I am not the fun of Ellipal hardware wallet, and price is just to expensive.
It is advertised and luxury hardware wallet but it does not look like that to me.
Topic: Ellipal Titan Hardware Wallet Review (Read 210 times)
I don't have one myself, and for good reason. Researchers from Ledger were able to pretty quickly break the security on it, dump the memory, and extract the private keys: https://donjon.ledger.com/Ellipal-Security/
The device is essentially a re-skinned low end Android mobile phone. There is no secure element, and the only thing protecting your private keys is your password. It has a USB connection which simply doesn't have the data pins connected. Connecting up these pins allows data access over the USB, which allows an attacker to access the bootloader, dump the flash memory, and access the encrypted private keys. Once an attacker has downloaded your encrypted private keys, they can perform a very rapid brute force attack on your password, which is (like most user-generated passwords) likely to be both short and weak. Even if you keep your device physically locked up, there is no built in software checking mechanism, so no way to confirm the device hasn't been backdoored or supply chain attacked before it reached you.
All in all, I wouldn't recommend. Not to mention that it is over 3 times more expensive than a superior Ledger product.
The device is essentially a re-skinned low end Android mobile phone. There is no secure element, and the only thing protecting your private keys is your password. It has a USB connection which simply doesn't have the data pins connected. Connecting up these pins allows data access over the USB, which allows an attacker to access the bootloader, dump the flash memory, and access the encrypted private keys. Once an attacker has downloaded your encrypted private keys, they can perform a very rapid brute force attack on your password, which is (like most user-generated passwords) likely to be both short and weak. Even if you keep your device physically locked up, there is no built in software checking mechanism, so no way to confirm the device hasn't been backdoored or supply chain attacked before it reached you.
All in all, I wouldn't recommend. Not to mention that it is over 3 times more expensive than a superior Ledger product.
Thanks for the advice And quick response
Couldn’t really find any reviews on it, so I thought that was strange ? Unfortunately, like a lot of things in the crypto space , it looks good , but no real substance.
Website looks cheap too.
Thanks again
I don't have one myself, and for good reason. Researchers from Ledger were able to pretty quickly break the security on it, dump the memory, and extract the private keys: https://donjon.ledger.com/Ellipal-Security/
The device is essentially a re-skinned low end Android mobile phone. There is no secure element, and the only thing protecting your private keys is your password. It has a USB connection which simply doesn't have the data pins connected. Connecting up these pins allows data access over the USB, which allows an attacker to access the bootloader, dump the flash memory, and access the encrypted private keys. Once an attacker has downloaded your encrypted private keys, they can perform a very rapid brute force attack on your password, which is (like most user-generated passwords) likely to be both short and weak. Even if you keep your device physically locked up, there is no built in software checking mechanism, so no way to confirm the device hasn't been backdoored or supply chain attacked before it reached you.
All in all, I wouldn't recommend. Not to mention that it is over 3 times more expensive than a superior Ledger product.
The device is essentially a re-skinned low end Android mobile phone. There is no secure element, and the only thing protecting your private keys is your password. It has a USB connection which simply doesn't have the data pins connected. Connecting up these pins allows data access over the USB, which allows an attacker to access the bootloader, dump the flash memory, and access the encrypted private keys. Once an attacker has downloaded your encrypted private keys, they can perform a very rapid brute force attack on your password, which is (like most user-generated passwords) likely to be both short and weak. Even if you keep your device physically locked up, there is no built in software checking mechanism, so no way to confirm the device hasn't been backdoored or supply chain attacked before it reached you.
All in all, I wouldn't recommend. Not to mention that it is over 3 times more expensive than a superior Ledger product.
Hi OP, thanks for this info . I’ve only just discovered these hardware wallets and was wondering if anyone has had any experience with them . Please don’t take this as a necrobump, just didn’t want to start a new thread
Jump to: