Topic: AirGapped Hardware Wallets (Read 1119 times)

True. The latest version that WalletScrutiny tested was 6.4.8, and they weren't able to build it from the provided source. Blue Wallet's latest app version is 6.4.10, released a few days ago. The latest versions that WalletScrutiny were able to reproduce from source were 6.4.5 and 6.4.4.
https://walletscrutiny.com/android/io.bluewallet.bluewallet/#resultsArchive

Passport is probably one of the best air gapped hardware wallet options right now.
It is better built quality than Keystone, you can easily remove battery and you have clean open source code that works only for Bitcoin.

Seedsigner is not bad but I still consider it as experimental device, and Bluewallet code can't be verified and reproduced, as far as I know.
For any newbie or beginner I would not suggest seedsigner for various reasons, but it's nice to use it in some multisig setup.

SeedSigner.  Buy it fully assembled if you don't feel comfortable doing it yourself.  Use it with BlueWallet.  Both are 100% open source.  Why tie yourself to a company that you'll have to trust?

Best of all, if you someday change your mind, you can just buy a different wallet and import your seed.  You won't need to make a new seed & move your coins again because, with SeedSigner and BlueWallet, your seed won't have been exposed to a company that went dirty like Ledger is doing.

If you're waiting for a reply everyone can agree on, you're never going to get one.  Some people are followers and feel like they need to trust a company.  To me, that's bizarre.

i do not care about cheap wallet or not.
i am looking for the best one for long term holding.

Time is running out i still not decide which one to get. Keystone 3 Pro/CoolWallet Pro/TANGEM and for BTC only Passport/SeedSigner.

After thinking about it, I should clarify the previous post. It's actually not from the secure elements that the secrets get sent from. The code retrieves the keys, encrypts them, and divides them into shards. Those shards are then sent over the internet to 3 third-parties. Ultimately, it doesn't really matter to the end user. The point is that private data that was never supposed to be online now can.

You are completely right, man.That is why the multisig wallet which requires at least two cosigners from wallets which use those  black-box chips produced by different makers is considered to be more safe haven for the stash in bitcoins than just, let's say, a single hardware wallet regardless the reputation of its manufacturer.

Judging by the type of hardware wallet xrahitel is considering, I believe he is on the hunt for something cheaper. And you are right, in that price range he is down to the Trezor One, Trezor Safe 3, or the Ledger Nano S Plus, which now has a 30% discount.

I would not recommend the Ledger though. There is no way of knowing what is the next self-destructive act that we will see from this company. 
I have a Trezor One, and unless Trezor intends to remove support for this device soon, I wouldn't have issues recommending it.

Regarding the secure elements. They have always been a black-box chip. It was never trustless, regardless if the HW was open or closed-source. The only thing that has changed now after Ledger's revelations is that we know that secure elements allow for remote sending of secrets.   

Airgapped machine is a good opt if you are sitting all the time at your desk in you home but it is not optimal in emergency cases which are not rear things in the current world. If you found themselves in such situation then, I think,  the having in the emergency bag the  lightweight and compact airgapped hardware wallet   instead of a bulky and heavy airgapped machine would be preferable for you.

I am not using an hardware wallet for now. If I should recommend what I am using, but which is bitcoin-only, it is multisig wallet which I have been able to setup on my three devices.

I can also recommend wallet on an airgapped device. Example is https://electrum.readthedocs.io/en/latest/coldstorage.html

Keystone 3 Pro is a good hardware wallet. I like the fact that it is airgapped, able to make use of QR code and you can use it with software wallet like Electrum.

I didn't see a single good review for Safepl X1 yet, so I am guessing it's not very popular, maybe due to fact that older version S1 was insecure closed source peace of shit with stolen modified code.
I wouldn't waste money for Safepal when new Trezor Safe 3 has similar price, and there are several other open source alternatives that are better.

It is one of the hardware wallets that I can not recommend anyone to use because it is a close source wallet and because you can not be able to connect the wallet to other wallets like Electrum.

You can see lists of hardware wallets here: https://thebitcoinhole.com/

Choose the one that you think is better for you. Let it be open source and in a way you can use it with other software wallet.

For bitcoin-only wallet, I will recommend Passport.
For multicoins, go for Trezor. Not the new model with close source secure element. Also avoid Trezor coinjoin.

Any one using Safepal X1.
I am still confused to choose right wallet.

Some airgapped wallets don't even use USB.  I'm a big fan of Krux, which runs on a Maix Amigo.  The Amigo is a device with a 3.5 inch touchscreen and a camera.  No bluetooth, no wifi.  Once you load Krux software onto the device you never need the usb port again for anything but power, so you can plug it into an electric outlet instead of a desktop.  And you only need to plug it in to charge the battery.

So, once the software is installed, you never need to connect a Krux device to anything.  It's fully airgapped.  And the large screen makes it easy to see full addresses and see exactly what you're confirming every step of the way.

I posted a full review of Krux here.

I haven't used SeedSigner, but I assume it works the same way, except for the large touchscreen which Krux has if running on a Maix Amigo (I mention this because you can also run Krux on a M5StickV, which is roughly the same size as a Blockstream Jade).

It almost seems like even more of a risk because of the malware that can hack in through the USB connectivity. There are so many different kinds of hardware / software/ airgapped wallets but almost all of them have some sort of security flaw it seems and that the only way to truly have the most secure form of storing your bitcoin is to run bitcoin node yourself. Hopefully this will change with time and there will be more secure ways of storing your coins without having the fear of losing them via a hack.

I missed that post, thanks for letting me know.

yups Open-Source is not completely, this is still untested and there is still no complete review for the use of Safepal X1.

I don't know why they have to sacrifice the QR code camera which is more secure and completely replace it with Bluetooth which is usually easier to hack even though it uses version 5.0, there will definitely be loopholes in the future.

and does not support third-party wallets, they only use their own Safepal wallet developed as a Browser Extension like Metamask.

That means you have not read this topic that dkbit98 created a week and some days ago: NEW SafePal X1 hardware wallet

We do not know if it is truly or completely open source yet.

