Pages:
Author

Topic: Firmware Upgrades for Hardware wallets their weakness? - page 2. (Read 466 times)

hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
What happens when Ledger or any hardware manufacturer goes bankrupt and exploits are found and the developers are not there to plug the holes? (Export seed to Electrum?)

Nothing lasts forever, so one should not expect Ledger to always exist. In the event that Ledger stops supporting its devices, anyone who doesn't feel safe will look for an alternative.
Yes; you just get a new device and transfer the coins. You can also just trash the old device and import your backed-up seed into a new wallet. I recently thought about this and maybe it helps people think of hardware wallets a bit differently: think of the device mostly as a signer. Don't rely on it not breaking, not getting lost or not ceasing to turn on, to be able to access your coins; instead, rely on your seed backup(s) and use the device as a convenient way to utilize said seed in everyday scenarios.
legendary
Activity: 3108
Merit: 5364
Fortis Fortuna Adiuvat⚔️
I'd say Ledger is already the most "idiot proof" hardware wallet we have right now...

I agree that it can't be simpler than the current process (although I may be wrong), especially if I remember what it was like in the past when some people needed hours (or even days) to complete the firmware upgrade. Some people are quite afraid of this procedure for fear that something will go wrong and that they will lose their coins, although because of such things we have a backup.



What happens when Ledger or any hardware manufacturer goes bankrupt and exploits are found and the developers are not there to plug the holes? (Export seed to Electrum?)

Nothing lasts forever, so one should not expect Ledger to always exist. In the event that Ledger stops supporting its devices, anyone who doesn't feel safe will look for an alternative.
mk4
legendary
Activity: 2716
Merit: 3816
🪸 NotYourKeys.org 🪸
What can be done to improve the firmware upgrade for these devices ...to make it "Idiot Proof" ? What happens when Ledger or any hardware manufacturer goes bankrupt and exploits are found and the developers are not there to plug the holes? (Export seed to Electrum?)

I'd say Ledger is already the most "idiot proof" hardware wallet we have right now, with Trezor coming in at a close second. Instead of working to make updating a bit more easier, they should probably just focus on removing unnecessary bloat on the Ledger Live software because it's slowly but surely getting slower and clunkier as time goes.
legendary
Activity: 2128
Merit: 6871
But the fact that you do get upgrades is definitely not a weakness; actually, I'd stop using a hardware wallet if the manufacturer drops support and stops working on the code, looking for bugs and fixing them, as well as fixing reported bugs and vulnerabilities. Providing software upgrades that keep the device secure and state-of-the art is essential to make sure your funds are secure against the latest attacks and exploits.
Unless they are only making more mess with new upgrades by adding new worthless shitcoin support that only make upgrade bigger in size and more buggy in time.
I would understand if they are doing this for bitcoin only firmware, but you won't have so much updates with this, except maybe Taproot support or something like that.
There is also a danger of bricking your device during hardware wallet, and I saw several reports that this happened to ledger wallet owners.
legendary
Activity: 1750
Merit: 1271
keep walking, Johnnie
Do you think constant Firmware upgrades on hardware wallets are their weakness? I have gone through some firmware upgrades for some hardware wallets (Ledger) and I have to say for someone with good technical knowledge, it was not a good experience.
Yes I think it's a big weakness, especially if hardware wallet firmware is closed source like in case with ledger devices.
In this case you would need to fully trust developers to be honest, and won't make any mistakes that could allow hackers to steal your coins.
With open source wallets you can always verify the changes, and other developers can do the same reporting some potential issues on time.
Perhaps this is a big weakness, but for the average user (most of them will be) it doesn't matter if the source code is open or closed, because he will not be able to read the code or changes to it. In the case of a closed source code, you will have to trust hardware wallet developers, and if the source code is open, then you need to trust independent developers and enthusiasts who check the code and changes. In both cases, ordinary users are forced to believe completely strangers. I think it looks like a religion. There, too, "users" can't check anything themselves and they can only "believe" in one or another confession.

Another important fact. People who buy HWs want to make a minimum of gestures: they bought a device, threw crypto into it, and use this device as needed. Will most of them follow the news and technical blogs where independent developers will post their research into the open source of HW? Even if a vulnerability is found in the code, such users will be the last to know about it after a long time, if at all they become aware of what happened. Until the balance on their device is reset. Therefore, I assume that from the position of an ordinary user, it doesn't matter to him which code is open or closed.

They are more interested in HW appearance and the impact of advertising.
legendary
Activity: 2716
Merit: 7007
Farewell, Leo. You will be missed!
if however you have open source and a verifiable build, that provably comes from the supplied codebase, it reduces such risk.
Good choice of words. I am glad you used that construction because that's exactly the way it is. Someone else might have said that if you use open-source software with verifiable builds, there is no risk or you are absolutely safe due to the publicly available code.

The more popular the wallet is, the more user it has, and the more security experts verify every single piece of code, the lower is the possibility that the developers would get away with trying to introduce a backdoor or other type of vulnerability. Or if they just overlooked something by mistake which could have negative consequences. On the other hand, if the wallet is unpopular, it might take weeks or even months before someone discovered that something is off with the most recent update.     
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
You could phrase it like this: 'the fact that hardware wallets need to be kept up to date can be considered a systemic weakness [compared to a system that is cryptographically secure like an offline-generated cold storage seed with passphrase]'.

But the fact that you do get upgrades is definitely not a weakness; actually, I'd stop using a hardware wallet if the manufacturer drops support and stops working on the code, looking for bugs and fixing them, as well as fixing reported bugs and vulnerabilities. Providing software upgrades that keep the device secure and state-of-the art is essential to make sure your funds are secure against the latest attacks and exploits.

However, there remains the risk of malicious firmware update binaries and closed-source or non-reproducible builds. This allows the manufacturer or a middleman to give you a malicious (e.g. deanonymizing) firmware without you noticing; if however you have open source and a verifiable build, that provably comes from the supplied codebase, it reduces such risk.

Regarding usability for newbies, as was mentioned before, hardware wallets as a whole have come a long way. You also get clear and concise instructions from the manufacturer on how to verify the hash and signature of the image file. Reboots and complicated keypress combinations aren't needed on the last few devices I've come across. Passport, for instance, just requires you to put the file on a supplied microSD card and plug it into the device.
legendary
Activity: 3206
Merit: 2904
Block halving is coming.
Exactly. The newest Ledger Nano S firmware is 2.1.0 if I remember correctly. It introduces the needed support and necessities for Taproot. Other than that, it doesn't fix anything urgent or improve the user experience. Unless you want to use Taproot addresses with your Ledger HW, you don't need to perform the upgrade. It also decreases the already very limited internal storage of the device.   

Actually, it's not always good to upgrade the ledger firmware from time to time if it's not needed unless you need the additional feature or if it's related to a vulnerability issues you should upgrade it to fix those issues.
 
Sometimes hardware wallets can be soft bricked after upgrading I heard many times on some people out there happen to them and only a few people fixed their hardware wallet.
legendary
Activity: 2128
Merit: 6871
Do you think constant Firmware upgrades on hardware wallets are their weakness? I have gone through some firmware upgrades for some hardware wallets (Ledger) and I have to say for someone with good technical knowledge, it was not a good experience.
Yes I think it's a big weakness, especially if hardware wallet firmware is closed source like in case with ledger devices.
In this case you would need to fully trust developers to be honest, and won't make any mistakes that could allow hackers to steal your coins.
With open source wallets you can always verify the changes, and other developers can do the same reporting some potential issues on time.

