Are air gapped crypto cold wallets safe or is it a myth? There seems to be a hot debate between the two types of wallets in the crypto world – the hot wallets and the cold wallets.
There are some users who say that there are nothing really called cold wallets that are considered to be secure but need manual processing of any transaction.
On the other hand, other users say that hot wallets allow making a large number of automatic transactions but are less secure.
However, the key argument for using a cold wallet is that it generates private keys on its own.
This sounds good but, unfortunately, it is not true. This is because it needs to obtain a string of automatically generated data which is created by the blockchain to make a crypto transaction.
It is absolutely necessary to use this random string to validate a signed transaction because without it the miner will not include the transaction into the blockchain and simply disregard it.
Then came the so called air gapped crypto cold wallets which claims to be much safer and more useful than the standard cold wallets.
Well, different types of claims can be made and that is a common practice of the manufacturers but how far these claims are true is for the consumers to decide.
Here are some facts that you should know about the air gapped assets and decide for yourself whether these cold wallets are really safe or is it just a myth that needs to be demystified.
Contents
Are Air Gapped Crypto Cold Wallets Safe or is It a Myth?
You can store your crypto coins either in a cold wallet or a hot wallet, both of which come with their respective pros and cons.
However, it is known that the cold wallets enable signing on transactions as well as managing crypto portfolios without needing to connect it to the internet. This keeps the private keys of the users safe from the reach of hackers.
This private key can be stored safely and well protected but whenever you want to buy, sell or transfer your crypto coins, you will have to connect your cold wallet to the internet to go online. Once you do so, your cold wallet is vulnerable to attacks.
This is because the hackers are very efficient and creative in cracking vectors on practically any computer that is connected to the internet.
Today, you will get those air gapped cold wallets that are considered to be much safer and more secure to use.
The air gap in these cold wallets acts as an impassable barrier that protects the digital currencies by placing them behind this physical barrier.
This air gap cannot be modified and therefore prevents any unauthorized access to it.
Today an air gap has become a norm and it is the minimum requirement in the security field to ensure a proper and foolproof cyber defense.
In fact, air gap is the mandatory aspect in a few specific segments such as in the critical infrastructure and military.
Even the cyber-insurance underwriters today need an air gap as a mandatory requirement to issue an insurance policy.
This physical separation created by the air gap and the fact that these cold wallets do not need to be connected to the internet makes these wallets a useful tool to use today for backup and restore.
Rightfully these are called the ‘offline backup’ or ‘offsite copy.’
Since the air gap cold wallets prevent modification and unauthorized access both at the same time, these wallets therefore overlap data protection and intrusion protection. However, these follow distinct security objectives.
This is an important and quite relevant distinction because there may be a few air gaps that can prevent a breach in the system while some others may be designed in such a way that they can defend your software and prevent any damages caused to the data.
There are some downsides of the physical air gaps however, just like any other product.
These are quite costly and are also pretty burdensome to manage.
Apart from that, these air gapped cold wallets usually are very slow in terms of Recovery Point Objectives or RPOs and Recovery Time Objectives or RTOs.
This is because you will need to transport data securely and manually across the air gap.
However, the modern air gap cold wallets are quite different from their earlier counterparts.
This is due to the continual development in the technology that helps them to deal much more efficiently with the threat environment which has also evolved at an equally rapid pace.
Therefore, over time the design of the air gap cold wallets has changed for the better to the extent that people are surrounded by some myths.
Most people believe that these physical air gaps are much better in comparison to the logical air gaps.
However, this is flat out wrong. Since the virtual world of crypto today is more distributed in nature, the logical air gaps are more suitable than the physical counterparts in terms of cyber security.
The Common User Misconceptions and Myths
There are also a few other common misconceptions among the crypto users and some myths surrounding the modern generation of air gapped cold wallets.
You will first need to understand the misconceptions of people in order to understand and demystify the myths. Here are a few of both of them.
Using HSM:
One of the most common misconceptions among the crypto users who use a more sophisticated HSM or Hardware Security Module that comes with its unique set of secured hardware is that these are extremely secure and no hacker in the world can reach them.
Yes, it is true that the HSMs are quite effective in physically securing the private keys but that is only when the crypto coins are simply lying there.
However, it will not be able to validate any transaction on the blockchain on its own.
Instead, it will simply respond to commands that are sent from the network that it is connected to.
This means that the hackers do not have to break into the HSM which is a very difficult task by itself. Instead, all they have to focus on is to compromise the system that is hosting that particular HSM which is a much easier and simpler task for any hacker.
Therefore, the moment you use your system to buy, sell or move your crypto coins the hackers can intercept the transaction and steal your money.
Connecting for a short period:
Another significant misconception among the users is that they think that if they connect and disconnect their cold wallet for a short time, say for five minutes, nothing can possibly happen.
However, the truth is that irrespective of the time it is connected, any thumb drive is a susceptible endpoint for the hackers.
They are aware of all the clever ways to track your storage device and gain control of your system and steal your private keys and your funds within a short time.
The worse thing is that you will not even know that your system and storage device is hacked.
