Topic: Coldcard Mk4 NFC Spec for developers (Read 521 times)

Why don't you say what exactly was this ''lot of wrong information'' posted in this thread?
You can't consider that only your links should be  reliable and true source of information for Coldcard wallet.
I wonder what are you going to say if or when Mk4 gets exploited like ALL your previous devices... maybe again ''very exoteric/hard to pull off''  

Just adding a note, alot of wrong information in this thread.

Mostly addressed in these links https://bitcointalksearch.org/topic/m.60216709

Coldcard Mk4 version not officially released yet, you can only reserve it aka pre-order it... and it's been like this for a long time.
I don't think there are much concerns because they finally decided to be honest and admit their firmware is not open source anymore, but you can still verify it and see what it does.
Not sure what you mean when you said ''software'' but I suspect that new version will only have similar and improved code like previous versions.
Colrcard is not my favorite hardware wallet, but I consider it much better option than ledger, safepal and similar junkware closed source devices.

Are there any news regarding the security concerns of the software, now that the MK4 is released?

That's not entirely correct. They would have to keep your license and also reference to your source. They would be allowed to sell it, but that's normal.
For instance, they started with a Trezor codebase and then sold their own modified version of it; similarly, Foundation sell devices running modified Coldcard software. That's all fine.

If Coldcard were to understand open source properly, they would look into working together with Foundation, sharing bug fixes and improvements amongst each other; that's how open source usually works - everyone benefits. Unfortunately, Coldcard doesn't want anything to do with this. It's their decision, but it's not very logical, to be honest.

Interesting; when we first heard about this '2 secure elements' idea, there were two options: they are storing the secret key material twice (hence 'halving' security - have to trust 2 manufacturers) or they are splitting it; in this case you could say the security is 'doubled', because both manufacturers would need to be malicious and build backdoors into their secure chips.
Now, it does sound cool to hear they went for the second method, but I'm interested to see if that's true (through code) and how the two pieces are combined. Lots of implementations are possible for this; some could be extremely insecure (such as loading both keys into memory and combining them) - potentially less secure than a single secure element that doesn't need to combine its key material with another one.

It's also worth remembering that the code means nothing if something else is running on the device. Last I checked, the firmware builds that Coldcard offers to flash to your devices, don't match the source code they publish. In that case, it's easily possible that the wallet is less secure than what the code makes you believe.

Of course, I wouldn't try to sell something that is available for free because it'd be rather a scammy behavior than a good business strategy, but... I could, for example, improve the original non-licensed source code, add the features Coldcard wallets lack, or remove features that annoy people and make them think Coldcard is no longer a good choice. Maybe I would fix some bugs and patch different vulnerabilities, I'd make it more air-gapped or more friendly to bitcoin and open source principles. I don't know... If I made my version of source code that attractive, Coldcard developers could take it (because it is FOSS), commercialize it, sell it as their own.

Bitcoin Magazine has obtained "exclusive access" to the details of the new version of ColdCard hardware wallet, and made a small review, which can be found here: https://bitcoinmagazine.com/business/inside-the-new-coldcard-mk4

Frankly speaking, I learned nothing new from the details they provided, except for this part:

Sounds kinda cool.

You can fork latest open source version released by coldcard, but why would you want to sell something that is free already, and nobody would buy that shit anyway.
Forking their new common clause license you could get sued by one and only developer they have, but you could just use Passport wallet code by Foundation that continued using open source code.
For me coldcard is now dead and stuck in the mud, and Passport moved on in right direction.

Yes. But it's a fine line to walk.
You take their old code and produce something.

They make an update to the code to do something / fix something.
You want to do / fix the same thing, but the way they did it was the best way and through your testing you came up with the same code to do it.

Can you prove that you did not take their code from ColcCardfile.py and just copy it to witcher_sensefile.py to fix an issue but developed it on your own?
Might me a rabbit hole you don't want to go down.

-Dave

Just to clarify, the Commons Clause license means you can freely access, modify and distribute modified and original software on which this license applies, but you cannot sell it or use this software for commercial purposes. If you are using licensed software, you must include a copyright notice, retain the original copyright and also include the "NOTICE" text file which usually contains some attribution notes. Interestingly, on the page describing what the Commons Clause license is, it is said that "when the Commons Clause is applied to an existing open-source project, it only affects code moving forward -- meaning no existing users are immediately affected. Licenses applied to previous versions are not revoked, so the Clause will only apply to future releases." Does it mean I can take previous versions of ColdCard source code, fork or modify them and then sell to whoever I want?

Finally I see some changes today on ColdCard wallet website after they confirmed they are NOT open source anymore, but they switched to Commons Clause Verifiable Source Code.
Maybe they cracked in last few days after Luke Dashjr said that verifiable source does not mean that code is open source at all, but we already knew that.
You can clearly see on their website how they made changes, but maybe they are preparing some public apology because they lied everyone for months.

Latest screenshot from Coldcard website:


https://coldcard.com/
(archive)

You can check older version of their website in my previous post of this topic above, and there is also saved archived version from yesterday.

I would conclude and say that this was a good decision from NVK, and even if it's not open source it is better than being closed source enigma like Safepal or Ledger.
However, reputation is lost with this changes and lies so I won't recommend Coldcard devices to anyone, not only because of this childish behavior but because they are adding NFC chips in their new devices.
Maybe they will have to remove True Air-Gap statement as well soon.

Dang, even deleted it! Fortunately, someone archived it. Maybe someone could create a NVK archive.org bot for the future.. Should be a few lines of code in Python.

I find it just a bit sad. Coinkite started to build a pretty good reputation from what I was seeing, also with very popular OpenDime and everything; and then we see them starting to fight with other companies over FOSS codebase. This shows they haven't understood anything about open source. Open source is not about grabbing free code, then changing the license to disallow anyone to benefit from your changes. Instead, it's more about working together on one codebase to make it as good as possible.

I would have really liked to see them actually collaborate. While making two pretty different devices they could have basically doubled the size of the software team. By working on the same codebase, there was a chance to maybe create the next-gen 'state-of-the-art' go-to Bitcoin hardware wallet firmware that then others could also use and also help improve.

Well of course it's not official stores but nobody can prevent them to make their own prices as they like, same thing I saw in official resellers, very much different prices from one store to another.

Back on Coldcard topic,I have to say that I am amazed by crazy behavior of NKV coldcard developer, he is blocking and banning people all over, ranting against Foundation Passport and all other hardware wallets.
He is spending way to much time on twitter, and he is still making fake claims on their website that coldcard is open source (I will write big report about that in future).

He is now claiming that Foundation violated their license that is not open source (he indirectly admitted)
https://twitter.com/nvk/status/1486063736247001090

Foundation replied later:
https://twitter.com/FOUNDATIONdvcs/status/1486085925885161480

Here is Vlad Costea saying that he submitted a pull request to Coldcard's repo to suggest them to change the product's description from "Open Source" to "Source Available".
The PR was taken down in 5 minutes.
If you read connected tweets you will see why Coldcard is not open source, and why you will get sued if you use their code.
https://twitter.com/TheVladCostea/status/1486135832641744898?s=20


https://commonsclause.com/


https://coldcard.com/

All in all I would stay away from coldcard mambo jumbo wallet and their egoistic freak NVK.
I am thinking of tagging NVK for making repeated fake claims on their website and everywhere online.
It's decision tactics used only by scammers.

You're meant not to trust them! You're meant to verify..
That's why for me and my loved ones personally, I consider only open-source (hardware + software) wallets with reproducible builds. That's like the #1 requirement. But not the only one.
Since I don't have the time to go through the whole code of every new wallet, I am delighted when trusted and verified codebase is used (in true open-source spirit) just as Foundation did it and improved upon.

I don't think that's allowed in 'official stores'. What you're seeing are extortionist prices from scalpers (can even be private people on eBay) that similarly to the GPU market, scoop up everything from the official stores and then resell anywhere.
This happens any time a product is highly sought after and production can't keep up.

I think that Coldcard created some weird eco chamber and they started with all this crazy decision making, but some people may like this idk, but they are looking more and more like ledger every day.
Thing is that more I learn about hardware wallets in general, less I have trust in them, and I more thinking of going back using air-gapped laptop.
There is still place for using hardware wallets but you really need to think good about security, and look inside all of this devices... I mean they all use same microchips and ''secure'' elements.

That is probably true, and if it is than I would like to have Raspberry Pi Zeor 2 without wi-fi connection, I see some people are removing in manually on hardware level.

I did simple math, all those prices you wrote are just in theory, in real life Pi zero was recently around $20 and I can find it now locally for more than $30 , same as Rpi 2 W (that is also out of stock in many places).
Some dedicated stores stocked up and they are selling all parts for around $80, and they can even send you pre-assembled version:

- https://www.gobrrr.me/produkt-kategorie/kits/
- https://btc-hardware-solutions.square.site/product/orange_pill_kit/6?cs=true&cst=custom
- https://diynodes.com/product/preassembled-seedsigner-in-open-pill-case/

And yes I know that case be printed locally with .STL files

That is only for version with pre soldered header, and official Rasberry website didn't say anything about this.
Like I said, I canstill find them in local shops with 6 or 7 times higher price.

Interestingly, official Raspberry seller says it's discontinued:
https://thepihut.com/products/raspberry-pi-zero-1-3-with-pre-soldered-header-no-wifi-or-bluetooth
However, the SeedSigner guys seem to be able to get their hands on a lot of 1.3's, so maybe they order in bulk directly from Raspberry.

From here: https://btc-hardware-solutions.square.site/product/orange_pill_kit/

$35 is a lot for this. Material cost on the 3D printer (FDM) is in the low single-digits.

To be honest, I see more variety in the interfaces, for example SatoChip with smart card chip and interface, we see Bluetooth for a few years being around and lately NFC. A few years back, the only option was really USB and to this date many still only have USB.

It's necessary to have a variety on the market, because some people may be fine with a less secure but more practical device, while others want only one interface. The choice there differs again. Some will prefer a device with only microSD, some want only USB or some would prefer only QR codes.
In general, it would be preferable that devices aren't a 'jack of all trades, master of none'. Hence, I tend to agree that it's best to have a device with only one means of communication for higher security (alone by shrinking the codebase).

Sadly I think the $5 zero is not coming back soon. I see the W and the 2W at a lot of places but no longer the original zero.
Could just be that a lot of retailers are looking at the small amount they can make on it and just not ordering.

Not sure where you got the $80 price
But is you can find it, the PI is $5 but lets say you get the $15 2W
The GPIO pins are $2
The camera is $10
The LCD is $12
So $40 and it is good to go.

But....
The case becomes the problem, If you can find an original zero you can get the 3D printed case from them for $35 or you can just print your own or find someone to print it for you for a lot less: https://github.com/SeedSigner/seedsigner/tree/main/enclosures/open_pill

---

Back to the coldcard, I think more and more we are seeing tons of things being added to HW wallets more for marketing and to justify price.
Not saying it's good. Just that it is.

-Dave

Great discussion, guys! I learned a lot, and also I am very disappointed in Coldcard. It seems to me that Coldcard devices are becoming more and more unsuitable for securing large amounts of money. Closed-source secure elements, non-reproducibility of builds, adding more layers of trust, decreasing the air-gapness of devices and increasing the attack surface due to implementing questionable features, and also controversial marketing are the reasons I wouldn't switch from my Trezor to a Coldcard device. They are now more oriented towards people who wish to make everyday small transactions with their mobile phones rather than those who care about the security of their holdings. That is not to say that there is something wrong with using mobile wallets in combination with hardware wallets, but if I were to choose, I would consider fully open-source and more cheap devices.

Wait, STM32 are the microcontrollers, not the secure element chips. But from your list, it seems some are like combo-chips, especially the NXP ones. I don't think an STM32 has a built-in security chip or similar. But it does seem likely that MK4 will use NXP chip for NFC, which as a side effect has a builtin second secure element.

I saw the kits go for pretty high prices, yes! But that's with profit. When I first looked into it, sourcing materials myself would have been more like 50 bucks. If you go for budget though, sure, there are many options. I'm generally a friend of reusing old hardware rather than throwing it away (as seen in my $50 full node guide). It's just less convenient really.

Exactly.
Two secure elements is just a side effect, and not by design of NKV or smart coldcard developers, and I am sure about this.
I recently revised the list of secure elements used in hardware wallets, and you can see that most wallets use same STM32 chips (this is security risk), but some of them use NXP chips and it's mostly with NFC cards format (Satochip/Satodime, CoolWallet, KeyPal, Opolo, D'CENT).

I like the idea of Seedsigner, but you know that cost of purchasing and assembling it now is around $80, and for that money you can buy used old but still good Thinkpad laptop.
That is if you managed to buy it anywhere, I looked all over the internet and Raspberry Pi Zero is mostly out of stock.
Seedsigner is also loading and starting very slow... no wonder when it has linux os in that small device

It depends on the implementation. If both elements have full access to the seed, then you have to trust twice, that's correct. If you do it right and split the seed or maybe have 2 different seeds that make a 2-out-of-2 multisig internally, it would be less trust than a single chip. Not sure how exactly they will implement though, for sure. For now, just marketing claims and no code as proof.

Oh, that's interesting. The NFC chip has a built-in secure element... then let's see if it even works as suggested with something like 2-out-of-2 or if the second chip is maybe simply used for NFC functionality..

We talk about fully cold storage and paper wallets a lot here; it's possible and made a bit more user-friendly by the SeedSigner project. That's basically it: a linux computer, booted with live OS and without persistent storage, importing seed every time you want to sign a transaction. Just in a more practical package than 'old thinkpad'. But none of these are as practical.

I mean, 'manually plugging in a microSD card' can also be seen as a kind of protocol that enables communication between devices. But due to the need of heavy user interaction (except the virus attack explained earlier), you need to physically steal the microSD and replace it without user noticing for example, to make them sign a bad PSBT. Even harder with QR codes since a QR code on the screen is less easy to extract / modify than a file on an external storage medium.

But I get what you're saying. Especially since you can wormhole NFC. You can also increase the range simply using high-power antennas; it's just radio-waves, not much unlike WiFi, Bluetooth or 4G and 5G networks after all.

It means that instead of you having to trust one secure element, now you have to trust two secure elements and I don0t think that is good.
My guess is they will use standard ATECC608A (or ATECC608B) like now, in addition with NXP secure element that is often used in in smart cards that use NFC feature.
So now you understand why they have two secure elements, it's only because of their NFC chip  

Until Trezor release this, it's probably best to have old Thinkpad laptop with live linux OS and Electrum wallet.
Use dices to generate seed words, and this will your best hardware wallet.

That is why they made their own version of website and made is sort of reproducible, but it's still not open source
They should remove open source (and soon Air-gapped) claims from their website.

It's not just physically, it's all connection with other devices, including wi-fi and bluetooth, NFC only has lower range than wi-fi
NFC = Near-field communication
https://en.wikipedia.org/wiki/Near-field_communication

I'm not sure I'm following.. Wouldn't two (closed source or not) secure elements mean less trust? As in: if one has a backdoor, it only has access to half the seed instead of full seed. Also: if one is vulnerable & an exploit is developed, the other one remains secure & 'half seed' is still protected?
It definitely depends on the implementation; doing half-half might not even be that smart, I think there are cryptographic mechanisms which would be better suited to 'splitting' the seed.

Definitely still a big fan of Trezor without secure element myself, though. This way it's reproducible to build and a truly open source device. The known seed extraction attack admittedly needs quite a bit of advanced tools and knowledge.
Best would be an open-source secure element; I think Trezor is actually working on one, excited to see how it's going to turn out.

You know what? I just checked their GitHub and website again and cannot find mention of exact license used. The GitHub has an empty license file, I mean it just contains:

While in March 2020 it contained GPLv3 license.

