CySecurity News - Latest Information Security and Hacking Incidents, EN

Hackers Exploit Dark Skippy Attacks to Steal Secret Keys from Secure Devices

 

An element of the Dark Skippy attack involves the subtle manipulation of nonces during the signature creation process to create the signature. To obtain the private key of a cryptocurrency wallet, attackers craft carefully crafted nonces, thereby gaining full access to the wallet by extracting the private key. The nature of this attack is particularly insidious.
Due to the covert nature of its execution, no trace of how it was carried out can be found. Additionally, it can impact every user of an infected device.

Earlier this year, security researchers from the University of Cambridge were able to disclose an entirely new type of malware attack that will allow hackers to access hardware wallets and private keys held by users after two signed transactions. 

Known as Dark Skippy by the researchers, the attack occurs when a hacker becomes aware of a user’s device and tricks him into downloading malware to gain access.

As part of the disclosure, Nick Farrow, Lloyd Fournier, and Robin Linus included information regarding Dark Skippy that can be found here. A new hardware wallet software company called Frostsnap was founded by Nick Farrow and Lloyd Fournier in 2012. Currently, Robin Linus is one of the people who are in charge of BitVM and ZeroSync protocols that relate to Bitcoin.

Every signer device inserts random numbers, or nonces, into every transaction that is signed with Bitcoin, which is explained in the report. 

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: