Replying to Avatar SeedSigner

"...only needs access to the device for seconds to binary-patch the firmware..." So dramatic, that darn evil maid is at it again.

Nothing new here, just a different type of theoretical attack that requires you to run malicious software on your signer. With our model, users are responsible for making sure they are running good software -- same as it ever was.

nostr:note1w2tmzhkqd7j9uwmr7lzj8muhn8332gn699zfntmrke45vp0kwh9qnukzp8
Avatar
Leo Wandersleb 1y ago

Well, when initially reviewing the seedsigner I was pretty impressed and thought how the firmware could even be evil if I wanted to, assuming a companion app would detect seed exfiltration. This new hack makes the firmware suddenly very clearly very relevant. Or how could you attack users without an RF module prior to this, with only software?

Reply to this note

Please Login to reply.

Discussion

No replies yet.