Topic: Bitcoin Threat Model - State Actors and HW Security - Chip Supply Chain Attacks (Read 299 times)

Still, you wouldn't get rid of all potential attack vectors. If hardware wallet manufacturers created their own chips, yes, you would get rid of the threat of someone in China or Taiwan inserting backdoors into it. But those backdoors can now be inserted by the people working on the production line, employed by those hardware wallet manufacturers. You are just transferring the risk from A to B.

Most people don't like overcomplicated systems. They want to spend as little time as needed on configuring and setting something up and get straight to using it for the purpose they bought it. DIY is a niche market. It's not big or attractive enough for you to see hundreds and thousands of companies offering such products. Imagine if the only way you could drive a car or live in a house was if you built them yourself? People would look for other alternatives.

FPGAs allow you to program the chip yourself. 9/10 people don't want to bother with that. They might not have the skills and would rather use their free time on other activities. Ask yourself this, how much of the things you see in your home have you created/built yourself? Maybe you are an exception to the rule, it's possible. Then, ask your neighbors how much of what they use in their daily lives were built with their own hands. 

I'm not sure I share your pessimism 

Let's not make perfection the enemy of the good. There are ways that hardware can be open-sourced to an extent that would make it much harder to insert a backdoor e.g. the use of FPGAs. Stateless and airgapping and also multisig approaches.

My concern is the seemingly increasing centralisation of the HW industry. I think it's worth keeping an eye on.

It is but only on a software level. Making it independent hardware-wise is impossible. Like I said, you will need a chain of companies that will build the hardware components from scratch and experts capable of verifying that they are doing it properly. I don't see that ever happening, not just in Bitcoin and Crypto, but any industry. 

It isn't because the hardware is built by others and not the manufacturers of bitcoin and crypto devices like those selling hardware wallets. We can never have a 100% bulletproof system where state actors can't interfere. Even if you did, there would be other ways to attack bitcoin. For example, through the mining industry. Countries A, B, C, etc. could come together and declare bitcoin mining illegal and start confiscating mining gear asap. It doesn't matter how realistic or unrealistic such a scenario is. What matters is that it's possible.   

True, but this type of attack will not scale well.


Out of interest, what are these other things?  Is there no value to implementing hardware that is better immune from supply chain attacks?

No, because if the chips can only perform basic functions then they are much harder to back door, especially if you can swap them out with other basic-purpose chips.

Again you have missed the point I'm trying to make. The things you listed are already within the control of governments and state actors. These items are not a "threat" because the are part of a system that they have command over. The whole point about Bitcoin is that it is supposed to be immune from attacks by state actors.  What you are tacitly admitting is that Bitcoin, as a system, is not independent and immune from manipulation from state actors via the hardware. That's fine by me if this is readily admitted, but it seems to be we are being told that this is a system that is truly independent.

And the other thing is the fact that even now with malware on computers and fake wallets and everything else most thefts are from social engineering then anything else in terms of crypto. You can have the best most secure hardware wallet in the world and it does not matter when you send your funds to coinbose instead of coinbase since you clicked on the wrong link.

And then don't forget if you are talking government money how hard is is really to just create a device that looks like your hardware wallet and take yours and replace it with theirs. All theirs is, is a transmitter that when you turn it on it sends the pin you type to them. And since they already have your wallet it does not matter.

And so on.

Out of all the things to be worried about with crypto this is still on the bottom of the list.

-Dave

And those hardware wallets will use various multi-purpose chips and we are back to zero. There isn't a single manufacturer today that builds its hardware components themselves from scratch. Let's say you create a company like that. Where are you hardware wallet going to be connected? On computers that have other chips and components whose functions and operations you can't inspect. If we start believing everything is a threat, we shouldn't use computers, phones, smart devices, and 99% of other gadgets equipped with chips that can do anything. 

Then I don't understand why you would say that you're not concerned with the threat? Surely we need to develop Bitcoin hardware wallets that can be built at home using standard mass-produced components that are available from many suppliers to reduce the risk of supply-chain attacks.

