It would be enough to have hardware access to your computer used. That's more than enough to compromise your wallet and to exfiltrate the secret data even without network access.
That is fascinating. How can an affected host (presumably a persistent attack) get USB live OS sessions exposed? Can you elaborate more or paste some pointers?
I looked into HW wallet before I rolled my sleeves on EROAS. There were a couple of things that stopped me from going down that path:
- Most of them use PC to upgraded the wallet firmware. That is my biggest concern. If you leave a door, hacker can and will get in. And the wallet software is squarely targeted.
- A lot of them (majority?) don't open source the software and hardware, which makes biz sense but makes me nervous
- Just wanted some fun in hacking
BTW, thanks for pointing out the typos. Really appreciate it.