It is not making use of QR code which is most recommended way of signing unsigned transaction, but making use of Bluetooth which is not safe as QR code. QR code is still the safest way to sign unsigned transaction.

The wallet can not be connected with wallets like Electrum.

and eventually, Safepal moved to Open-Source to prove that Safepal is committed to transparency and innovation.

In addition to announcing it as Open-Source, Safepal also changed the overall design and shape.
Using the Monochrome LCD type, even though the Safepal S1 already uses a full-color LCD (I prefer full-color).
and the use of Monochrome LCD is also based on low power consumption and uses a battery capacity of 128mAh.

Does not support Air-Grapped, only uses Bluetooth 5.0 High Speed connection method.

I have reviewed the official website introduction of Keystone, and it looks good. I have already placed an order for a Keystone 3 Pro, priced at $103.2, no shipping free. It seems like there are no other options available in terms of open-source hardware wallets that support altcoins and QR codes. Jade and Passport do not support altcoins.  All the hardware wallets are showed here. https://thebitcoinhole.com/

Who told you that Keystone have low sales?  They are currently sold out everything and you can only pre-order from their website.
QR is not used only by Keystone, but by many other airgapped devices like Jade, Passport, etc.

Do what you want with your devices.
dkbit98 is nobody, and he didn't command anyone what to do in their life.
btw Safepal released new model X1 that should have open source firmware, but I would hold on until I see some reviews for that device.

Nope. I was talking about different kind of malware that has capability to compromise QR code that feeds HW with data over optical channel. Clipboard malware  doesn't take any action in this. And unfortunately for user he has no prospect to learn whether QR compromised or not, looking at its patterns  itself.

You mean that the Qr code can be compromised by clipboard malware? Clipboard malware works in a way that you will copy a bitcoin address, the address would be replaced by a hackers address on the clipboard, so that the hacker's address will be the one that will be pasted. If you make use of QR code, you do not copy anything to clipboard at all and no address will be replaced by the clipboard malware. Although, it is good to check and recheck what you paste, even from QR code.

[/quote]

Yeah,  QR-code-based-communication is more secure, bu t it is also vulnerable and may result in the loss of fund in the case when relevant HW is paired with wallet on compromised computer that holds the malware code capable to change the receiving address in transaction that is granted for signing  via jeopardized QR code .  

One should always check what he is signing even with air-gapped wallet paired exclusively via QR over optical channel.
[/quote]

I have 2 safepal s1. After read a post by dkbit98, I do not dare to use them, again. Safepal is closed source, and others are open source, like keystone. However their sales are very low. I am concerned about the lack of supervision.

Yeah,  QR-code-based-communication is more secure, bu t it is also vulnerable and may result in the loss of fund in the case when relevant HW is paired with wallet on compromised computer that holds the malware code capable to change the receiving address in transaction that is granted for signing  via jeopardized QR code .  

One should always check what he is signing even with air-gapped wallet paired exclusively via QR over optical channel.

Dear Sir, I have a few questions. (1) Airgapped wallets that rely solely on QR code communication appear to be very secure. However, related hardware wallets, such as Keystone, have low sales. Why? (2) The risk associated with airgapped wallets seems to be primarily supply chain attacks. When newbies receive a new airgapped wallet, they may not even think about immediately updating the firmware. If anti-tampering measures are compromised and the supply chain is attacked, that can be dangerous. Especially considering the small sales volume of current airgapped wallets, the risk is likely significant.

Not exactly. It seems that to set up Jade you must connect it via USB to your computer. Since the vast majority of people who do this will connect it to a regular computer with an internet connection, then that is no longer air-gapped. It doesn't matter if you then go on to only use QR codes in the future, as an airgap should be either permanent or not at all.

Note that I'm not saying that it isn't secure, just that it isn't airgapped. Ledger and Trezor devices aren't airgapped either, although it is possible to use them in an airgapped manner if you only connect them to an airgapped computer. But if you connect your hardware wallet to a computer with an internet connection at any point, then it ceases to be an airgapped wallet.

If using QR code, it is airgapped, but if using USB connection, it should not be regarded as airgapped is what o_e_l_e_o is referring to, I think. Is Jade having a means to use QR code? Is there other means in a way there is no way you will not have to plugging the USB stick for the continuing usage of the Jade hardware wallet with Blockstream Green? If the hardware wallet is USB stick dependent at some point, that means it is not an airgapped hardware wallet.

While I do love QR codes not only for security / air-gap, but also for their convenience (work cross-platform, no need to carry a cable); just adding QR code communication indeed doesn't make a wallet airgapped, in my opinion. Still nice to have, but not air-gapped.
So, I agree with o_e_l_e_o here.

Please correct me if I'm wrong, but looking at the setup guide for Jade, it must be connected to your computer via a USB cable to set it up via Blockstream Green. As far as I am concerned, this immediately makes it non-airgapped, in exactly the same way Ledger or Trezor are non-airgapped. Perhaps it would be possible to use it in an air-gapped manner if you only connected it to an airgapped computer running an entirely offline version of Blockstream Green (although having never used this wallet I don't know if that is possible), but Jade itself is not an airgapped wallet.

I have mixed feelings about the Jade hardware wallet, I haven't been following its development closely, but it is for sure the first time I hear that someone call it an "air-gapped" wallet. As far as I know, in order to get access to the signing functionality of this wallet, you first need to unblock it by entering a PIN code. This PIN-code protection is server-enforced, which means you have to be physically connected to a remote server via the Internet to get your PIN working. This requirement of having to be connected to the network slightly contradicts the concept of air-gapped wallets. However, there are ways to make this wallet more "air-gapped" and less reliant on third-party servers: namely by spinning up your own server on your own isolated local network and using a hardware wallet only in your house. But I think if your personal network is not correctly configured, it remains vulnerable to external attacks. Moreover, you will still need the Internet to broadcast a transaction, which means there should be a separate network that talks to the outside world. Isn't it easier to just use some other wallet that doesn't need any servers to be unlocked?

