Author

Topic: Ellipal Titan Hardware Wallet Review (Read 222 times)

legendary
Activity: 2212
Merit: 7064
January 29, 2020, 09:27:31 AM
#5
I am not the fun of Ellipal hardware wallet, and price is just to expensive.
It is advertised and luxury hardware wallet but it does not look like that to me.
legendary
Activity: 2114
Merit: 1323
Bitcoin needs you!
January 28, 2020, 02:51:36 PM
#4
I don't have one myself, and for good reason. Researchers from Ledger were able to pretty quickly break the security on it, dump the memory, and extract the private keys: https://donjon.ledger.com/Ellipal-Security/

The device is essentially a re-skinned low end Android mobile phone. There is no secure element, and the only thing protecting your private keys is your password. It has a USB connection which simply doesn't have the data pins connected. Connecting up these pins allows data access over the USB, which allows an attacker to access the bootloader, dump the flash memory, and access the encrypted private keys. Once an attacker has downloaded your encrypted private keys, they can perform a very rapid brute force attack on your password, which is (like most user-generated passwords) likely to be both short and weak. Even if you keep your device physically locked up, there is no built in software checking mechanism, so no way to confirm the device hasn't been backdoored or supply chain attacked before it reached you.

All in all, I wouldn't recommend. Not to mention that it is over 3 times more expensive than a superior Ledger product.

Thanks for the advice And quick response Smiley
Couldn’t  really find any reviews on it, so I thought that was strange ? Unfortunately, like a lot of things in the crypto space , it looks good , but no real substance.
Website looks cheap too.
Thanks again
legendary
Activity: 2268
Merit: 18771
January 28, 2020, 09:16:30 AM
#3
I don't have one myself, and for good reason. Researchers from Ledger were able to pretty quickly break the security on it, dump the memory, and extract the private keys: https://donjon.ledger.com/Ellipal-Security/

The device is essentially a re-skinned low end Android mobile phone. There is no secure element, and the only thing protecting your private keys is your password. It has a USB connection which simply doesn't have the data pins connected. Connecting up these pins allows data access over the USB, which allows an attacker to access the bootloader, dump the flash memory, and access the encrypted private keys. Once an attacker has downloaded your encrypted private keys, they can perform a very rapid brute force attack on your password, which is (like most user-generated passwords) likely to be both short and weak. Even if you keep your device physically locked up, there is no built in software checking mechanism, so no way to confirm the device hasn't been backdoored or supply chain attacked before it reached you.

All in all, I wouldn't recommend. Not to mention that it is over 3 times more expensive than a superior Ledger product.
legendary
Activity: 2114
Merit: 1323
Bitcoin needs you!
January 28, 2020, 02:38:44 AM
#2
Hi OP, thanks for this info . I’ve only just discovered these hardware wallets and was wondering if anyone has had any experience with them . Please don’t take this as a necrobump, just didn’t want to start a new thread  Smiley
full member
Activity: 208
Merit: 117
November 01, 2019, 04:27:28 PM
#1
Just covered the Ellipal Titan Hardware Wallet within this review.

https://youtu.be/LwcXiCZ92f8
Jump to: