The Bitcoin exchange portal Bitstamp warned users over the weekend that a Google Chrome browser extension had been caught stealing Bitcoin and users should avoid the BitscoinWisdom Ads Remover extension that at the time still was available in the Play store. The good news is that Google since banned the app from the store, but you’ll probably still need to remove it from your browser yourself if you were a user of this extension.
The Chrome extension was caught stealing Bitcoin when users made transfers. The extensions malicious code would redirect payments made to their own Bitcoin address instead of the intended target without the user noticing anything until it was too late. What Bitstamp discovered was later confirmed by Bitcoin app developer Devon Weller.
@bitstamp Confirmed. I looked at the source code. It replaces QR code images on bitcoin exchanges with its own addresses.
The method used to steal your Bitcoin is essentially very easy. Bitcoin addresses, sometimes referred to as wallets, use a very long string in order to identify themselves. That’s something that is both hard to remember and difficult to enter. After all, it’s about money and you wouldn’t want to send that to the wrong destination. QR codes can solve this with ease as you’ll just have to scan a code presented with your smartphone that contains a Bitcoin app and you’re good to go. This is what the malicious browser extension took advantage of by simply replacing displayed Bitcoin QR codes with their own in the displayed website.
On further investigation, Devon Weller discovered that the code only targeted users of the Bitstamp, BTC-E, and Hashnest Bitcoin services.
This isn’t the first time that the same extension has been caught doing so. Back in July last year, Reddit users reported similar issues with the same extension. We can only hope that it is gone for good now. This also shows that you should be very careful what browser extensions you install, they might do more harm than good.
Anyone who’s been on a train recently for a long journey will understand that most modern trains come with some power outlets. I have travelled quite a bit in recent years on trains and can safely say these power outlets have given my laptop and my phone some much-needed charge in their final moments. An artist in London, however, found that this was not always welcome after being arrested for stealing electricity on a train.
The artist in question, Robin Lee, was travelling on a train in London when he spotted the power outlet and decided to charge his iPhone. When Robin left the train though he was met by a Police Community Support Officer (PCSO), for those who aren’t aware a Community Support Officer is a person who has been given some police abilities in order to bridge the gap between the public and the police. The PCSO stated that he had been “abstracting electricity” and according to Robin it was at this point that she called to four police officers who were on the platform and requested that he be arrested.
Robin was arrested after trying to push past the police and taken to the British Transport Police in Islington before being de-arrested for the “abstracting electricity” charge while being reported for the “unacceptable behaviour” of pushing past the police officers.
Transport for London has released a statement saying that there are signs near the plugs stating they are for cleaners use and they are not for use by the public.
I don’t know about you but next time I go on a train I will be reading all those signs a little more carefully. Do you think that it’s acceptable to be arrested for a little bit of electricity? Do you charge your devices on the trains?
Thank you Standard for the information and the image.
Yes this is still eTeknix and no you haven’t tuned in for the latest Jamie Oliver recipe, oh and before you ask, no I am not wearing a tin foil hat while preaching that the world is going to end. This is the slightly bizarre story of how a Pitta Bread has been used by researchers from Tel Aviv University to conceal a radio transmitter capable of stealing encrypted keys.
As this image below demonstrates, the PITA Device uses an unshielded loop antenna made of plain copper wire which is wound into 3 turns of diameter 13 cm. A tuning capacitor is chosen to maximize sensitivity at 1.7 MHz; this technique captures the key-dependent leakage signal with an SDR receiver being used and which is controlled by a small embedded computer.
How this device connects and steals an encrypted key is by monitoring the differing signals a CPU makes while undertaking various activities, by analysing these radio signals it became possible to discover the key being implemented to secure an encrypted email.
Well this certainly adds a new meaning to the phrase “I think there’s something wrong with that loaf” On a slightly serious Bagel, I mean note, the research demonstrates albeit in a controlled test environment that it is possible, in theory for an attacker to conceal a small device within an object which in turn could possibly decrypt a key which is potentially guarding sensitive documents.
Currently the researchers have developed a range at which this transmitter would be able to steal encryption keys at around (1ft 8in) from said target device. Which is compelling considering this project has been developed at a university with the potential for an unknown source to harness and develop this technique with the aim of executing this device in the real world.