I find it very suspicious though that the builds are not reproducible (https://walletscrutiny.com/hardware/coldcardMk3/).

Regarding airgap, NFC is really a kind of grey line. Similarly to USB cables (maybe even easier) you can interact with the device with very little user intervention, which is marketed as a feature, but poses a large security risk.
Meanwhile, if you need to transfer a micro SD card manually, or scan QR codes with both devices it's hard to see a scenario where someone tricks another person to do that in a malicious way.

However, the definition of air-gap usually refers to something not being physically connected (with a cable), so in that case you could call NFC and even Bluetooth wallets (which we all know is a bad idea, right) 'air-gapped'. It's tricky and I think you will never find a common ground with NVK, but I say: let the market decide.

I think that adding two closed source secure elements in hardware wallet is not very smart, or should I say it's stupid decision.
NVK and Coldcard developers are going full crazy mode, first they removed reference about using original Trezor code they forked, than they made up their own changed license and they fake call it ''open source'' that is actually not,
and now they are adding one more trust layer with additional secure element from different manufacturer  
It's worse than Ledger is doing and they are going in opposite direction of open source, plus addition of NFC is making their hardware wallet NOT air-gapped device anymore.
I would much rather use old laptop with Tails OS than Coldcard Mk4 at this point.
Deal with it NVK. it's the truth and everyone knows it.

They don't give you any choice if they enabled NFC by default.
I can also disable and remove wi-fi in my laptop but it's not because developers made that available, and 99% won't ever do that.
Point is that with NFC Coldcard is not airgapped anymore.
Open Source
Airgapped
Whats next? Maybe going full closed source...

Don't worry, you won't damage a PCB trace using a plastic microSD card, in my opinion. You really need to put a knife to it.
Not sure about the design choice either; seems a very odd place to put such 'fuse'. Only idea that comes to mind is that you may be able to scrape it without opening the device up; though it seems to me ColdCard is easy to open anyway.

Look at comments to the tweet. It's really funny that this little tiny scrap point that provides NFC functionality locates near an SD card slot. That means you can destroy it simply by accident by carelessly inserting your SD card. The developers seem to be telling you that you should make a choice between the two methods of air-gapped communication. You either use NFC functionality or SD card, but not both at the same time because the usage of the latter will likely result in crippling the former. Honestly, I can't think of any other reason why they made that design choice. It seems that developers don't care much about NFC itself, they are just following market trends, which is why they add features the market desires. If users started to destroy NFC chips for whatever reason, the developers are gonna be happy anyway since it would make their devices even more secure.

Me too, I think the first time I see this! The concept is not new though: when setting up multisig with multiple hardware wallets, it's often recommended to use different wallets with different secure elements, since this is usually the only component not open source, so the one point that requires some trust. The trust is reduced though if ordering from different vendors, different factories and different production locations.
Hence I like having a wallet from the U.S., as well as something from Europe as an example!

@HCP here is some more information and first look from the inside of the new Coldcard Mk4 hardware wallet ontheir  coinkite substack page.
You also have the answer to your question about shipping, they say it will be handled later when the device is ready for sending.

Coldcard Mk4 (announced in 2022)


https://coinkite.substack.com/p/coldcard-mk4-early-bird-reservation

And this is how ColdCard Mk3 looks from the inside, so we can notice some major design changes on PCB.
I was surprised when I found out that you can even purchase old and now insecure Coldcard Mk2 wallet on some websites like blockstream store for $99, and it's in stock  
https://store.blockstream.com/product/coldcard-mk2/

Coldcard Mk3 (announced in 2019)


Coldcard Mk2 (insecure because of old secure element ATECC508A)



Coldcard Mk1 (announced in 2017)

That's a little annoying if they're going to ask for shipping later... I suppose that one could reasonably expect the costs to be the same as for the current shipping on the Mk3, but you never really know. Especially given that there is no firm shipping dates as yet.

I've dropped a question in their Telegram channel to seek clarification, hopefully I get a reply before the $40 discount disappears.


