Is this a possible vector of attack?

daedalus

#1

Hi Community,

I am looking for some expert level help in answering a hypothetical.

When you install the Daedalus wallet on your computer it creates a folder to hold a bunch of files, just like any other program does. Is it possible to restore a wallet using only these files and NOT the backup seed?

The hypothetical situation is this:

A malicious virus infected my computer, copied the Daedalus system folder and sent it to someone else. The bad actor then uses the Daedalus system folder to restore a wallet and proceed to steal my ADA by transferring them to a new address.

Is this possible?

The reason why I am asking is because, I remember reading about a member in this forum who lost his password and seed to his Daedalus wallet but since the wallet was already installed on his computer. This person was able to use his Daedalus system folder files to restore this account.

I am looking not for opinions, but I want to see what the devs have to say. True or False.

If it is possible, the community needs to be made aware so we can protect from this possible attack.

Thanks in advance.

BTW, I love Cardano.


#2

Yes, it is possible. But, you can prevent sending ADA by applying Wallet/spending password, but it should be some strong one.


#3

It currently is not a requirement to have a password when you create a new wallet in windows. This is not acceptable. The community needs to be aware that this vulnerability exists. And that it become a requirement when setting up a new wallet. That way when my grandmother (READ: not tech savvy) creates a new wallet, isn’t exposed to this risk.


#4

I against using any password for several reasons, but mainly because its unconveniece (e.g. your Grandma’s example)
.
To partly solve this issue, I was thinking of some wallet feature that relies on some tree structure, and at higher level in the three hardest to access to the wallet. Similar to the Bitcoin’s multi-deep HD wallet implementation (Cardano has only 3 level HD Wallet), and leaves only allowed to have (therefore spend) a max amount of coins e.g. 50$/day. So when your magic wallet is compromised, you only can loose 50$ instead of the whole amount, and you do not need to use any password for that level (good for micropayments).

However, when you want spent more amount you need to have some more secure way (PIN on mobiles, password on Desktop wallets and so on) to access to the higher level of that tree. And even if you want spend more (buy a car etc) it might would need a Multi-sig requirement (wife gave her blessing for that purchase) and so on.

As an example if you have a Cardano mobile wallet (does not exist at the moment) than you would NOT be able to see (recommended) your whole balance, but some fraction of your balance, and even if you can see the whole balance, you won’t be able to spend that shown balance without accessing some higher level of security.

Even, you can have different sub-wallets on different devices, e.g. wife’s, your, childrens, who can access only to some lower level’s wallet. e.g. your children has the wallet installed on their mobile and just can see a leaf, which is automatically deposited sub-wallet using some rules (e.g. weekly 50$ pocket money or similar by Cardano CL’s smart contract).

These features can be implemented, but the hardest part is how to secure the root level keys (some off line vaults or similar) and also prevent any lower level’s keys leaking.

The reason of my thinking is that the wallets should be transparent easy-use but highly secure.


#5

Next version of Daedalus will have spending password turned on by default


#6

_ilap,

I like your thought process for the future use of mobile wallets. Very interesting. There is definitely a trade off with ease of use and security.

The multi sig approach I believe is being developed. And would be a great additional feature.

Thanks for your response.


#7

I did recently see this in one of the updates. It is a step in the right direction.

I understand that we are on the ground floor of an emerging technology. There will definitely be improvements made along the way.

Hopefully by the time my grandma goes to download the wallet, ADA will be at $2.60 instead of .26 cents :rocket::rocket:


#8


#9

When is the next version due out?


#10

Somewhere in May


#11

This is a very interesting security design flaw. I hope I am misunderstanding this. To clarify, if I was able to copy the whole user’s Deadalus wallet and transfer to another computer, I have affectly stolen his digital wallet?

I know this sounds rudimentary, but isn’t a digital wallet security suppose to prevent this from happening?


#12

Yes, if the spending password is not set.

But, it is not a design flaw, you can secure your wallet by setting a password any time. Some app requires a password, but it can be easily hacked, such as Exodus, by just scanning its memory and searching for a private key like strings. I meant it was vulnerable abt 1 month ago, but I do not follow its updates.


#13

Thanks for that. I have the password enabled already :slight_smile:


#14

I disagree, this is a huge design flaw.

There should be a notice when setting up your wallet warning users “If you do not set a password, your funds are not secure!”

The fact that I had to figure this out on my own is ridiculous. Since cardano foundation and IOHK are always claiming “scientific rigor” and “provably secure” software.


#15

Just to clarify.

  1. After the files are copied and pasted to another computer, no access to the key phrase is needed to run, it just opens like before? No restore or anything?

  2. If the limit is $50, what if say im on holiday. I dont look for a month. How would i know its occurring? Can an email / text message be included, like for binance?

The masses will expect this type of thing like Bank or credit fraud reporting.


#16
  1. Yes, that’s why you need the spending password set, to not allow any spend /wo password.
  2. It was a theoritical brain storm for a dumb but secure wallet.

Then, they do not need to switch as Banks do that anyway.


#17

Well stated, thank you for the insight.