, effective performers have long since learned that striving for perfection is to waste time, when in truth all we should ever have aimed for is "good enough". Thus knowing "what good looks like" is an important ability—and, by the bye, is vital for both customer and developer.
Security is no different. There is no Perfect. There are only the trade-offs of money, time and expertise invested in protecting stuff, versus the consequences of its compromise, all stacked against the capability and intent of potential adversaries.
Example: You've got a good, solid garden shed. Breaking through its doors or windows would cause so much noise that the potential burglar would be discovered and arrested. The only way in, then, is through the padlocked door. You've used security heads and decent fixings, so the burglar has to open or destroy the lock. That's his only option. Let's assume that with a glance through the window, the burglar can quickly assess the value and desirability of what's inside.
Now if the shed contains tatty old gardening equipment and a 10-year-old mower and rusty tools, you may fit a cheap padlock that acts as a visible deterrent. For the sake of dragging away a heavy old mower he'd only get £20 for, the burglar simply can't be bothered to spend fifteen minutes hacksawing off the lock. There are better pickings along the street. Move on.
Suppose instead you have a brand-new beautiful titanium and carbon fibre top-end mountain bike worth £10k in there. Now you're gonna think harder, and spend some time finding a better padlock. One of the things you'll consider is "How difficult will it be to break this lock?" which also amounts "How long would it take?" You cannot buy a perfectly unbreakable lock. But you can find one which, for a price, would take a long, long time, special tools and great effort to bust through. Our friend the burglar may now by much more motivated to get into the shed, and he may come back with a serious set of bolt cutters (thus, intent and capability are both markedly greater) ... but if he's still chopping away futilely at sunrise, your "good enough" security has done its job.
In fact, all security is like this. There is no absolute unbreakability, but we can invest in a level of difficulty which is appropriate to the value of the asset and the capability and intent of adversaries. If you're using an encryption scheme with larger key sizes, for example, you are not guaranteeing that your messages will never be broken, but you are ensuring that they'll remain secret for, say, 50 years. (Notwithstanding quantum possibilities, which are driving some paranoid agencies to deploy high-tech one-time pads again.)
The Bitfi trips over its silly and unrealistic claims, proving once again that marketurds are awful liars. It would have done better to emphasise why its security made the product a better option—but not claim a perfect one. Possibly the tsunami of scorn would have been averted.
"In fact, all security is like this. There is no absolute unbreakability, but we can invest in a level of difficulty which is appropriate to the value of the asset and the capability and intent of adversaries. If you're using an encryption scheme with larger key sizes, for example, you are not guaranteeing that your messages will never be broken, but you are ensuring that they'll remain secret for, say, 50 years. (Notwithstanding quantum possibilities, which are driving some paranoid agencies to deploy high-tech one-time pads again.)"
But the problem with your idea is that cryptographic warfare can easily get VERY asymmetric. Like you said, what if the US actually has a working quantum computer hidden under its data center in Utah? Then most every encryption out there is already broken wider than open, and practically all the post-quantum algorithms out there have weaknesses that can be exploited to break them. Even the one-time pad is not immune. You simply have to take your quarry by surprise and they won't have a chance to destroy the pad before it's used up, Even if they do, you've disrupted their communication channel, meaning they have to get another, opening up avenues for interception and doubling.
In the end, cryptographic warfare is a lot like a siege. You can only hold out for so long. Problem is, many of your adversaries are either patient enough to wait you out or resourceful enough to overwhelm you.
"In the end, cryptographic warfare is a lot like a siege. You can only hold out for so long"
This is a key point that escapes a lot of people. The proper use and expectation of cryptography isn't that your encrypted data can never be cracked. It's that it should take enough time and money to crack it that by the time that happens, the data is no longer useful.
"The Bitfi bods were also lampooned for claiming, publicly, that their device doesn't have any storage, prompting people to post images of the actual chip within the device that, you know, stores the firmware."
Forget needing pictures of the chip, the entire point of the device is to store your pretend money. Claiming it doesn't have any storage is literally stating that it's incapable of doing the only job it's supposed to.
1) Create super cheap device using off the shelf parts, enabling high margins with minimal design costs
2) Announce to the world that it is unhackable, challenging security professionals to hack it
3) Sell hundreds of them to security researchers who want in on the bounty, plus probably thousands more to amateurs or fools from the publicity
4) Close up shop after the sales dry up, no more company means no payouts need be made
"However, if such a weakness is discovered, we already have a patch to fix it"
How would you have a patch for it if it doesn't exist? If it does exist, roll out the patch. If it doesn't, stop claiming you've got a patch for it.
Surely these people are aware how absurd their claims are - they must basically just be going after the bottom 10% of the market in the hope of making a little profit on the few devices they ship. Morally not dissimilar to a 419 scam.
""At this time, we have no evidence whatsoever that the claims being made by these individuals are true," Khesin added. "However, if such a weakness is discovered, we already have a patch to fix it so that it would become impossible to do indefinitely."
We're told Bitfi will only deploy the patch if the bounty is claimed."
So you have an awesome security patch... and you are a security based operation... yet you don't release it?
Oh wait, there is no software on the device so using the same magic by which the device is running, the patch will appear magically when it's needed and will block the evil wizards from getting their filthy hands on their money.
More marketing bull and professional amateurism if you ask me.
I think we'll hear about this company again very soon, either because they are being sued or have gone bankrupt.
"At this time, we have no evidence whatsoever that the claims being made by these individuals are true," Khesin added. "However, if such a weakness is discovered, we already have a patch to fix it so that it would become impossible to do indefinitely."
The bug doesn't exist, but we've already fixed it.
All right, then.
Biting the hand that feeds IT © 1998–2019