The mini display of the thumb drive can be changed easily by the hacker to show that the transactions are happening as planned by you while your funds are actually being funneled to their wallet.
This means that there is nothing called a ‘safe period’ for being connected. Once you are plugged in and online, your system is a soft target for the hackers.
Multiple approvals:
There may be a few cold wallets that need multiple approvals simultaneously in order to make a transaction.
In such situations the users usually believe that they cannot be hacked. Well, the bad news is that it is not true, once again.
This is because the hackers typically do not need to hack multiple systems at the same time to intercept a transaction.
They typically use malicious code that runs on the background of your system when it is hacked.
Once they are able to do so, they have all the time in the world to know about your network and follow all your movements quietly doing nothing but simply waiting for the command to attack.
When this attacks the second system will be compromised and the code will work on the co-approval process by sending automatic notification to carry on the co-signing transaction.
The worst part is that this can take place even after years of the primary breach took place and at a time when you expect it the least.
Going wireless:
It is a smart thing to do today where you do not need to connect anything to your computer to make a crypto transaction.
There are lots of ways in which you can do it such as through Wi-Fi, via Bluetooth transmission, by using NFC technology, or by scanning a QR code.
However, the truth is that it really does not matter whether you are going old-school or using modern technology to transfer your crypto coins.
In either way there is a bidirectional connection established between the computer that is connected to the internet and the cold wallet, and therefore you are ‘visible’ to the hackers.
Therefore, now you know that it does not really matter whether you have a physical connection or not between your computer and your cold wallet.
Your cold wallet is really not cold when you use it. In fact, it is just how you feel about it.
For example, having no physical connection may make you feel safer while plugging it in may make you feel otherwise.
It is the right time now for the myth surrounding the air gapped cold wallets to demystify.
Myth # 1:
Most people believe that it is only a physical air gap that can provide security to the highest level. Well, it was true before but not anymore.
Today, this is a myth. In fact, no one knows for sure whether or not a device is connected to the network.
This unknown connectivity is due to the fact that there are actually billions of different devices connected to the internet now.
In fact, several IT organizations run network security scans and are shocked to find that even the air gapped systems get connected to the internet accidentally.
Moreover, there is another significant problem with the physical air gaps. These are usually not protected against social engineering, insider attacks, and even basic human errors.
Add to that, the virtual world today relies heavily on data. Therefore, at some point of time, there is a need for physical access to it even in the case of the air-gapped systems.
The users will need to add, modify or delete data from time to time.
It is during these times when the air gapped systems are exposed to threats and reveal the access points to the hackers. This is a process commonly known as a ‘sneakernet.’
The ports may also be left open or the access points unlocked when a team member is forgetful.
This allows a bad actor inside such as a hacker impersonating as a credential user to compromise the system making the air-gapped system vulnerable to attacks and unauthorized access.
Myth #2:
Another myth is that an air gap in the device should be a physical separation. This means that there should either be an air gap or no gap.
However, there is no law, commandment or method to prove that this is true in any way.
There can only be one countermeasure to it which is to disconnect the machine from the network.
This will instantiate a more effective air gap. This is easy to do when you have two servers on the same rack.
The machine that will be off will be therefore air gapped and the hackers will not be able to reach it.
Therefore, more than a physical separation, a logical air gap will be a far more effective alternative. This will follow a zero-trust approach.
It will help in segregating and protecting the digital asset connected to the network on a logical basis instead of a physical basis.
The Zero Trust Architecture will separate the data including encryption which will make it literally useless to the hacker. Also, the immutability aspect will prevent the data from being modified.
Ideally, the logical air gap when united with multi-factor authentication and role-based access controls, will offer the same level of risk mitigation, if not better than the physical air gap.
Myth # 3:
Contrary to what is said above, there is also a myth surrounding air gapped cold wallets which is that physical air gaps are more secure than logical air gaps.
However, the truth is that when you use the right type of logical air gap it will be quite secure.
On the other hand, even if you implement the best physical air gap, it can have a lot of different vulnerabilities.
A few specific types of logical air gaps use multiple security layers that make it quite less likely to be hacked.
In these types of logical air gaps there are no protocols such as the Common Internet File System or CIFS or Network File System or NFS used that can be scanned.
Therefore, the chances of detecting creation of a data backup on the networks are enhanced.
This is because the data stored in it is not visible to the hacker and therefore cannot be misused.
Also, the Zero Trust Architecture, as mentioned earlier, prohibits a user, whether it is a machine or a person, from accessing the data stored in it unless a certified process is followed.
It is not possible for a user or even a hacker to access the data and retrieve it by using any average management process.
Also, the distributed file system will need that the process is validated and is secure enough to use for exchanging tokens. This makes it extremely difficult to access the data illegally.
And, even if someone does manage to access the data, it will be useless because everything will be encrypted and subject to the method of immutability of the device itself.
Therefore, with all these myths and misconceptions known to you, you can judge yourself how different in reality it is and how people are living with their false notion and belief of security.
Now you may ask why it is so that the air gap does not offer much security in reality. Well, there are three main reasons behind this.
First, the communication cannot be stopped entirely even though there is actually no physical connection through a USB cable with the host computer and the wallet.
However, this communication can be at the minimal level due to the difference in bandwidth in an air gapped connection and a wired connection.
For example, the QR codes will transmit data at a much lower rate as compared to a USB connection.
Ideally, bandwidth is not that relevant in terms of security as it is with the user experience or UX.
Moreover, Bitcoin transactions are usually very small in size which means that any of the communication channels, wired or wireless, will be able to transmit the data.
Ideally, no communication channel can prevent receiving and sending of data by itself and certainly not this small amount of Bitcoin data.
This, however, can be potentially malicious if the wallet is not inspected thoroughly or all data received is sanitized.
If there is any tampered or unverified data in the wallet, it will be vulnerable and in that case it does not really matter whether it is air gapped or not.
If there are any weak points in it that can be exploited, it will surely be done by the attacker to load a malicious QR code or a transaction file.
Therefore, the air gapped transmission is just another form of a communication channel even if it needs manual involvement.
And, all these channels come with their unique attack vectors.
So, the air gapped wallets need to be sanitized when information is exchanged.
This will help the threat model of the wallet to understand that the phone or computer that it is communicating with is compromised.
For that reason, it is a very bad idea to trust anything other than what you see is displayed on the wallet itself.
Secondly, any communication can be compromised any time.
This is because the malware, which is the primary attack vendor, will tamper with the communication and even change it and still stay undetected.
This way it can change the receiving or sending address and even may swap out co-signers in a multi-signature set of connections.
The firmware of the wallet may detect it but the air gap in it may not be much of a help by itself.
This is because the QR codes can be changed at multiple levels maliciously through the backdoors that are introduced through rendering of QR codes, camera images that are controlled by an upstream library, the malware running in the background of the host computer, or the camera firmware.
If you are using a microSD card the other programs may detect its content, change the PSBT files, and even write extra data onto it without you noticing them.
It however depends on the operating system used in your computer as to which access point will be chosen exactly.
And, the USB communication itself will not help in dealing with this attack vector as well.
The best way to prevent all these things from happening is to encrypt all communication going on between the firmware and the accompanying app running on the computer. It will be easy to identify and avoid altered data.
However, this still may not make the communication channel fully secure if the app running on the computer is itself compromised but still it will be much more difficult for the attacker to eavesdrop or change information.
Thirdly, the air gapped cold wallets are not suitable for everyday use because these seem to be less transparent.
Though the air gapped wallets promise that the data shared between the devices will be more verifiable as compared to any USB connection, this actually is not in reality.
It is claimed that you will know the type of information you receive, thanks to its more forceful security model.
When you use QR codes for data transmission the potential malware risks will be eliminated due to these security measures.
The format of the QR codes used will be verifiable, controlled, and transparent.
Tests results however showed that even for a simple Bitcoin transaction, it showed only one recipient, one input and a change address.
The unsigned transactions are exported in two different ways such as:
- The PSBT or Partially Signed Bitcoin Transaction files are typically stored in a binary format. This is actually not readable by humans and you cannot even open them to check its contents. You can do that only when you load it into a Bitcoin wallet. This means the data needs to be sanitized, which, actually, is the responsibility of the wallet.
- The QR codes represent similar information that can be visually represented but an animated code is used for that because the transaction is too large for a single QR code. Once again, a human cannot read this information or data with a standard QR code scanner and for that a separate wallet is required.
Therefore, in both methods, the security aspect raises some questions and therefore it makes things quite unrealistic because the user will hardly want to create a separate wallet to verify data on a regular basis.
Is There a Solution?
Now the question is, is there any real solution to these issues and how exactly you can make a crypto transaction safely on a blockchain and at the same time store your private key in a cold wallet.
Yes, there is a good solution to it. You can use a patented air gapped vault for that. This solution will surely keep the hackers at bay.
There may not be many of such cold wallets available in the market right now but you will surely find one through research.
If you use one of these vaults you will be able to make transactions on the blockchain directly.
These specific types of cold wallets use an exclusive unidirectional connection. This means that the data will only go out and never come in.
This is pretty different from other standard cold wallets available in the market out there which are not cold in the real sense.
These cold wallets or vaults are always off the grid. This means that the chances of the hackers to use all those attack vectors will be eliminated and therefore there will be no breach into the network of computers.
In the end it can be said that the concept of air gap can be very useful for some specific reasons such as prohibiting any communication from any device that cannot be trusted.
This will eventually prohibit the possibilities of carrying out any remote multi-sig theft attack by the hackers.
This is because in situations where there is no communication, there will be no external information necessary to make such attacks.
The hackers will not be able to create or recover a wallet seed, generate receive addresses, name a wallet, enable or disable an optional passphrase.
Conclusion
There are pros and cons of every communication channel. The air gapped cold wallets eliminate the risks of potential attacks that can be made through communication by simply canceling the connections that are against the rules.
I have special interest in crypto and intend to help common people to gain knowledge about the digital asset as well as its potential. Follow Me at Linkedin.