Data from the internet must interact with the Jade device. I have previously argued that some HW wallets are superior in security compared to "traditional" 'air gapped' setups.

Every security measure uses various tradeoffs. The Jade, for example, reduces the risk of loss (via theft) if someone gains physical access to the device, in exchange for incremental additional vulnerability via having to connect (via an app) to the internet. Realistically, I think the risk of having a HW device stolen is greater than someone being able to inject malware into it, so it is probably a good tradeoff. However, I don't see how one could argue that Jade is in fact "air-gapped"

It's finally time to add one more airgapped hardware wallet in this topic, and that is Jade wallet after upcoming firmware update.
Jade always had camera in their EPS32 device and they just waited for software update to add support for QR codes and camera compatibility.
Someone on Twitter posted this VIDEO how this would work with Jade device.
Some argue that Jade is not really airgapped because of connection with Blockstream server, but that is debatable.


Image source taken from twitter account @bitcoin__help

Of course that's what he's doing, but he's not honest about it. Of course you can advertise your own product, but strawmanning the competition is not elegant.

Well, it comes with an extension cable, so it's no difference if it has a male or female USB port on it, except that with their design you don't need the cable when using a laptop, whereas you do always need one if you opt for a female plug on the hardware wallet. But I agree that QR codes are more comfortable, also because they work with any device that has a camera and you never need a cable.

Unfortunately, I have not tried that one yet. However, it should be fairly similar to Passport when used with SD card (which I'll try), when it comes to the user experience.

There is a saying that everyone praises his own horse, and I think that is the case here with Bakkum indirectly praising his own wallet.
I think that Bitbox02 is very good open source device, but it's far from perfect and I personally don't like direct USB connection without cable
because I can't use it properly on my desktop computer and I need cable extension, or to use it on my laptop.
If I had to choose wallet with USB connection or airgap, I would use airgap option in 99%

I don't know if you ever used Coldcard hardware wallet but I would be interested to hear some comparison Passport vs Coldcard vs other wallets.
Thanks.

Read both a few days as well; interesting takes, but for me personally, the airgapped Passport is easier and quicker to use than the BitBox, not only though it is airgapped, but partly also because.
My point is the interface; it can interface with phones through the camera, laptops through camera or SD and finally even desktops without webcam through the SD card. This is highly versatile. And password entry is much faster through the keypad than through the BitBox touch menu.

I will write reviews about both and both are great products in my opinion, but Bakkum's article is disingenuous.

Douglas Bakkum recently wrote an article for BitBox blog claiming that airgap is not really making hardware wallets more secure and it's only complicating them.
It's not surprising to hear this from inventor of BitBox wallet if we know that device is not airgapped, but it's interesting to read his opinion and conclusion.
He first started with myth of unbeatable airgap security, but wait a minute, nobody said that airgap is perfect and unbeatable.
Then he said that Micro-SD cards are mini computers with firmware that can be hacked, something I never heard happening but I guess it's possible in theory, however not all h-wallets are using SD cards, there is also QR codes.
Source articel: https://shiftcrypto.ch/blog/does-airgap-make-bitcoin-hardware-wallets-more-secure/

I personally won't agree with Douglas opinion, removing USB connection means less attack surface,
and in reply to BitBox blog with claims and conclusion we have interesting David Bakin blog, that explains it much better than me:
https://bakins-bits.dev/dev/2021/11/airgapped-hardware-wallets-and-fud-1/

Depending on which locations (this includes some IT security conferences) you like to visit, it may be a wise choice to bring a device without connectivity of any kind
I've seen people put hot glue into their ports and also people simply desoldering ports from the motherboard.
If the machine is sitting in a physically secured location though, you should be good with leaving the ports on ^^

Old laptops - I get it. I have one that needs a PCMCIA card with an adapter to have ethernet. But modern? You mean those ultrabooks with just a bunch of USB-C ports? Cause that's not much better either; you can just plug in an adapter in that case.

Yeah, that's my point. If you have some kind of LAN or other local network set up with multiple computers and devices, then that's a poor choice for storing airgapped wallets. Whatever device you are using for your airgapped wallet should have the minimum amount of hardware required to run, and be connected to the minimum number of peripheral devices. If not building it yourself, then open it up and remove things like the WiFi card.

I have a variety of new and old laptops, none of which have ethernet ports. There are a number of Raspberry Pi boards without ethernet ports.

I don't know what kind of magical computer you are using but 99% of computers today have ethernet ports and you don't need to connect internet cable to be affected by this attack.

If a device (in this case, an air-gapped computer with wallets installed) is a part of an air-gapped network, it needs to be somehow physically connected to other air-gapped computers. The question is why a crypto user would want isolated local networks to deal with cryptocurrency stuff? I think you are right in the sense that after such a vulnerability has been discovered and revealed, no computer that is part of isolated LAN can further be considered truly air-gapped. Cryptocurrency users, who want to maintain a decent level of security and preserve privacy, definitely should not have their (single) offline computer connected to the outside world: neither through physical means such as Ethernet cables, nor virtual ones such as WiFi, Bluetooth, etc.

This is why I am a proponent of physically removing any connectivity hardware (or indeed, any superfluous hardware) from your airgapped device rather than just disabling it. I could never fall victim to this attack because not only does my airgapped device not have any ethernet cables attached to it, but it does not even have an ethernet port in which to connect an ethernet cable.

Who actually has an ethernet cable attached to their airgapped device though? The device you are using to store airgapped wallets should obviously not be connected to a WiFi router or similar, and it should also not be part of a LAN or similar.

Correct. As with most attacks which leak data from airgapped computers, the attacker must first gain access to your airgapped computer to install malware on it, and then hide some sort of receiving device within fairly close proximity to your airgapped computer. If your computer never leaves your house, then this is essentially impossible without obvious signs of forced entry.

Not sure which one is more accurate, the article that mentioned "could reach tens of meters" or the PDF file ^{[I only read the parts that I could understand]} that said "to a distance of several meters away" but regardless of that, the odds of such attacks happening are quite low ^[CMIW], even with an infected computer ^{[heavily depends on the location & distance of the computer + the security measures that some have]}.
^{- I never thought such a thing was even possible [thank you for sharing it].}

Do both ^{[just add a link for the latter part]}.

Anything that might be hidden ^{[apart from its games]}.

Sick! I think I saw a talk already at BlackHat or so about using cables as antennas; can't remember what kind of cable they were using though. I love these kinds of novel wireless attacks.

On the topic of airgapped wallets; I got a Passport and will try it out soon. Not sure whether to write a new post with extensive review or add to one of the threads about airgapped or open-source wallets. Anyhow; is there anything you would like to see / know about the device that wasn't covered in other reviews or articles so far?

Newly discovered LANtenna Attack for airgapped devices was found recently, creating wireless signals with ethernet cable to steal data secrets from airgapped systems.
Malicious code can be sent from airgapped computers that don't have any internet connection, bluetooth or wi-fi, simply using $1 antenna via ethernet cables.
https://thehackernews.com/2021/10/creating-wireless-signals-with-ethernet.html

Full paper:
https://arxiv.org/pdf/2110.00104.pdf

Unfortunately, I'm under the same impression. I'll give it one more go though

Firstly, this is a classic strawman. At least the 2 wallets I checked (Passport - doesn't even have a USB port and ColdCard), which are both marketed as airgapped, are upgraded via an SD card that holds the update.

The issue with this though is that then you're maybe safer during the (usually infrequent) firmware upgrades, but in day-to-day usage you're constantly physically plugging in your wallet into different machines' USB ports, which may or may not be infected, for signing transactions.

Just compare the attack surfaces:

• Device A: Updated via USB, with self-compiled firmware. Plugged in via USB for every transaction.
• Device B: Updated via SD card, with downloaded and verified firmware. Never plugged in, transaction data transferred via SD card or QR codes.

To me, device B wins hands down, I don't see a world where device A is more secure except maybe the case where you use it purely as cold storage. In that case though, a paper wallet may make more sense.

You are totally missing the point of airgapped devices, you obviously never used one yourself, and you have your own twisted definition of this devices, so I am not going to continue this discussion with you.

I would typically define an "air-gapped" "computer" to be something that is never connected to the internet, nor is ever connected to any device that does not meet the definition of being "air-gapped".

If HW wallets are going to allow for firmware updates via a USB connection, and the manufacturer does not give clear instructions on how to do this via an air-gapped computer, calling the HW wallet "air-gapped" is probably more of a marketing gimmick than a security feature.
I posted up-thread that a trezor for example would be superior than an air-gapped wallet. If you are going to use an air-gapped HW wallet, one that requires the user to compile the firmware is probably best. Obviously, in order for this to provide meaningful protection, the user would need to be able to understand the code they are compiling.

If you use the term "its your own fault", there is probably not a good procedure that your "average" user can complete without experiencing security risks.

Also, if your computer is infected with malware, you cannot trust any output it provides. Granted, the manufacturer could suggest a procedure that is something along the lines of using a computer that boots from read-only memory, upload the public key whose private key signed the new firmware to the computer, upload the signature and source code to the computer to confirm the signature was signed by the right key, then install accordingly. However this procedure requires equipment whose cost would far exceed the cost of the HW wallet.

Yes you can.
In a same way like you would still use Airgapped computer with updated version of Electrum or any other software wallet with offline system update, not connecting to internet.
It's your own fault if you screw something up during the process of update, and procedure is very simple, click download on other online computer, verify software signature and then install it on airgapped computer.

In the end, everyone may choose their own definition of things and choose the method they like most to store their coins.
Matter of fact though: the commonly accepted definition of an airgapped wallet is that it's not physically connected to an online machine. I know it's vague, so there's room for interpretation.

As for your suggestions: Lixin from Keystone confirmed they are planning for a version of their device that comes without firmware, so both the initial install and any updates will need to be compiled and flashed by you yourself. Maybe this would be something for you!
I am not 100% sure how the firmware is updated on this device, but as far as I know, Passport and ColdCard use an SD card to transfer the firmware update. This means you're still not directly connected to a computer while updating. But sure, the file could be modified when copied to the SD. Only issue is the device verifies it before applying it (same as when updating via USB cable usually), using signatures.

Finally, if someone's really sure their host machine is super infected and don't trust it to update their wallet they can also just not update it Nobody forces anyone to update a first-gen hardware wallet to a version that supports SegWit for example, it will continue working on the very first firmware. And in case of a security issue, you can just buy a new device and transfer the funds if you don't trust installing the security patch via firmware update.

Can you really say a Hardware wallet is truly "air-gapped" if you are pushing firmware updates to it? Doing so in a way that your "average" user can complete the process without undue expenses.

I think to keep the HW wallet having it's "air-gapped" status after updating firmware, someone would need to compile the source code of the software that updates the firmware, and the firmware itself manually, and verify signatures signing the above code, signed by an entity you can trust, all on an air-gapped computer. I don't think this is something someone could do without a fairly decent amount of technical knowledge, and there would be costs involved that probably exceed the cost of the HW wallet.

I think if you were to update firmware via connecting the HW wallet to an internet-connected device, I don't think most people would consider the HW wallet to be "air-gapped" anymore. There are plenty of ways to do this safely while putting the risk of malware being introduced at near zero, as current HW wallet manufacturers do today, but I also think this procedure means these HW wallets are not "air-gapped".

I see where you are coming from, but there are plenty of reasons why a completely airgapped wallet might need updated,
everything from patching vulnerabilities to supporting new address types such as segwit or taproot. It would also have to be a brave company to release a wallet without any way of updating the firmware. Can you imagine if after they've sold a million units someone discovers some critical vulnerability and they have no way of patching or mitigating it? That would probably be the end of said company.

Right, I am not arguing against that, it does increase the attack surface precisely because the more features and complexity there are, the easier it is for an attacker to find the ways to exploit them and harder for white hats to find and fix vulnerabilities. That is one of the reasons why bitcoin, unlike dumb-contracts, has never been hacked. Just keep it terribly simple.

Probably. However, for a successful bruteforce attack, a malicious actor needs to know beforehand that there is a considerable amount of money behind the passphrase, at least it needs to be bigger than what he is going to invest in bruteforce hardware, he also should have high confidence that the passphrase is of relatively low length and entropy, otherwise, there is no point in trying.

Regarding malicious firmware updates it should be questioned first if we should update an air-gapped wallet at all.

In addition to those wallets you mentioned, I think that Safepal is also not allowing exporting or showing of mnemonic words (but it's closed source so I don't recommend it),
Ellipal wallet is even worse Android based device and it's possible to extract seed words, similar like with Trezor and Keepkey, so I would only use this wallets with passphrase:
https://breaking-bitcoin.com/docs/slides/2019/ExtractingSeeds.pdf

It's trivial to unlock PIN codes from those devices, and I think that some DIY wallets like PiTrezor are keeping seed words in regular format on SD card, but you can always encrypt your SD card.

Firmware downgrades are main attack form for hardware wallet devices and I think some wallets still have this option enabled by default.

I agree with this; it's still far from a hot wallet, just alone for the fact that it's still a hardware wallet to begin with. A hot wallet is just a piece of software running on an internet connected PC. That's a whole other thing, Charles

Well, as long as there is communication (which there is), there is potential of infiltrating malware. In this case, the communication is done via QR codes, which can - in theory - for sure carry an exploit and potentially malware as payload.

It's highly unlikely, but it's possible.

Now, if your device has no built-in way, no functions in ROM, to read out the seed, the attacker will have to query the chip directly, if it's even possible, so it will be significantly harder for them to extract the seed phrase. Instead, if the wallet does have the built-in ability to show the words on screen, the code is somewhere in memory and can be read out by malware.

This being said, it's highly unlikely that malware infection by QR code will be achieved by someone in the first place, but I'm not talking about present / proven attacks, I'm just talking attack surface (hypothetical). And it is indeed definitely smaller if you don't have functions ready to be executed that fetch the seed for you.

Edit: As oeleo said, firmware update is another way to infect the device with such malware!

Ordinarily, sure, but if you introduce a process to retrieve the seed phrase from wherever on the device it is encrypted and hidden and display it in plain text, then you increase the attack surface and create the possibility of someone managing to hijack that process to retrieve the seed phrase without having unlocked the device.

Knowing a seed phrase is significantly worse, since an attacker can wait until you deposit larger amounts of coins to your wallets before stealing them, and can also now attempt to bruteforce any additional passphrased wallets which use that seed phrase.

Either with physical access to the device, or through malicious firmware updates which you would transfer to the device via an SD card or similar.

An air-gapped hardware wallet remains unconnected to the Internet all the time, the fact that you have an opportunity to see your seed in plain text doesn't change its status from "offline" to "online." I also can't think of the ways an attacker can employ to install malware if we never connect directly to the Internet. I also don't agree with the statement that the main purpose of a hardware wallet is to store something offline because if it were so, then it would be no different from storing it on a piece of paper. The key purpose, I believe, is signing transactions offline.

This defeats the purpose of hardware wallet which is storing of seed phrase completely offline, if the seed phrase is in a plain text and accessible anytime it is requested for on the device, then it is hot wallet, which will make it more vulnerable to online attacks. Then malware will be able to extract the seed phrase.

For a potential attacker to access the functionality of seed phrases written in plain text, they first need to somehow unlock a device. Right? But if they already unlocked it, they can spend money without having to know the secret. If, on the other hand, an attacker has a special tool to extract the device's seed without unlocking it, it doesn't actually matter if a device has certain UI vulnerabilities or not. The only problem I see in showing a seed in plain text on the device's screen is that you should always make sure you're not being watched through your laptop's web camera or other similar means.

I agree, unfortunately, many devices do display the seed words when asked. This increases the attack surface.

ColdCard has functionality to show them:

Foundation Passport as well:

BitBox02 as well:

Keystone looks good
Trezor looks good
Ledger looks good

They obviously have to display the words the first time they are generated so you can write them down, but after that, a good hardware wallet should not provide the functionality to show them again as it kind of defeats the purpose of a hardware wallet. If there is the functionality to show the seed phrase (or indeed the private keys) in plain text, then there is the possibility of an attacker exploiting that functionality, either via a direct physical attack or remotely via malware, to extract and access the seed phrase.

Oh that's interesting. I haven't used an airgapped wallet myself so far and I think all hardware wallets I tried allow you to see the seed words on screen. Would be interesting to know if all airgapped wallets disabled this functionality and why.

Someone could in theory do this if wallet is closed source, they can add hidden malware with backdoor and nobody would ever know until we see newspaper headlines start talking about this.
Meanwhile they could be selling empty boxes and malfunctioned devices with faulty batteries, it's just me semi-hypothetical spaking about one possible scenario

In case of Coldcard wallet, I think it's possible to extract seed word, maybe DaveF or someone else who owns the device could verify this.

Not only that, but such an attack would have to be very specifically targeted against a particular user, since I would need to know exactly what make and model (and potentially even firmware) of hardware wallet you are using, and I would also need to know the UTXOs you would be spending so I could monitor the blockchain for transactions involving those UTXOs so I could extract the necessary information from the signatures.

If someone knows that much information about your wallets and security practices, then which is more likely: They create a never-seen-before malware from scratch which targets you specifically, manage to infect your hardware wallet with it, and then spend weeks, months, or even years, waiting for it to leak enough information for them to steal your coins, or they show up to your door and hit you with a wrench?

There are an infinite number of ways you could lose your coins, but it's all about considering what are the most likely attack vectors.

It's super-super-hypothetical and I think that in example of Keystone hardware wallet you can't display seed words on screen or extract it for security purposes.
Once the seed words gets into the Secure Element, it never gets out, and you can't see it again, but you can import the seed again and verify if it is correct.
I am not sure how other airgapped wallets are handling this, and I never said that airgapped wallets are perfect but they are safer than regular wallets.

If I understood correctly, what they mean with 'computer' is the hardware wallet. The idea is to construct a QR code that contains a payload (at least that's what I classify as malware, merely replacing a QR code on the host to send funds to the attacker is not a 'malware QR') as well as specific invalid / unexpected bits or bytes that trigger an exception in the QR code scanning part of the wallet's firmware. By exploiting that exception, the wallet's program flow is altered and forced to replace its firmware by the firmware contained in the QR code using the firmware upgrade code that is on the device, thus 'infecting' the wallet. Afterwards, the wallet may create transactions that leak the seed words by encoding them in transaction hashes or something like that.

It's all super hypothetical and nobody has done anything like that so far. But in theory, if you can get code injection, you should be able to extract the seed words, since it's usually possible to display the seed words on screen, so they're not unreadable by code running on the device.

As mentioned before I also highly doubt that such a malware, including the modified fw would fit in a QR code that is not instantly rejected by the device due to being way too large (like those big grid QR codes, which are not used for PSBTs).

I don't know if you are smoking to much weed or what, but I have to repeat again that there is NO COMPUTER in airgapped hardware wallets so there is nothing to infect or transfer.
QR codes are one-directional and seed words are inside secure elements, so everything you wrote is a bunch of nonsense that is impossible to happen in real life.

Yes I know about several clipboard malware, EthClipper malware that is well documented, proven and confirmed by multiple hardware wallet manufacturers.
I also know several scam Trezor and Ledger devices, both of this devices had many flaws with validating inputs, and here is one more attack that involved malware for Trezor Model T in 2019:
https://benma.github.io/2019/11/18/trezor-change-vulnerability.html

You are again writing bunch of sci-fi nonsense without proof, you are trying to prove something I never said, and those ''hacks'' were result of human errors.
Not going to comment anything about North Korea...

Of really? I also heard that pigs and cows can fly...in cartoons and fairytales.

I don't consider a replaced QR code, which is still just a QR representation of a PSBT as a 'malware QR code'. That's just a clipboard attack, which is always possible, no matter what your transport protocol is - whether it's USB, QR codes or anything else. That's also completely out of the hands of the hardware wallet manufacturers. That's why I don't consider this attack scenario. Also almost every wallet these days shows the receiver address on a screen and if you don't check it prior to signing, that's on you in my opinion.

I consider a 'malware QR' a payload that actually changes the program flow of the hardware wallet to - as someone mentioned before - for example leak seed words through the PSBTs.

LOL, of course we should 'avoid malware', I don't think that's even debateable

With reputed hardware wallets, I have heard that it is possible for QR code to be replaced with hacker's QR code, but not to the extent the seed phrase of such wallet will be revealed, but the initiated transaction to be signed can be replaced in which the bitcoin will be sent to the hacker's address.

It is all based on what I have been reading, that people should be careful of Qshing and any other type of QR code malware, so this is not based on fact, but prevention is better.

QR code can not be hacked, but can be replaced which will be what the hacker will do, there are ways in which the transaction initiated which is to be signed will be changed to his own (hacker's QR code), it will also still just be a QR code but for a hacker which can be very deadly. Malware QR code are existing and they are just like other normal QR codes.

Like the example I have used before, like airgapped Electrum wallet, you can either use QR code or USB stick for as a means of transferring unsigned transaction from watch-only wallet to the airgapped device for signing, if using USB stick, does that mean the airgapped Electrum wallet is not airgapped?

Even if QR code can not be hacked, can't it be replaced? We should not underestimate what malware is. We should use the reputed wallet that is best for us and also still try as much as possible to avoid malware, the easiest thing to do for an experienced users that know about malware is to avoid malware.

A seed being exposed would be predicated by malware being transmitted to the airgapped machine. The seed could be then leaked via the signature of a transaction. For example, malware could direct the infected computer to use an R-value in a certain range if a particular word is part of a seed. The R-value could also leak where in the seed the particular word is by the R-value being in the i-th portion of the range if the seed word is the i-th word in the seed. One random word could be leaked in a transaction. Once enough transactions have been broadcast, the attacker would know all of the seed words, including the order. The attacker would need to monitor for approximately 5 * 10^4 R-values.
Are you aware of any instances in which a trezor was hacked via malware? (this would not include any attach involving physical access to the device). There is at least one example I am aware of involving an exchange that had it's air-gapped cold wallet hacked. Several years ago North Korea had what was presumably their air gapped computer involving one of their missles they were test launching hacked, although this may have involved physical access, I am not sure.

edit:
This is a fair point. Although I would not say it is impossible. A QR code can generally hold up to 3kb worth of data. Very few things in this world are "impossible".

Issue with QR code encoded malware is file size. A QR code offers extremely limited space, so it'd be super hard to transfer an actual piece of malware software - I'd dare to say impossible - over a single QR code. An input that leads to unexpected program behaviour? Maybe! It can be tried using fuzzing. You'd run the firmware in qemu, then pass it millions of codes per second and see if you can trigger some buffer overflow or similar. But that's not malware, at least in the definition of 'a piece of software that causes harm', because that just takes too much space to begin with.

By the way; a quite entertaining video about fitting a game into a QR code: https://www.youtube.com/watch?v=ExwqNreocpg
It's not so trivial to make any software, not to mention a sophisticated piece of malware, this compact.

One big issue I see with devices that use USB for firmware updates is that they have actually built-in mechanisms to replace the firmware via, well, USB. So that's already much easier for an attacker who likes to replace or modify the firmware with a malicious firmware (malware), because they can use the same 'gateway'. Any time you plug in your device, an attacker might try to exploit the update mechanism to change your firmware.

It would already be much better if non-airgapped devices that even have a microSD card slot already, used that for firmware updates exclusively and removed any code that allows to transfer firmware over USB. Since you don't update it so often, it wouldn't be a big inconvenience for the users and the attack surface would be greatly reduced..

Imagine: the device could be coded to reject anything sent over USB that is not a PSBT, so that would be already the first hurdle to overcome if one would like to try injecting or replacing the firmware when a user plugs in the device.

