Most people think they are paying $150-$200 for an HWW.
What they are paying for is an overpriced gimmick with a very small amount of security added.
All the major HWWs, including their latest revisions, use insecure SEs or ones which a viable attack exists for.
not ledger... or enlighten me?
Ledger thankfully is made by a more competent group of people
Yeah, now do Trezor!
With SE? Infineon chips are pretty good but some of them have a few vulns (does not affect the Trezor use though)
I cannot speak about their architecture fully though, will need to look into that.
Name and shame đź‘ż
Which ones would you like to know about?
But if it has “Bitcoin only” in its marketing, it 99% of the time falls under these categories.
I use Jade and I know it doesn't have SE.
I was thinking to get one of the MKs.
Even with dual SE, both are vulnerable to laser fault injection. This could be solved easily by using a different SE but no, they upgrade to the newer version of the inherently flawed series of ATECC chips.
And they intentionally make it so that their devices turn to e waste instead of wiping the seed (like 90% of HWWs) if you forget your PIN for example.
Also, your money will go directly to propaganda against competitors like SeedSigner
install linux os on thin client, install electrum, fund your wallet, disconnect and turn off your machine.
How about Seedsigner?
that is different for a different use case with a different threat model
The evil maid software swap.
I keep the SD card in a safe inside a tamper evident bag far away from the device.
Any other attack vectors? I think the RPi being corrupted by the manufacturer has been mostly debunked.
Also, reflash if you are suspicious.
Otherwise, I use SeedSigner often and have nothing against it like some of the other HWW vendors… :)
They serve different purposes, where in an HWW the responsibility for seed protection is on the SE, with SS it expects you to protect the seed yourself.
The former is better for carrying wkth you, but the latter works well when you are trying to build a larger multisig affordably (since you need a physical copy either way)
I do reflash and verify on Sparrow every few months if there hasn't been a new firmware release.
I suspect that this type of attack will become more prevalent when after more adoption, a greater number of people will know about HWWs, signing devices and steel back ups. Right now, in my African country of 50M+, I guess less than a thousand have even heard or seen a photo of a SS. The number who even own one here will be less than 100.
Of those, the number of people with an ability to corrupt the firmware with an evil maid / dark skippy type attack is very very small. Never mind even knowing that I possess such a device.
Something to worry about more intently in the future.
And so we should…..?
Hardware wallets are more risky than most people realise. Better use vultisig multisig with any device. No silly seed phrases, but password-protected vault shares.