The normal handling of the hardware wallet and the software is not that technical, but still a daunting task for people that are not that technical. (Thinking about the transition from the Ledger browser plugin for Chrome ..to the Ledger App) 
I don't think ledger browser extension is working anymore, but they desktop app is also bad and having lot of issues with showing incorrect balances.
You can however use third party open source wallets like Electrum with ledger, to make things a bit easier.

What can be done to improve the firmware upgrade for these devices ...to make it "Idiot Proof" ? What happens when Ledger or any hardware manufacturer goes bankrupt and exploits are found and the developers are not there to plug the holes? (Export seed to Electrum?)
You can't do anything with black boxes like ledger, but you can change hardware wallet and get one that is open source like Passport, Bitbox, Keystone or Trezor.
Alternative option is to make your own DIY signing device like SeedSigner using general hardware like Raspberry PI Zero.
legendary
Activity: 2716
Merit: 7007
Farewell, Leo. You will be missed!
Another thing to keep in mind that unless the firmware fixes some glaring vulnerability or adds a feature you must have, then you can probably skip doing them.
Exactly. The newest Ledger Nano S firmware is 2.1.0 if I remember correctly. It introduces the needed support and necessities for Taproot. Other than that, it doesn't fix anything urgent or improve the user experience. Unless you want to use Taproot addresses with your Ledger HW, you don't need to perform the upgrade. It also decreases the already very limited internal storage of the device.   
legendary
Activity: 3388
Merit: 6072
Crypto Swap Exchange
ColdCard feels to me to be idiot proof, but there will always be someone who can come along and screw up a process that should be impossible to screw up.
Pmalek is correct in the fact that if you have your seed you should be fine. But the time and effort and stress in recovering is a thing as is the expense of buying a new wallet.

I have not heard of any failures that bricked a device but I have not looked that hard.

Another thing to keep in mind that unless the firmware fixes some glaring vulnerability or adds a feature you must have, then you can probably skip doing them.

I have 2 HW wallets, one I use for my warm funds, that one is up to date. One is for long term cold storage, not updated or plugged in for a couple of years now.

-Dave
legendary
Activity: 2716
Merit: 7007
Farewell, Leo. You will be missed!
Do you think constant Firmware upgrades on hardware wallets are their weakness? I have gone through some firmware upgrades for some hardware wallets (Ledger) and I have to say for someone with good technical knowledge, it was not a good experience.  Roll Eyes
If we are talking about Ledger, it was worse in the past, now it's easy-peasy. Everything is complete without the user having to disconnect the wallet from the USB cable. In the past, you had to press and hold the buttons, then let go of one button while you connect/disconnect.

What can be done to improve the firmware upgrade for these devices ...to make it "Idiot Proof" ?
Talking about Ledger again. I would say they already are. It's just like an installation of any other software. A few clicks on the 'Yes' and 'Next' buttons and you are done.

What happens when Ledger or any hardware manufacturer goes bankrupt and exploits are found and the developers are not there to plug the holes? (Export seed to Electrum?)
You can buy any other hardware wallet and recover your accounts from seed. If they use the same derivation paths for your coins, even better. If not, you might have to recover the seed in a software wallet to modify the derivation paths. You should of course secure your Bitcoin before you go meddling with software wallets for altcoins.
legendary
Activity: 3388
Merit: 1943
This space is availlable for advertising
Do you think constant Firmware upgrades on hardware wallets are their weakness? I have gone through some firmware upgrades for some hardware wallets (Ledger) and I have to say for someone with good technical knowledge, it was not a good experience.  Roll Eyes

The normal handling of the hardware wallet and the software is not that technical, but still a daunting task for people that are not that technical. (Thinking about the transition from the Ledger browser plugin for Chrome ..to the Ledger App)  Roll Eyes

What can be done to improve the firmware upgrade for these devices ...to make it "Idiot Proof" ? What happens when Ledger or any hardware manufacturer goes bankrupt and exploits are found and the developers are not there to plug the holes? (Export seed to Electrum?)
Pages:
Jump to: