Topic: I am panicking (Read 285 times)

There are professional data erasure degaussers which are certified for proper and permanent data erasure, but you don't want to pay for those. As far as I see it, they work also well for current technology hard drives and other magnetic storage media.

An example (I have no affiliation with them): https://www.pro-device.com/en/degaussers/


Modern hard drives with coated glass platters (check hardware specs!) are even easier to destroy. Just use a nail gun or hammer and a few nails. Very unlikely to be able to reconstruct the glass shards/splinters afterwards. I doubt even that from significantly deformed aluminum platters enough data could be extracted.

There is no way you could do this unless you are using really old hard drives or magnetic tapes for storing data, and if you use several strong industrial grade magnets for this purpose.
I don't think that modern SSD are affected by magnets, but you can use metal shredders or anything else that recycles electronics.

They don't need physical access to your device if they have control over servers that distribute firmware, that all devices need to download and install.
Speaking about that, everyone should know that ledger is doing something similar with ledger live app having no signatures to verify.
ledger co-founder aka reddit moderator btchip is aware of this problem, and they are migrating to new github repo:
https://www.reddit.com/r/ledgerwallet/comments/voodkd/ledger_live_2431_and_no_signatures_to_verify/

There's no way around non-volatile memory if you want the wallet to be more than a pure 'signer' which requires the user to input the seed every time they start it up.

The firmware file (compiled binary) can be downloaded from the manufacturer's website wherever you find your firmware upgrades.
Attacks don't have to be physical. Leaked or reversed source code can help you find bugs that can be exploited with or without hardware access. But generally it's easier to attack these devices if you do have hardware access; that's what they're ultimately made for.

That's what I thought, but I would only be making assumptions about the hardware configuration, not my area of expertise.  I guess from a manufacturing perspective it wouldn't make sense to use non-volatile storage when volatile storage would do what you want without having to bother programming piece of code to get it done.  Not to mention that any difference in price between the two is likely negligible considering how little capacity is needed.



Open source software, thanks for the correction.



Now that's scary.  Assuming the device wasn't compromised along the supply chain, one would still need physical access to the device to attack it this way, correct?

He could have reverse engineered the code and found that part, especially when comparing various different firmware versions. It stood out because it was removed in the very next update, so he would have noticed it when bindiffing those versions, as well. Definitely harder than just reading plaintext code, but noticeable especially in the binary diff.
In general, open source just makes it so much easier to spot something like that even from static code analysis and to fix it early. As evidenced by this very case, where the vulnerability was fixed many years ago. It's possible that other wallets which are not open-source do still have such vulnerabilities, because people are less likely to go through binary firmware updates and check those than to just read the code alterations on GitHub (except if they're paid a lot of money by a legitimate or illegitimate customer).

Three problems with this approach. First, most modern hard drives are well protected against magnetic fields. You can't just grab a magnet off your fridge and wave it around. You would need particularly strong magnets which most people don't have access to, and even then, you probably need to disassemble the drive first. Second, you don't know if it's worked. Maybe you manage to corrupt enough of the hard drive that it seems dead when you connect it up, but someone with more advanced hardware than you could still recover data from it. Third, things like flash drives and SSDs do not store data magnetically at all, and most people probably don't know the difference. Such drives would be unaffected by a magnetic field unless you were also to move the drive or the magnetic field fast enough to induce a powerful enough electrical current to wipe the data.

In short, you'd be safer physically destroying the drive.

What about running a big magnet over the hard drive? Wouldn't that irreversibly delete everything on it and even break the whole disk?

Not the hardware part, but the open-source software made the attack easier. If you remember the video, Joe mentions that the seed appeared on the screen at one point, but he didn't pay attention to it because he didn't believe it was right. He was trying to do something else at the time. He then tried to recreate it and have the seed pop up again, but he couldn't. He then started going through the source code and found the part where it explains how the seed and PIN are moved to RAM on power up. Without the open nature of the software code, who knows if he would ever have made that discovery or find it by accident. 

Except in the case when those devices are using non-persistent storage like it's the case with SeedSigner and Krux, nothing is stored on devices and you can't extract anything once you turn power off from device.
Downside is that you have to import seed each time you power on your device, but that is quick enough with QR code scanning.
As for passphrases, I would argue that you shouldn't keep them in the exact same place with your seed words, because that would make them almost pointless, but keeping them in different safe location is very important.

There's a hardware difference between volatile memory and non-volatile memory. You can't really make something that has the properties of non-volatile memory, but if chosen can lose the data like a piece of volatile memory does.

From what I can tell from the video, that's not what makes the wallet vulnerable. Kingpin did use the firmware source code (software!) to identify a flaw. To identify that there's a point in time where the secure memory is transferred to secure memory.
He then introduced a voltage glitch with a variety of offsets from the device boot, and let it run until it 'hit' the right spot and could freeze it in just the right moment & read out the seed.
Being open-source hardware didn't really make this attack easier, since such a 'brute-force' approach will work with other wallets too, if they have such a flaw in the source code.

Even worse, if you own a device whose firmware source code is closed, someone could gain access to the code by bribing a developer or reverse engineering a firmware file; use it for evil and nobody would be notified about it.

Passphrases are a whole new topic we can discuss somewhere else, but they have their downsides. For example, if not backed up with your seed, there could be all sorts of issues when you (or someone else) will need to restore the seed.
In general, if your hardware wallet falls into a thief's hands, you should just consider the seed compromised and quickly move the funds. Any security measures like secure element and PIN are simply ways to buy time.

Than just throw it in volcano, melted lava, or metal factory if you live near one of those, or use good old fire to destroy it, but I don't think we need to be that much paranoid, unless you are holding Satoshi's coins.
This just reminded me on something we all saw in movie Terminator 2 ending scene  
Here available in 4K 3D Remastered video:


https://www.youtube.com/watch?v=cmmbBo8RYoE
 
RAM should be deleted when power is turned off, so in theory you should be fine, unless there are some flaws in memory design.
Bigger problem with Coldcard and other hardware wallets is their main microchip that many times showed issues in past, and you don't know what's happening inside that little thing.
After they added two closed source secure elements they only made things more complicated, not safer in my opinion.

This topic is closely related to something that's been occupying my mind lately.  I recently bought a ColdCard, and I've spent a few hours tinkering with it before I christen it "The Hardware Wallet."  One of the things about the ColdCard that I like (it's a Mk4, btw,) is that it has a small amount of storage that can be mounted when plugged into a computer's USB port.  The storage can be used to transfer wallet files to the PC after generating them in the cold card.  When the ColdCard is unplugged all the data that was stored in said mount is automatically erased.

What I'm wondering, is if the data is just merely erased, or is completely purged?  I doubt it's overwritten, but since it appears to be RAM is it completely unrecoverable when it loses power?  The device also erases any Bip39 passphrase that's been entered when it's logged off or disconnected from power.  I wonder how secure the device's memory features are.

---

As for BitcoinGirl.Club's panic attack; The Trezor and it's clones have open source hardware, which is partially why they are vulnerable to this attack vector, but the risk can largely be mitigated by adding a Bip39 passphrase to your hardware wallet.  This is especially important for the Trezor wallets, and any that use their source code.  Even if the hacker is able to steal your hardware, and break into it to extract your seed phrase, there's no way for him to get to your funds if they are locked behind a strong passphrase.  I certainly wouldn't consider this a cure, more like buying you a little bit of extra time to create a new seed and transfer all the funds.

I use passphrases on all my hardware wallets now, even if they are not vulnerable to the attack vector demonstrated in that video.

Instead of a hammer, I'd use an angle grinder. But even then it's theoretically still possible to find back some bits. It just became a lot harder.

Even with full disk encryption, I still wouldn't send it for warranty.

For more paranoid confidence and peace of mind, you can "format" a broken hdd with a regular hammer, as already suggested above. It is desirable to "format" the physical disk itself (a metal plate inside the hdd), because even from broken hhd, in some cases (when the disk is not damaged), it is theoretically possible to recover information.

After that, you can safely throw such a hdd into the trash without fear that someone will find it and restore your data from it.

How about installing encrypted version linux/ubuntu on hdd, which will also make it impossible to restore the old data?

Usually, when a drive breaks, format isn't possible anymore. If it still works I'd overwrite it a few times.

Returning your hard drive to the manufacturer (even after formatting the disk) under warranty with your seed-pharse is the last thing. Therefore, when choosing a hard drive to work with crypto, it is preferable to buy more reliable devices, despite the fact that they will be more expensive. So it will be possible to at least reduce the likelihood of a hard drive disk failure, and in this case it is better to forget about the warranty.

Precisely, it can be used as spare parts in the event of a breakdown of the same device model. For some manufacturers, hardware device breakdowns have already become normal.

It's also worth mentioning this is a device without secure chip and one of the world's best hardware hackers still spent 3 months on it. I don't think anyone should 'panic' because of that. Especially if you're in physical control of your hardware wallet.

The video of the Trezor seed extraction doesn't really have anything to do with the questions you asked.
That hack was only possible because the owner of the Trezor still had an old firmware installed on his device. That old firmware had a vulnerability where the PIN and seed were loaded into the RAM. What Joe did was find a way to access this information to get to the seed. Since that loading of sensitive information into RAM does no longer happen with the newer firmware versions, the same type of attack would no longer work. But the chip could potentially be vulnerable to other manipulations. Kraken and Ledger hacked the Trezor as well.  

It took a hardware hacker 3 months to extract the seed. It's safe to say, that it isn't something that too many people could do. I would still not be interested in giving away or selling my used hardware wallet.  

In theory, if the device does get hacked though and memory is restored, the privacy of the previous owner would be broken. For sure regarding previous transactions and potentially for future transactions, for instance if the user didn't mix their coins in the transfer from the old to the new wallet.

It's (very) old news and we talked about it before, and I honestly don't understand why would you panic about something that was fixed long time ago.
I guess this is how sensation video marketing works... getting you with your emotions.

Simple. Just sell it without hard drive, and you can do whatever you want with it.
You can do secure SSD deletion (encryption is created) of hard drive letter, that makes it almost impossible to recover data after that.

It's not safe to give anyone used hardware wallet, but you can do simple thing again, send all your coins to different wallet/device  and reset your hardware wallet.
Never again use seed words from previous hardware wallet.
If you want to be sure burn your seed words, use hammer to destroy your hardware wallet, and use hypnosis to forget everything.

Not if you watched that video like he did  
He made everything look so complicated, along with self-advertisement.

I would absolutely do that. There's no real point importing an old device's seed, in my opinion. Especially if you're worried about the integrity and secrecy of the old seed.