I'll take Coldcard every time over any phone including Pixel on GOS.
Discussion
you are in for a ride as the secure elements on coldcards have been broken for 4 times now
Oh wow....good to know thanks. Source?
Did some searching, what I found was MK2 secure element was compromised with a very expensive lab attack (physical posession of CC) and all they could gut was the access PIN. If this is what you were referring wouldn't worry as shouldn't be running a MK2 and can't call Coldcard broken.
Mk3 is broken
ATECC608B
Mk4 also uses ATECC608B + a DS SE that is also broken.
The ATECC and DeepCover SEs user by the Coldcard lack critical protections aginst LFI/EMFI.
There are also architectural flaws in the design of the Coldcard device that also allow the easy production of counterfeit devices
And these attacks only get cheaper by the day… a reasonable DIY setup may run $1K at most with pretty good capabilities.
The Coldcard blog conveniently doesn’t mention the Mk3/4 ATECC SE being broken, or the fundamental flaws in the chips they use.
Note: I develop firmware for secure elements, primarily a product I am working on right now.
OK, thank you. Where can one read about this?