Electrum Phishing Attack - Upstream Fix Committed
As part of this ticket, reintroduce the test case i.e. revert f092b0d6f268a12550283e3a510f0455055ca1d9.
I was using Tails (newest version) and stumbled over this a few hours ago.
When broadcasting a Bitcoin transaction it would come back telling me to manually upgrade Electrum with a link. I thought this was suspicious as the response was rich text and my hygiene (cyber or otherwise) is amazing.
Did a little digging and this:
Bottom line: Attacker electrum nodes in the wild are able to send custom responses to Electrum <v3.3.3. Tails looks like it's at v3.1.3 at present. Electrum devs responded with a counter-move. They started upgrading Electrum nodes to authorize your transaction but shout at you for using an older version.
Current user experience: At this time every Electrum transaction on Tails shouts at me. It's either the phishing response trying to bait me into installing the backdoored Electrum (and the transaction fails) OR it's a legitimate Electrum node that authorizes the transaction but tells me I'm on a vulnerable version.
At this time it looks like the attack requires user participation to manually go and install stuff from the attacker site(s). I'm not sure how many Tails users this would actually pwn since Tails users are here for a reason. But at the very least it might freak people out. I checked all the doors & hatchets myself when seeing the phising response for the first time.
Thought I would share before you get a ticket like this one:
"I'm lose ~12 BTC ~ $42k, from an UPDATE SHOW ME ON 3.3.3 OFFICIAL !!!! my family going to dead #5064"
- Status changed from New to Confirmed
- Priority changed from Normal to Elevated
- Type of work changed from Research to Wait
This is confirmed.
Some important notes:
- there is no vulnerability in the application itself. Nothing can be exploited. The only bug is that the arbitrary error message sent by the malicious server is displayed as rich text by QT.
- because of how electrum server peer discovery works, there is nothing that can stop the sybil attack or filter the servers. There's no authoritative directory which assigns flags or reputations to servers. Any client using auto-connect or random server has the N % chances to run into a malicious server where N = the % of the malicious servers in the server pool.
- it is a phishing attack. if the users use a trusted server, or a honest server, they are unaffected. If the users use a malicious server, get the error but don't follow up and don't install Electrum from untrusted sources, and just simply switch servers, they remain unaffected.
- the fix upstream in 3.3.3 ONLY renders error messages to plain text instead of rich text, and doesn't allow arbitrary messages but strict error codes.
- in Tails it's not trivial to install something from other sources, so I aim to think Tails users are OK.
At the moment, the network of Electrum servers is sybil-ed with malicious peers, there are so so many.
ElectrumX (the Electrum server implementation) 1.9.3 was tagged which:
a) filters and identifies most malicious peers (servers) and does not further broadcast them to clients;
b) uses the same "bug" to display a WARNING that the users should upgrade, even thus the transaction was successfully sent.
This was done because, users simply don't upgrade in the wild, and remain vulnerable to the phishing scam.
Electrum's Debian package maintainer had some problems that did not allow him to work on Debian, and when I last discussed I understood that work will be resumed at mid February, which is soon. It's going to be tight with the Buster freeze, but let's see what happens.
This is what we are waiting for in order to close all Electrum tickets. There is nothing much we can do in Tails, except display a notification on the website, or maybe even in Tails itself, that all Electrum users will either:
a) get a phishing message that will advice them to install a backdoored Electrum from an untrusted source, message that should be ignored.
b) get a warning message that the transaction was sent, but the version of Electrum used is vulnerable. This will be fixed in another release.
c) provide some trusted onion Electrum servers so that they don't have to go through many servers until they find one that broadcasts their transaction, since the Electrum server pool is heavily sybiled at this moment.
Comments from more people needed here, to see what's the best way here.
- QA Check set to Info Needed
- Type of work changed from Wait to Communicate
Provided guidance on the thread (https://lists.autistici.org/thread/20190320.121811.e9a13ab3.en.html), we'll decide how to proceed once s7r has answered the questions we have :)