I thought this was a super interesting article, but mostly because of the research behind it. Researchers have managed to exfiltrate private keys off of two different airgapped systems, but this will focus on the Raspberry Pi.
Often, Raspberry Pis are used while airgapped (not connected to any other devices) to store private keys. This works in the following steps to sign a transaction:
- Generate the transaction, either on airgapped or not, that you're going to sign.
- If it was generated on a different system, put the transaction file on a USB and on the airgapped system.
- Sign the transaction with your private key on the airgapped system.
- Return the signed transaction to a connected device using a USB.
- Broadcast the transaction.
As you can tell from the steps, at no point is the private key on a system connected to the internet. This makes it nigh impossible to get the private key as an attacker. However, researchers have managed to do just that.
As seen in the photo (of my Raspberry Pi 3), there's a lot going on if you don't know about it. But here, the main part to notice is the 30 pins on the top left of it. These are general purpose input/output pins, used to connect to whatever you want to (an LED, sensors, etc.). These are what make the RPI so great, because it's modular based on what tools you have. I even have a touchscreen I can set up with mine.
But anyways, the researchers found a way to get your private key from an RPI using the GPIO pins. However, the RPI and another nearby device (a phone in the experiment) have to already be compromised my malware for this to occur, so you're probably safe if it's always been airgapped since there's no way to get malware onto it! I thought the process they used was really cool though. Basically, they use the GPIO pins to produce a radio signal, that is picked up by the other compromised device, and sends the private key to it. While this wouldn't work for stealing, say, a country's secrets, it works perfectly for a 256 bit Bitcoin private key as seen in the experiment. And that's basically all they did.
Here's why I think it's cool though: I had all the knowledge necessary to figure out that you could produce a radio signal using GPIO pins (physics, EM stuff really). I probably would've never thought it up though, and they've done this multiple times. My all-time favorite has to be listening to the hard drive though, because that is possibly one of the most inane and impossible tasks I can imagine, listening to an HDD, and figuring out what means what, even using a program to help you out.
That's it for this, I just thought it was super cool and wanted to share.
Cheers, thanks for reading! If you like my tools and content and would like to see more, Vote for me as witness or proxy your votes and I'll pick the best witnesses for you!
My Projects
Pywit- A witness tool-kit built in Python on top of Holger80's Beempy.