Crypto Security 101: How to AirGap Your Devices?
There’s a well-known saying which goes, “a fool and his money are soon parted,” which sounds most apt for the cryptocurrency world. There are quite some bad actors who are ready to swindle money from naive people. In the past few months, there are several exchanges that have made headlines for being hacked.
Even though blockchain technology is immutable and tamper-proof, which hacked into or changed, the same cannot be said for highly-centralized crypto exchanges. Centralization means that there is one primary node that holds the lion share, especially in the cryptocurrency universe, which in turn means, there is always an imminent threat of being breached or hacked.
Air-Gap Comes Into Play
Fortunately, for every problem, there lies a solution. You can prevent any potential breach (irrespective of whether you are individual or an exchange) by Air-Gapping your systems. Air Gapping is a process of keeping your machine disconnected from the Internet (also known as cold storage).
For instance, if you are a person or an exchange, you will have two sets of keys for the wallet used to store cryptocurrencies: a public key and a private key. A public key is one part of the address which is available to all and sundry to send cryptocurrencies to the designated holder. On the other hand, the private key is an alphanumeric code which is only available with the account holder. The private key is used as a form of digital signature to authorize a transaction
Despite this, it is possible for an experienced hacker to breach security measures and make off with large sums of cryptocurrencies. This is where Air Gap comes into play. If a cryptocurrency wallet has more than $1 million worth in assets, it is recommended to disconnect the machine from the Internet.
Few Steps to Effectively Air-Gap your Machine
1) Online machine (Maybe a laptop or PC): Authorize the transaction and receive crypto assets in the wallet.
2) USB stick: There are several USB sticks available online to shift cryptocurrency assets from online to offline locations.
3) Offline machine: Sign the received transaction received from the USB stick.
4) Online machine: Notify the relevant blockchain of the successful transaction.
Air-Gapping Your Devices
There are several other ways to completely air-gap your devices. Some of them are listed below:
- A user can purchase a device which is purely dedicated to online use. To ensure maximum security, a user can invest in MacBook Air as those machines have readily available common drivers and also, they are very easy to use.
- A user would also have to buy a new system for offline use. To make it entirely offline, they should ideally remove the WiFi card that comes along with the system.
- Next, the user should buy a USB stick which is purely used for transferring data or programs into the online system.
- Plug the USB port into the offline system, and then open the terminal and create four files with the command that says: mkfile –n 1g fake.txt.
- Move the newly-created files on the USB stick. If there is any problem or glitch that a user sees while transferring the files on the stick, then certainly that the stick has a malicious entity.
- Transfer all the required data or cryptocurrencies on to the offline machine on a day to day basis to start the machine.
Are Air-Gapped Devices Foolproof?
That being said, Air-Gapped machines are not entirely foolproof. There are different ways to hack a machine that has been Air-Gapped too. There are two known ways- The easy method and the hard method. We’ll elaborate on both the methods below:
1) The easy way:
To hack into an air-gapped machine, a potential hacker would need a human to serve as an intermediary. For example, the hacker could gain the trust of an employee of an organization and get them to fix a USB stick into a computer. More than anything, this method would need a subject who’s willing to carry out the request of the seeker of the information.
To avoid this eventuality, only certain staff members of an organization should be divulged of the secret and be allowed access to the machine. The machine containing the digital wealth aka cryptocurrencies should be in a secure data center or a room on the premises. Since the members of a company are human, there lies the problem of accountability and trust. If a company wants to take no risks, they can invest in some USB Port blockers that essentially block access to USB ports of the air-gapped machines.
2) Next, comes the tough way to breaching into the air-gapped machine.
- a) A very determined hacker can use built-in microphones and speakers, to violate the covert acoustical mesh networks (generally inaudible to a human ear) and can transmit data to roughly 65 feet away.
- b) Apart from that, a hacker can also tune into an FM signal emitted from the graphics card, using an FM receiver and access the information on the particular machine.
It is important to note that, you may be a user living on a hilltop, miles, and miles away from civilization and still be a victim to a hack. The question is not why you are at risk; the right question is how you can be at risk. Hackers can strike anyone at any time – irrespective of whether you are a multi-billionaire company or an isolated individual.
Although the methods listed above may come across as paranoid, it should be noted that the best thing in such circumstances is to be preemptively ready, in case a malicious hacker is waiting to steal your cryptocurrencies. Those assets are your hard-earned gains, and nobody should have the right to steal them. As the common saying goes, “It is better to be safe than sorry.”
How can centralized crypto exchanges fortify security? Let us know your views in the comments section.