That's not the definition of an air gap though. Actually, every hardware wallet generates wallet seed without using the internet. Otherwise it would be an extremely crappy device that should never be used by anyone. For sending a transaction, you need to connect the ledger to an online PC otherwise how do you publish it? In the case of air gapped wallets, you send the transaction over QR to the online device, so the wallet is never connected to an internet-connected machine.

But this is done with ledger nano as well.

You can recover and generate your wallet seed without using the internet.

You just need to download the software and then you can do everything offline. Looks like Trezor is similar, because you said you need the "new update"

https://support.coinhouse.com/hc/en-gb/articles/115005119714-Getting-started-with-your-Ledger-Nano-S

Well, for that the QR reading part of airgapped wallet software, the one that should read the QR and treat is as an unsigned transaction, for example, will have to treat it as executable. For that it should be incredibly badly written in the first place.
Really, that's greatly unrealistic.

That is only fantasy talking unless you can show me some proof of that ever happening, and there is no way that seed words or private key could be exposed with QR codes.

Wrong.
Trezor wallet is fine for general use but it does not offer ''much better'' security against any malware, and it is inferior to any airgapped device, and this is not just my fantasy thinking.

Please show me one example for this QR malware, because I see you know a lot about this subject  
Stop telling me that QR codes are not perfect, in first post I explained that all airgapped devices have flaws and malware could exists for everything.
Use whatever wallet you want, and believe whatever you want.

Do no mind my post. There is a malware which is very similar or the same as clipboard malware which is QR code malware, this type of malware can be rear but yet possible. The malware originate from the wallet software used to operate hardware wallet which would have changed the original transaction to a hacker's transaction in which the address would have changed to a hacker's address.

That was why I asked the question that the type of malware I know that is able to penetrate hardware wallet like Trezor and Ledger Nano through the USB stick are the clipboard malware which makes the seed phrase yet not to be revealed to the hackers because it is completely offline, but recipient address can be changed to a hacker's address through clipboard malware.

It would highly be appreciated if you can give us more breakdown of what you meant, when it is claimed that the seed phrase is completely offline while only clipboard malware is most possible which is also possible while using the QR code, then what disadvantage is the USB connection having again in relation to malware.

With what bitmover posted above with links, using USB connection, removable SD card and QR code to differentiate airgapped hardware wallet will always raise a debate. With what DroomieChikito posted and Pmalek answer to it that Trezor with Trezor firmware which is capable of generating keys and addresses even without depending on the wallet extension can also result to another debate.

I always gain from your hardware wallet's posts and you are very good in that area, but that does not mean everything you bring about hardware is what I will accept, while you can still correct me with proves.

When you communicate via QR codes, you are essentially using an image to send information to another device instead of using a USB cable. Unlike a USB cable, a QR code will transmit data at a much lower frequency, and the data will only be transmitted at your specific request.

While more difficult, it is possible to transmit malware via a QR code. Such malware would likely be targeted at you specifically. Malware could potentially cause your airgapped computer to sign your transaction in a way that reveals a portion of your seed and/or private key to someone who knows where to look based on the malware. To anyone else, the transaction would look completely normal.

A Hardware wallet such as a trezor for example offers much better security against malware. There are some potential security concerns with a trezor if an adversary were to have physical access to the device, but most people are more vulnerable to a $5 wrench attack, IMO.

Yes, because it makes no sense; a hardware wallet is by definition an offline device that is only connected to a PC (or not - in case of airgapped wallets..) when it's needed.
However, a lightning node needs to always be able to sign transactions if it wants to route payments, so it would need a constant access to the hardware wallet. This is why it doesn't make much sense to support LN with a hardware wallet. Also, if you use a passphrase ^{(to use it or not, is a whole different topic)} you would need to enter it multiple times a day: every time a payment shall be routed.

This reminds me of the O.MG Cable.. 
I mean yeah, you can replace QR codes on the host just as you can replace the data packets sent via USB to a non-airgapped wallet, but that's just one attack vector on the USB connection of hardware wallets.

I fully agree!!

You can upgrade Coldcard with SD card but you are limited to mk version you are using.
They are now working on mk4 version, that would probably mean that you can't use that firmware on mk3 or mk2 Coldcard wallets.

Lightning Network is not supported on any hardware wallet, and I doubt it will be supported any time soon.

Safepal is cheap Chinese closed source junk and I would never use it for anything.
Simple checking of firmware changelog I can see bunch of important PIN and security changes, meaning you have to upgrade to use it:
https://safepalsupport.zendesk.com/hc/en-us/articles/360047263792

They are not true airgapped devices, otherwise both of this manufacturers would write huge bragging AIR-GAPPED letters on their website, especially those amateurs from French village.
If there is USB connection there is always a chance of some leak or using malware cables that are connecting to computer with internet connection.

Thanks, that is a good idea.
I think QR codes are better for security, but NOT if you are using some mambo jambo hidden QR codes like Safepal is doing.

Yes, it is possible. All a QR code does in the context of hardware wallets is to take an address or a transaction and encode it in a specific format which can be easily scanned by a camera. Any malware which can edit the information being encoded will result in a QR code being displayed which can potentially send all your coins to an attacker if you do not double check everything prior to signing and broadcasting. Further, you can still be a victim of clipboard malware on your internet connected device with any airgapped wallet, resulting in you pasting in an incorrect address before turning the unsigned transaction in to a QR code for your hardware wallet to scan.

---

Ledger and Trezor devices, when used in the "normal" manner, are not airgapped. But it is entirely possible to use them both in an airgapped manner by only connecting them to an airgapped computer, and using a separate online computer to run a watch only wallet. Although if you a have a secure, encrypted, properly airgapped computer anyway, then adding a hardware wallet on top of that might be a bit of overkill.

That's now possible with the latest Trezor Suite and/or firmware, but Ledger still uses USB cables, which could represent a possible attack vector. You are still connecting your Trezor hardware wallet to an online computer through its USB port.

I have read about QR code malware before which will be similar to clipboard malware, or is this type of malware not possible?

This is what I am implying, what makes SD card special, can SD card not be attacked/affected also with malware?

Any report that the seed phrase of Trezor or Ledger Nano was revealed through malware? What signs transaction, it is the private key, the private key which is offline and remain offline and the hardware wallet is detachable from the computer that makes hardware wallet to be airgapped, hackers can not use their malware to reveal the seed phrase or private key even while making use of hardware wallet for signing, even if possible, no report of such yetr you can bring up proves that against this.

Do you think it is not important to be careful of a malware that can change recipient's address to a hacker address in which hackers address is what will be sent to the SD card or which will be in the QR code sent for signing?

Yes,

we can generate a wallet without being connected to the internet. With ledger nano s we can generate a wallet using power bank, but still, need a ledger Live application to download the Bitcoin aplication.

maybe Trezor is real air-gapped, with a new update, we can generate a wallet without using the internet (suite)

EVERYONE in the field refers to a device that is plugged via USB as non-airgapped. You may define your definitions however you want or even start a discussion, but this won't change the commonly accepted terminology.

As for the malware examples; not sure whether there was an attack already, but if there was none so far, it's easy to understand how the attack surface is smaller when you're not physically attached but merely exchange QR codes. Also just because an attack was not carried out yet, doesn't mean it's not possible. That's why we migrate to secure encryption schemes before quantum computing is able to break RSA and not after it will have happened, for example.^{in case it's not clear, airgap has nothing to do with quantum computing or breaking asymmetric encryption}

They're not, because they are connected to an online PC via USB directly. In theory, the communication protocol can be hacked and e.g. address be replaced before being sent to the device to be signed.

That's the whole point of air gap: a gap of air between your hardware wallet and your online device which publishes the signed transaction. This highly minimizes the attack surface.

@dkbit98: thanks for this topic, I really enjoy these 'wallet lists'! Always great to have them bookmarked and check from time to time to see what's available.
Suggestion: add next to each device an info on the type of airgap it uses: QR/Cameras, SD cards, etc.... (not sure of other ways).

For me, it seems way better to have the QR Code + camera way because on one hand I feel plugging an SD card in, bears potential risk as well (see viruses that spread via USB sticks..) and also because if you have a QR + camera type wallet, you can use it with any PC or phone which has a webcam. This is one limitation of USB wallets that really bugs me; they don't work on iOS. And I will certainly not use a HW wallet that communicates over Bluetooth either..

I think this definition is quite accurate. I looked on wikipedia and found this:


I tend to agree with this, but I am not an specialist.

I was reading ledger website, and I found this:


Looks like Ledger and Trezor are airgapped.

On the other hand, is it true that removing USD we really achieve an extra protection? are people safer using Cold Wallet than using Ledger Nano or Trezor? I don't know, and I have never heard such claim before, this is new to me. I am currently satisfied with my ledger, AFAIK.


It is also true that you insert a Ledger and Trezor into an infected computer that the virus will be unable to extract your private keys (ofc you shouldn't do that on purpose). You can see this comment from Trezor team on Reddit:

According to the website, coldcard is only for bitcoin. Don't it require any upgrade? For instance; supporting LN may require an upgrade? I'm not sure though.
In case of Safepal, upgrade is optional. You can still go with current one all the time but that wouldn’t give you the benefit of using the latest coin edition in wallet. Other than that, that's okay to use as airgapped wallet. I haven’t use it yet but seen one review in youtube and seems fine as it doesn’t require you to be connected with any other device directly.

OMG...
No we don't, because I defined them in first few sentences.

Sorry but you have zero authority to talk anything about airgapped devices.

Have you actually read what I wrote before or you just blabing like this without any sence?
I literally said they are using secure USB over FIDO protocol so no need to repeat like a parrot.

No they are not trully airgapped and even those manufacturers don't claim that, but maybe you can teach them better  

I think we need to define what airgapped devices are.

For example, I can set up Electrum airgapped device and be using its watch-only wallet to connect to it through QR code or USB stick, that does not mean it is not airgapped.

I know you are trying to bring up something but making use of airgapped may not be appropriate.

Hardware wallets like Trezor and Ledger Nano that make use of USB code can not be said they are not airgapped, they are actually airgapped devices, they are completely seperate from wallet extension that are used to operate them while making transactions, even is there any malware that can reveal their seed phrase or keys? I doubt that, if wrong you can correct me with proves.

Only the malware I know that can attack reputed hardware wallet this way are clipboard or QR code malware which can change recipient's address to hacker's address while making transaction. The reason we should make sure we protect our hardware wallet extension that we use to operate it from malware, also checking and rechecking the bitcoin address we are sending bitcoin to.

Reputed hardware wallets like Trezor and Ledger Nano are airgapped too, but I understood what you meant, but airgapped should not be the appropriate term.

AirGapped devices by definition are never directly connected to internet or to any other devices that are connected to the internet.
However, most devices including computers and hardware wallets still have USB connections and that is the easiest way to breach airgapped machine, but not the only one.
Airgap malware exist today that are using acoustic or other type of signaling like light, magnetic, thermal or radio frequency, so we know that AirGapped devices are not providing perfect protection.

Hardware wallets are never directly connected to the internet and most of them are using USB connection with secure device-to-device FIDO protocol,
but if we want better protection we should look for True Airgapped wallets, and remove any USB connection with computer.
There are currently only a few Airgapped hardware wallets, but I expect this trend will grow in near future with better devices and better protection.
Always choose Open Source and tested hardware wallets.

Airgapped Hardware wallets:

• Keystone
• Coldcard
• Passport
• Jade (soon)
• Safepal
• Ellipal
• Ngrave

- Safepal is closed source, claims it is airgapped, but you need to connect it with USB cable for every update.
- Ellipal is closed source.
- Ngrave is unknown source (they plan to be mostly open source)

DIY Airgapped Hardware wallets:

• Specter DIY Wallet
• SeedSigner DIY Wallet*
• Krux DIY Wallet*

* Signing Device

Most of this wallets are communicating with QR codes or SD cards and they have their own flaws.
Nothing is perfect so do your own research before using any of this wallets.