@BobbysTransactions
Bitcoin, the software is beyond their control. The hardware and components that go in the chips is not something that you can control nor inspect. If companies have to sign NDAs it is especially problematic. Even if there is something dubious with the hardware, the company isn't allowed to talk about it publicly. Trezor is an exception in that regard.

But governments and state actors already control these things; the point of Bitcoin is that even with all of their resources of all the 3-letter agencies, control of the BTC monetary system is beyond their control.


Your key can still be leaked as embedded information within the signed transaction.

They will keep saying that, and you know what, it's probably going to work. Most people will believe them and accept the situation as it is. Their argument is that your private keys are on your device, and they will continue to claim that. That will be supplemented with new information. The new update allows you to share custody of your seed with third parties, for your own "safety." They will keep highlighting that it's an optional feature that you don't have to use if you don't want to. People fall for sweet and comforting words all the time.

I would say that the whole situation can be described with a few very short sentences, which for the majority are not important, considering that the majority still use their devices. I can't even imagine what kind of impact the news would have on Bitcoin if some clever hacker managed to hack the Ledger firmware and remotely access the seeds.

The best decision any Ledger owner can make is to buy another HW, and since Black Friday is approaching, it's always a good time to get a discount.

THIS.

Let's think about the timeline.

Ledger announced their key extraction service ("Ledger Recover") in spring 2023.

Think about how long it must have taken to put that project together.  It had to have been at least two years, bare minimum.  They had to find companies to partner with.  All three companies had to write the contracts that all three companies lawyers could agree to.  That had to be a huge task given the amount of money and Bitcoin involved.  They had to create the system for storing and retrieving user seeds over the internet.  They had to design a system for securing that data, which is hopefully more secure than anything Ledger's already used since Ledger has been hacked multiple times, which means Ledger's security isn't good enough - but now they need security for three companies.  They had to create a system for user verification.  The more you think about it, the more complicated it all is.

They had to write and test all of the code for it.

This isn't the sort of project you whip out in a week, or even a month.

And yet, Ledger was still saying this, days before announcing Ledger Recover:


That was obviously a lie.  Ledger was saying your keys never leave your device while they were working on code to extract your keys from your Ledger device over the internet.

They're liars.  Period.

And after Ledger Recover was announced, that same guy said:


He obviously can't prove it because the code is closed source.  Trezor and ColdCard can prove what their code does.  Their code is open and published for all to see.

So, it doesn't matter if Ledger says none of the key extraction code is on a Nano S, because (A) Ledger lies, and (B) Ledger can't prove anything they say.

Ledger is a bad company.  They cannot be trusted.

That's just the thing, there is no way to know. No one can verify their claims. You can either believe them or not. Perhaps Ledger Recover only became available when they told us about it, and once the information became public. It's equally possible that the code was already there before.

Even if a Ledger employee or ex-employee comes forward and says, we have had the code in your devices for much longer, who is to say that is true and that the person isn't lying or retaliating for something that happened to them? it's such a messed up situation.

I assume that only those who have upgraded the firmware that enables the recovery feature would be at risk? I don't know if it is even possible to determine whether this feature has always existed (even in older versions of the firmware), given that there are users who use the old Nano S and think they are safe.

How complicated is actually to hack Ledger's key extraction API if you can guess?

Oh, I guarantee there are hackers working on cracking Ledger's key extraction API which is baked into their firmware.  And when they hack Ledger's key extraction API, no one will know.  The hackers won't start emptying wallets, because that would let everyone know Ledger was hacked.  Instead, they'll steal as many seeds as they can, and they'll sit on their hoard of keys until they think it's no longer worthwhile to keep waiting.  Then they'll empty a huge amount of Ledger wallets in one fell swoop, at which point it won't matter if Ledger patches their firmware since the hackers will already have users' keys and coins.

Never trust your Bitcoin to code that isn't fully open source.