EDIT: they have indeed confirmed that all you are paying for is reserving a device... so you will need to pay an additional amount for shipping when the device is ready to ship.

This is only pre-order so you are just paying reservation for you Mk4 Coldcard wallet, they will probably notify you with email when shipping is ready and if you need to pay more for that.
At the moment free shipping option is only available if you spend $390 or more on Coinkite products, and I doubt they will send it for for worldwide, maybe it will be available for Canada and United States.
After adding five Coldcard Mk4 wallets in my Cart I got free delivery option for my order, but I won't complete that order.

I see people already complaining about NFC, so NKV is saying they can disable it manually by just scraping that little gold trace:
https://twitter.com/nvk/status/1436367391991242754

I'm a little confused by the pre-order. It gives me the option to pay, but there doesn't seem to be any shipping costs. So, is that part of the pre-order deal that you get free shipping as well? Or are they going to come back in the future and ask for further payment for shipping?

If I try to purchase a Mk3, it gives me 3 different options (postal, Fedex or DHL)... but in the Mk4 pre-order, it skips over the shipping options straight to the payment option?

EDIT:
And sadly, it looks like the 5% off for BTC payment doesn't work with the pre-order:


Nothing subtracted and the amount of bitcoin it is asking for works out to US$109 (according to preev)

That is one very sweet price with a nice discount EARLY-BIRD $40 Off and I think that you can get 5% more discount if you pay with Bitcoin, but this reservation price offer is available only for one day I think.
I see they did some small redesign, buttons are now not all rounded, type C connector, better processor, more RAM, controversial NFC added, and I first time I see any hardware wallet with two secure elements.
Screen looks a bit bigger and more clear to to me, plastic is less blurry and probably with better quality.
This also means that support for MK3 and older versions will not last for very long, but they say that production of MK3 will not stop yet.
I am interested to see how this new version compares in real life with MK3 and other airgap wallets like Keystone.
If you need to buy Bitcoin only hardware wallet this would be a better option than ledger or trezor, but I still prefer if they revert back to open source license (NVK can you hear me? )

So the Mk4 is now available for preorder at a lower price then the Mk3 from coldcard:


Link to preorder: https://store.coinkite.com/store/coldcard
Link to blurb about it: https://coldcard.com/docs/coldcard-mk4

I do like the 2x secure elements idea if it means that parts of the encrypted data are in 2 different locations with 2 different chips allowing for a bit more security.

-Dave

I agree with you that camera + qr codes are safer option than using sd cards (that can be removed and replaced), but only if those codes can be verified easy.
If qr codes are done like in case of Safepal hardware wallet than you can't verify anything and you don't know exactly what you are transacting.
Keystone wallet is doing this the right way with open source, and I think it's similar with Passport wallet, maybe you can confirm that n0nce.

There are much better ways to spend than messing with phones all the time, but I am not saying they are not useful and can be used even for bitcointak forum.
We made smartphones something like out third arm extension, and I saw people getting super scared when thinking they lost their smartphone, like their all life is located in that device.

---

Back on ColdCard topic, looks like they are preparing some new product called Coinkite cards (TapSigner, SatsCard), they should be cheap and multisig.
Maybe this will be competition for Satochip/Satodime or Tangem NFC cards, and they will probably launch this together with new ColdCard Mk4 wallet.
I just love new stuff coming out in HW world


https://coinkite.cards/

About the highlighted part: I actually think by now, that camera / QR code communication is one of the most secure ways, probably even better than moving an SD card around. The reason is that an SD card is pretty much the easiest thing for a PC virus to manipulate as soon as you plug it in. Every program on a computer has access to external media, in 99% of cases (also the case with SD-card based hardware wallets), while it's harder to tap into an open 'camera session' - even more so when using sandboxed mobile apps, which is probably the most common use case with such a device.

So it may actually be more secure to add a camera and remove the SD card ability than the other way around. Of course, the Passport has both so my argument doesn't really hold here, except if you just don't use the SD card feature altogether.

I want to point out here that I'm not a total fan of the Passport, it's just my only camera-capable hardware wallet at the moment. In fact, I would highly advise not (!!!) to buy one at the moment, at least not the first version, mostly because of the insanely fast battery drain problematic. I feel like I need to quickly finish my review, but it will all make more sense once you guys will read it.

Since we're already super off-topic anyway, here another topic idea: people who already tried or plan on trying to 'go back' to kind of pre-smartphone time. What I mean is: it should be pretty obvious that you lose tons of time on a smartphone daily; even though a few things are quicker / save time, most people spend a lot of time on them which could be better used. For example for educating, time with close friends and family and real hobbies. Most people don't even have a hobby these days; which is obvious if the average screen time is like 4h+ Of course for us cypherpunks it's also interesting to cut down on surveillance and data collection. But I think another thread would be cool for this topic! Might whip something up later.

Yes I know they are making additional attack vectors this way and I am not defending them, just trying to be neutral in this situation if possible, and I have bad things to say about coldcard wallet.
If we think this way than we should know that regular computers, laptops and smartphones have the biggest attack vectors from all devices, they have connections for cameras, wifi, bluetooth, internet connection, etc... even if they are airgapped.

I think that bluetooth is much more dangerous than nfc because of wider range, and it sucks that even Trezor is considering adding that in their new hardware wallet device
I probably won't ever use any hardware wallet with bluetooth or wireless connection either, but I just checked one list of hardware wallets and saw there are more of them with NFC chips:

- KeyWallet Touch
- Asamacura
- SatoChip/Satodime
- ColdLar Touch
- D'CENT Card Wallet
- KeyCard
- Sugi
- Tangem Card
- Arculus
...

You should really opt out from using smartphones and start using old mobile phones, use it only for calls, because you are increasing attack vectors a lot, and you are tracked 24/7.
I am not sure but I think that NFC technology is also found in sim cards and many other devices, so trying to escape from it is almost impossible.
I think that credit card is a kind of primitive security device, you have your PIN code and you can use it for payments or withdrawing money, it has security written all over it.
And you can't have zero attack vectors in any device, so nfc is just a less evil than other things

No, but if my Chase Visa gets compromised and someone runs up thousands of dollars in charges it's not my problem beyond making a phone call and letting them know about it. A cold card is not a credit card, it's a security device. They added something to it to make it more convenient to use. Same as the camera on the passport. The odds of either being compromised are very very very....add many more very small. But they are not zero. And you don't need it. You need a screen. You need a way to input information. That's it.

Once again IMO your views might vary.

-Dave

Now we're going to start looking like Ledger haters, but from what I've seen so far, I believe them implementing NFC would actually result in successful wormhole attempts on day one

It remains to be seen if Coinkite can provide a secure implementation, but it's true as DaveF says that it's an additional attack vector. I guess that point can be made about any wallet with more than one means of communication. In theory, having a single one is enough, right. So I would argue Passport should have no SD card slot and do only the QR codes. But sometimes you use a PC without webcam and suddenly you wish it had USB or SD card ability... ^^

I agree that cutting out unnecessary firmware code makes sense though, like removing the hidden Snake game they added, which I also provided as feedback.
I guess that I wouldn't use a wallet with Bluetooth myself though, so I may be applying double standards here, potentially accepting NFC but rejecting Bluetooth, I'm aware of that Probably it depends on your threat model and use-case and you should definitely buy a wallet that has the features you want, but still fulfilling your security requirements. Which differ per-person and per-usecase.

There is no perfect protection for any devices or technology and NFC is no different, but I think that some hardware wallets are already using NFC technology, and it was trail and tested for years with credit cards.
One thing is for sure, NFC is much more safe than bluetooth because it uses radio waves with much shorter range, and it's not broadcasting information all the time.
 
I don't think this is possible, because you are not keeping your hardware wallet in public places, and you shouldn't take it with you all the time as a keychain or around your neck.

Who is saying that you would overpay for anything?
Regular NFC cards cost only few bucks online and I don't see them breaking all the time.
I have no idea how Coldcard will implement NFC, and I am not their supporter for sure, but I am interesting to see any innovation in this space.

Did you stop using your credit cards or did you notice any major change or security issue with them since they added NFC support?
You can't even control that in your credit card, and I think hardware wallet could offer a way to turn it off if you don't want to use it.
Let's wait and see if NFC will be the thing to destroy ColdCard... oh how I wish that ledger added NFC first  

Why why why do businesses keep adding things to security devices?
Yes I like the idea of a camera or nfc or other stuff. Give me the option of buying something without it.
I don't want any way of communicating that is not needed.
It's just another point of vulnerability.
Can a camera be hacked? Probably not. Can the controller chip in the camera that talks to the rest of the device be hacked to display something other then what is there. Yes.
Can we trust NFC? To a point. Even with the antenna wire cut, is it still there as some other thing that may have a vulnerability? Yes.

-Dave

NFC wormholing and similar attack vectors are always possible on a physical level, which should be pretty obvious. However, they can be mitigated through the implementations, so we can't say that NFC per se will be secure or insecure. One such protection, which was not in place when credit cards were wormholed, is time checking. Literal 'time of flight' of the data being exchanged can indicate if the device is under attack by estimating the distance between the two devices, since the signal can't travel faster than the speed of light.

Similar attacks are possible when using QR codes as well, though obviously much harder, if possible at all without the victim noticing.

I also think that more people will be able to check that the PSBT data is legit if it's transmitted via QR code and SD, because you can literally read out and verify the SD card / scan the QR code and verify the PSBT as well. Most people don't have NFC readers however, so e.g. a malicious firmware update that leaks more data through NFC than it should (just one example) can't be spotted as easily.

It'll be much more convenient than SD card airgap, while being much more secure than wallets that use Bluetooth. However, in my opinion QR code scanning back & forth is still by far the best option. It just ticks all the boxes; while being just slightly more cumbersome than an NFC connection.
* Fast to perform
* Easy to verify data
* Air-gapped operation
* Tricky to tap into

Coinkite should have added a camera & maybe simply used Passport's open source camera code that Foundation team added, since the codebase is forked from Coldcard itself.

Do you think the hardware wallets that have NFC technology implemented are generally better than those that are doing all the airgap stuff and communications via standard SD-cards or cameras with QR-codes? Personally, I have some concerns regarding the usage of near-field communication technology because it is known to be insecure and highly vulnerable to hacks in case a hacker has gotten physical access to a hardware device. Actually, in the case of NFC, he even doesn't need to "steal" your device, because he will theoretically be able to secretly manipulate the device using his smartphone through your clothes (especially if you carry a hardware wallet in your pocket) in a crowd or on public transport.

I am wondering if it is possible to hack hardware wallets in the same way that was used to hack ATMs. https://www.wired.com/story/atm-hack-nfc-bugs-point-of-sale/

There are other questions that I have about the security of ColdCard implementation of NFC.

Why would I overpay for the NFC feature and later destroy an NFC chip?


Sending information in plain text is not what you want when dealing with hardware wallets but given that we are sending only transactions that is not a big deal. However, I am more concerned about the privacy aspect because if my phone knows that I use a hardware wallet, so will the mobile carrier and the government. I wouldn't want a totalitarian government to know that a particular citizen wants financial independence.

Why? Why do they leave users the option to send seed phrases as plain text? Hackers can take advantage of this vulnerability and steal secrets. 

This means that people should better wait if they want to purchase Coldcard hardware wallet now, current model is MK3 and I think MK4 will be released soon.
I still don't like MIT+CC license, but I think it's much better purchase than ledger nano X, if the price stays the same like now (or lower).
In addition to this I am adding one of NBK video tweets made few months ago,. showing that TXN, xpub, xpriv, PSBT, and almost everything Bitcoin related can be done with NFC:
https://twitter.com/nvk/status/1436347560042586114?s=21

...has been released recently https://raw.githubusercontent.com/Coldcard/firmware/master/docs/nfc-coldcard.md