Makes you wonder if there is a way to set up some way that instead of using "off the shelf" software that they use a custom signed version. And then the hardware wallet checks the signature with a list of known good ones. And then the hw wallet sends a signature back that also has to be verified.
Sounds good in my head. Except for the fact that I just added a ton of more programming. And you are more limited to wallet options.
Sounds good in my head. Except for the fact that I just added a ton of more programming. And you are more limited to wallet options.
What kind of software are you talking about? The firmware on the HW device or the software running on the PC?
I doubt they would allow other software to be patched onto the trezor.
And regarding the software on the PC, i doubt this would be feasible too. You'd need to evaluate what exactly is a "good" software. And you'd need to update the signatures quite frequently (i.e. after each update).
And for that, you'd need the user to actually start up the original trezor software again which would then transmit the new list (integrity-protected) to the HW device.
Sending a signature back from the HW device to the software isn't really necessary, since the computer can be compromised and a malicious version would not care about the signature and/or it could be spoofed.
I was thinking about about doing it both ways. The hardware wallets would have to update their firmware to run an app on itself that talks to the software to verify its authenticity.
The only reason I thought about it is that I have a client who has a time-clock that works list that. You have to use one of their USB sticks to take the punch in / punch out times from the time-clock and copy it to the PC if there is no way to hard wire / network the clock to the PC.
There is a bit of firmware on the stick that verifies the app on the desktop before it allows the pulling of the hours. You push a button on the stick with the SW open and it ether shows green or red on the LED.
The PC will see the stick as a normal USB drive until you run the app and then click the 'check transfer stick' button. It then verifies that it's the real stick and you can pull punch in / out data.
No idea how the back end works on either side, but you can't run non authentic software or pull the data from the clock with any old USB stick. They just will not talk to each other.
Something similar for HW wallets might be more secure. But, as I said, I have no idea how to implement it. Way way way above my ability.
-Dave