I went for #1. I have said it before, except for 1 chip all the security chips in hardware wallets are off the shelf products. Targeting hardware wallets would not be worth the time and effort vs the getting access to the other things these chips secure.

Getting access to some wallets would be a side bonus, not the goal.
And, once it became known the price of BTC would drop so the time and effort investmed would be worth even less.

-Dave

I chose answer number 2 - because I'm not an expert in such things and I don't know how realistic it is that someone can be successful in an attack of this type - but recently we saw that it is possible to produce a device that doesn't look different/dangerous, but people managed to hide explosives in it and activate thousands of devices at the same time.

Of course, this is not something that has a direct connection with the question posed by the OP, but considering how very powerful agencies are interested in cryptocurrencies practically from the very beginning, I would not be surprised if they already are or are trying to manipulate sensitive components such as chips.

Let's remember that the Chinese, through the hardware they produced themselves, managed to penetrate practically all large US companies, but also some government institutions as well. Today, it may be almost impossible to have complete trust in any electronic device, even if we physically remove from it all the components used for communication - there is always the possibility that something is hidden somewhere that continues to transmit data without our knowledge.

I will choose 1. Not concerned in the slightest;

hardware wallet chips or secure element are useful in case of physical attacks or unauthorized access and the probability of a successful attack is low and their absence will not weaken the entropy. Supply chain attack can be easily avoided or using a DIY hardware wallet.

I voted "Other" because none of the above fit my setup:  I don't trust any code that isn't fully open source, and I don't save my seed phrase or wallet on any device.  Instead, I use Krux as my hardware wallet, with Sparrow and BlueWallet as watch only wallets for my Mac & iPhone.

Krux is airgapped and stateless, with encrypted seed QR and BIP85.

Airgapped: the device is not connected to any other device.  Not connected by USB.  No wifi.  No bluetooth.  It can't be reached by attackers on the internet.

Stateless: my seed and my wallet are wiped when the device turns off or reboots.  If the device gets stolen, there's nothing on it for attackers to hack.

Encrypted Seed QR: I'm the only one who can decrypt the QR code for my seed phrase.  Here's an example of an encrypted seed QR.  If somebody finds my seed QR, they can't crack it.

I also have my seed phrase backed up on paper and metal, secured in 2 locations only I have access to.  But even if somebody finds my seed phrase, they won't be able to access my wallet since they won't know I'm using BIP85.  P.S.  If you haven't learned about BIP85 yet, definitely look into it.  BIP85 is an incredibly powerful yet simple way to have a seed phrase generate more seed phrases that are deterministic.  It's friggin' brilliant.

And last but not least, I documented my work, as all of us should though I suspect most don't.

If you are very skeptical about your HW Security, you can set it up as part of a multi-signature air gapped wallet where you can choose 2 out of 3 signatures some of which are based on electrum or sparrow wallet so to hack your wallet hackers need access to your air gapped cold storage + HW.

I voted for somewhat concerned. At the moment only 3 votes are coming in so the sample is too small to conclude anything but it doesn't seem like people are overly concerned about it. Personally, I use different HW or build a dedicated air-gapped device to manage my crypto. I avoid HW that contains features that can be exploited for remote attacks like Bluetooth as of now.

I kinda feel the risk and to mitigate it use the multisig wallet to hold my stash. Should such attack  hook on one of my HW cosigners the other one  will  still guard my fund. The probability  that both cosigners will get caught simultaneously is negligible.    Thus I feel quite  safe at the moment, ^{probably will add one cosigner more, eventually.}

I am not that concerned with it. It's not like Bitcoin hardware is the only branch that relies on sensitive hardware and chip components. What about the international banking industry? Revolutionary technology that others would like to get their hands on? World governments and their secret knowledgebases and resources? Not to mention military secrets, weaponry, and advances in that field. 

There are other things bad actors would gladly backdoor and steal rather than bitcoin and crypto.

Hello all.  As a follow-up to my post linked below. I wanted to get a feel for how much of a risk the community think this issue is.  Thanks for participating.

https://bitcointalksearch.org/topic/--5512543