Tampering with Physical Bitcoins

(thanks for the tip, you know who you are)

Yeah, turns out trusting basic tamper proofing methods are a Bad Idea when the target market is hackers.

Those “physical bitcoins,” where the integrity of the Bitcoin connected with a given physical coin is assured by a tamper-proof holographic seal covering the private key?

Most “tamper proof” things aren’t, and this one is no exception. Armed with only a syringe of “non-polar solvent” that happens to work on many tamper evident adhesives, a researcher pulled off the seal without leaving any marks, and then resealed it.

(The photos show them using a stereo microscope, which not everyone has. Even if they are bleedingly useful, I feel like you could re-engineer this attack so it would take less equipment.)

Let’s look at this conceptually, and it becomes clear why physical bitcoins (at least this implementation) aren’t so smart.

With a regular Bitcoin, you have some set of potential failure modes associated with crypto/computers are fundamentally insecure/etc.

With a physical Bitcoin, you have that set plus all the failure modes of keeping a physical object sure, plus the failure modes associated with the bridge between the two.

Both crypto/computer security and physical security are “more or less” understood. But the bridge between the two — in this case, the tamper proofing — is rife for exploitation.

As it happens, tampering with the tamper-proof is a fascinating field that hasn’t been explored all that thoroughly in public. (I’ve mentioned before my ideas of tamper-proof seals — using photographs of fabric that must be physically moved to allow tampering, or using interference patterns.)

In this case, we don’t even know what the solvent in question was. My guess is chloroform, but it’s just a guess.

(note the reddit piece has some corrections to the article)

http://www.reddit.com/r/Bitcoin/comments/1jouqt/casascius_physical_bitcoins_cracked_at_defcon/ http://codinginmysleep.com/casascius-physical-bitcoins-cracked-at-defcon/

“. Defcon researchers Stits and Datagram tried their hand at the physical Bitcoin on Saturday afternoon and it took them roughly 10 minutes to recover the private key and the researchers say that with practice it could probably be breeched in 1 to 2 minutes.

I’d never touched one before and the first chemical I picked worked. -Datagram

The methodology consisted of using a hypodermic needle to carefully inject tiny quantities of what the researchers will only refer to as a “non-polar solvent” between the holographic security sticker and the brass coin itself. After the solvent weakened or entirely dissolved the adhesive they were able to peel back the holographic foil and access the private key beneath. The sticker was then trivially replaced, though Stits felt that using a secondary adhesive might be necessary since little of the original adhesive was left.

The re-assembled coin bore only a tiny mark at the edge of the foil where the needle was first inserted, a mark which could be easily mistaken for slight wear and tear, perhaps from being carried in a pocket with other coins. Stits indicated that with practice even this small mark could be avoided and suggested that next time he’d like to try submerging or fuming the coin in the solvent and simply allowing the foil to fall off without a scratch.

As for improving the security of new coins, a number of suggestions were tossed about. Within minutes of defeating the coin, their creator was on the phone with the tampering team discussing ways to mitigate the threat. Multiple layers of holo foil, scoring the sticker and even melting the edges of the plastic and brass together were discussed. At this time it is unknown what steps will actually be taken, but certainly something must be done.

While the “non-polar solvent” used was not specified, there are only a dozen or so known non-polar solvents and such solvents are rather common and easily obtained – toluene, for example, is commonly sold as paint thinner and hexane is an extremely common solvent often used in the food manufacture industry. Stits and Datagram have indicated that they’d love to try their hands at the more expensive silver rounds and that they expect the softer, less reactive noble metal to be even easier to work with than the cheaper brass.”

%d bloggers like this: