If you've learned about the importance of non-custodial wallets, and especially if you're concerned about on-chain privacy, you've probably learned a decent amount about wider computer privacy at the same time - the importance of securing sensitive data like private keys offline, keeping your devices updated, using tools like VPNs or Tor to hide your browsing activity especially on public networks... but hold up on that last one for a minute.
Threat models
First, a real quick intro to threat models. Put simply, threat modelling is just asking yourself what you're trying to keep secure and from who. This is vital to effective privacy as there's no single "privacy switch" that just makes you secure - as much as certain entities (I'm looking at you, VPN and antivirus companies) want to convince you otherwise. Privacy and security are a state of mind, they are not passive.
So for instance if you don't want your ID attached to your Bitcoin wallet, you can use Bisq or Robosats. These are the correct tools for this threat model. But then you also must consider what wallet you send those coins to. If it's one you already sent KYC coin to in the past, you gained no on-chain privacy.
This has nothing directly to do with the headline, but it demonstrates the importance of threat modelling and how vital mindset is. A piece of software or a service can't magically make you secure or keep your information private. You must be thinking about your threat model when you handle each step.
You're only as secure as your weakest point
Recently, zero day exploits were found in iOS that allowed for RCE (remote code execution) and privilege esculation. It is now patched in iOS 16.4.1 (seriously, update if you haven't already) but let's now imagine you got someone running 16.4 and on their iPhone is a Bitcoin wallet. They might trust the developers of the wallet. They might trust their phone is set up securely. They might use Joinmarket and Bisq and Robosats to keep their coins private then store them non-custodially.
But if they navigate to a malicious webpage, the exploits could be used to hijack the phone and steal the coin regardless. Even if a hardware wallet is used, if you don't check the address shown on the hardware wallet's display matches your phone exactly, your coin can still be sent to an attacker's wallet.
This is not hypothetical. The Lazarus Group for instance is notorious for financial cyberattacks, including targeting crypto exchanges and even individual wallets. As they mainly use known exploits as opposed to zero days, low level hackers often copy the same tactics, likely through so-called "drive-by exploits" which passively wait for an unpatched device and automatically deploy malware though it.
It's easy money and an inexpensive attack when the exploit is already public knowledge.
Naturally, this doesn't only impact your Bitcoin wallet. Any personal data on a vulnerable device can be stolen in the exact same manner.
A vulnerable network endagers all devices connected to it
If I was a black hat hacker and we both used an insecure network, I'd have many options to attack you in ways most people wouldn't notice until it was too late. The main one would be some form of MITM (man the middle) attack, essentially placing myself between your device and anything you do on the network. This provides a range of options from the silent to the obvious.
I could serve up phishing pages, collect logs of every URL you visit (yes, this is possible even with HTTPS), log details of all devices such as the exact version of the OS and browser to check for exploits against your system, and of course perform targeted attacks against any device with an unpatched RCE exploit such as ransomware or extortion attacks, or a more subtle attack like nicking your private keys and accessing your online accounts.
In fact I don't even strictly need to hack the router if I can trick you into connecting your device to a fake public WiFi network that imitates the real one. That's the job of a WiFi Pineapple, although custom hardware plugged into a Raspberry Pi or similar can do the same job too.
What does that mean? It means even if a public network is itself secure, I could leave my own router somewhere, give it the exact same name, copy the sign in page, monitor everything, and even automate exploits against unpatched devices from the comfort of my living room while I eat popcorn and watch The Simpsons (or I guess Mr Robot would be more fitting).
This clip from the Netflix show How To Sell Drugs Online is a surprisingly accurate depiction of such an attack against hotel guests.
You don't need to be some gigabrain genius hacker to do this. Anyone can buy a Pineapple, put Kali Linux on a USB stick, and type stuff into a terminal. That's why the term for this type of hacker is "script kiddie", meaning you don't even need to write your own code, you just run existing software that makes it so easy a kid can do it.
Discovering new zero days (exploits that haven't yet been patched by the vendor) requires a lot more skill and can get you paid a lot of money, but attacks against devices that are vulnerable to publicly known exploits are child's play.
What do I do?
Don't use public WiFi. If it's unavoidable, don't use your main device. Set the firewall on your computer to block all incoming connections and put it on "stealth mode" - this closes all ports and tells the OS not to respond to pings from curious people who might scan for other devices on the network. If you have full disk encryption enabled, you can boot your laptop from a live USB stick, which would limit the damage from any possible attacks only to the contents of your temporary OS session.
Ideally, you should use mobile data (it, too, can be hacked through a MITM, but it's way easier and cheaper to exploit a public WiFi network than setup a fake cell tower). If you have multiple devices, tether from one of your own. Set your mobile hotspot to use WPA2 at least. Ideally, WPA3. Use a strong password.
Most importantly, keep everything updated! Your OS, all your software, everything. If you don't use some software anymore, remove it. Running only the software you need reduces your attack surface. The more software you have running, the more chance there is something can be exploited.
The idea behind defensive security is generally to avoid making yourself low hanging fruit. Absolutely nothing is 100% secure. But if you take the right steps to make your device harder to crack than the Average Joe, most of the time an attacker won't bother with you when there's a sea of devices that are much easier targets.
And at all times be aware of your threat model. Got specific data you don't want to risk falling into wrong hands? Keep it off an internet connected computer. This is known as "air gapping." It's the same principle behind hardware wallets and hardware authentication, e.g. Yubikeys.
Finally, the principle "don't trust, verify" plays a big role here too. You could, if you wanted, run an nmap scan like I did when I found a list of unpatched exploits dating back to 2017 on the network of the hotel I was staying at last weekend. Maybe you'll be lucky and find it's nice and patched up. Sadly much less common than it should be. But it's always worth checking. If you're not proficient in the terminal and the idea of learning to scan networks with hacking tools is daunting to you, I don't blame you. Best thing to do is simply not trust.
That's all folks!
This is really just a high level overview of some basic OPSEC concepts. But it's hopefully enough to make everyone understand why you should be careful out there.
If there's enough interest, I could get deeper into this topic, there's a whole lot of nitty gritty when it comes to hacking and it's all very interesting (to me at least). If you're curious, stick Kali or Parrot Linux on a USB or virtual machine - you can even get Kali to run inside Windows via WSL - and do some experimenting and research. Metasploit is a good place to start and comes preinstalled with any pentesting distro. You can install it on any existing Linux environment too, of course, including your Android phone via Termux.
I hope this goes without saying, but if you do decide to experiment with these tools, remember to be a white hat and do so within your own network against your own devices, or against targets who've given you permission to test their security.
Again, so much more I can say. If people are actually curious, I'll happily write about it! You can always hmu on Nostr!
PV!