Topic: It is NOT secure to use hardware wallets (and it never was) - page 7. (Read 2228 times)

Ledger nano is safe.

Honestly, the same could be said of almost ANY wallet... hardware, software, online...

Just because there aren't any KNOWN vulnerabilities in any given wallet... doesn't mean that their aren't ANY vulnerabilities in any given wallet. I'm also a little unsure about the claim that an attacker can extract private keys/seed from a hacked device.

Looking at the the specifics of Saleem's detailed explanation and Ledger's write up... it would seem that a "supply chain" attacker can essentially set the device to output a specific "known" seed... rather than using a random one. That's not really "extracting" seeds/private keys... as the attacker already knows what the seed is.

Saleem claims in his write up:
However, I don't actually see any "proof" of the viability of this attack... the report write up was completely focused on how he managed to trick the Secure Element into accepting his modified MCU firmware by being able to reconstruct the image of the legit firmware by taking parts from multiple sources in the device.

Was it simply because you could theoretically load a keylogger that logged all the key presses from you entering your PIN and BIP39 passphrase and possibly the seed that was displayed on the screen?


In any case, Ledger are claiming that an update to 1.4.1 prevents this attack vector as it removes the ability to load and spoof custom MCU firmware... I guess the usual disclaimers that NOTHING is 100% secure apply!

an other problem with hardware wallets is that it could be possible that user feel safe. and because of that they forget to be careful while handling with their coins. in short: hw wallets could lead to a false security.

I consider the Bitcoin Core Client is a normal hot wallet. In terms of security it is not better or worse than any other hot wallet without the full blockchain. Of course there are clients which have better security than other. but from security perspective I throw all hot wallets into the same pot.

To have a full node instead of using a SPV client is indeed better but both wallets store the private keys in a similar way so they are the same for me in this regard.

You are right that paper wallets can be encrypted, but as you also say with force from an attacker none of the available wallets/key-stores would safe your coins.

The best security is when no one knows that you own any bitcoins. And you also don't have any traces on your PC/phone which might let anyone think you have some bitcoins (like installed bitcoin clients). This could be achieved in parts with an encrypted OS running inside a virtual machine which runs the bitcoin client.

The question is always, how paranoid you wanna be to secure the bitcoins. This also depends on how much you have to secure.

Your idea to encrypt and rename the wallet.dat (security by obscurity) might only work as long as you don't need it. If you want to create a transaction from this wallet.dat you need to encrypt it and load it with the bitcoin client. And when your PC is infected with malicious software it will not help you.

Ledger Nano S has a feature to protect you against a regular robbing (like tell your private key or die).
It's called Alternative Pin or Hidden Account.

How to set up and/ or recover a hidden passphrase and alternate PIN on your Ledger Nano S?


It works like this: You you will have 2 PIN. So if someone gets inside your house and say "give me your bitcoin or die" you can unlock just the basic wallet with your PIN. The other one is totally hidden, only unlockable with the second PIN.

This is a feature which not many users know... But pretty useful.

In my opinion, there is nothing that is 100%  perfect in nature. As the time goes by, developments take place and this is how it leads to a better economy. So if there is a vulnerability in the hardware wallet, it will get rectified in the future developments. It is obviously not 100% secure but then it is way better than any other wallets. We can consider it as a best secure device to hold our cryptocurrencies.

I do not consider Core in a any way "most secure" in comparison with paper wallet or hardware wallets.Let's say user have Core on his PC,first he/she need to download 100+ GB of data and then encrypt wallet with strong password.If this user does not take care about online security(no or bad antivirus/firewall/antimalware...) it is very easy target for hackers(RAT,keylogger,malware,ransomware...).Also regular robbing will work in this case also,a gun pointing to your head will force you to decrypt your Core wallet or to give your paper wallet.

I think we can still consider hardware wallets pretty secure if they are ordered directly from the manufacturer what is possible with Ledger&Trezor.For now it is not known that someone has lost coins with hardware wallets(and that this is caused by security flaws in them),but there are countless examples of losing coins with almost all other methods of keeping coins.

More or less they were claiming that it's unhackable, and that's my only issue with them.
https://www.ledger.fr/2015/03/27/how-to-protect-hardware-wallets-against-tampering/


This claim was proven false now.

Nevertheless in my opinion I still think a hardware wallet is more secure than any other wallets when used safely.
Just that hardware wallets do have security issues does not make any other type of wallet which have MORE security issues suddenly better.

My ranking of wallets in terms of security would be the following

• Hardware wallets
  If you don't take them outside of your home and attacker don't get physical access they are pretty safe -> with physical access as proven now it might not be safe
• Paper wallets
  If they are kept hidden in a secret place -> but with physical access by an attacker -> no security at all.
  If people carry them around I consider them worse than any mobile wallets (they do at least have a pin to secure the wallet).
• Airgapped PCs
  Pretty safe as long as an attacker don't get pyhsical access. I consider them worse than a hardware wallet because a PC/MAC/whatever even if not connected to the big world has a much bigger attack vector than a hardware wallet if getting pyhsical access.
• Any local hot wallets on PC/MAC
  With spyware or other malicious software these wallets can be easily compromised. No physical access necessary
• Any mobile wallets
  The security of such wallets is usually quite bad. Usually very short pin-codes are used to secure the wallet. As it's easy to lose them an attacker can get physical access to it.
• Online wallets where you control the private keys
• Online wallets where you don't control the private keys

Did I miss any type of wallet?

Beside of my listed ranking anyone can (and should) improve the security by combining several methods above and use multi signature addresses. In this case it is not possible to steal funds if just one of the methods is compromised.

Would be interested if someone has a different ranking than me.

This.  With the proviso that this means a dedicated machine which is never connected to a network, and has hardware capable of non-contact connections (such as wifi and bluetooth) physically removed.  I state this explicitly, for I’ve observed that many people mistakenly believe that rebooting their network machines with a live CD/USB makes for an “airgap”.

Part of the advantage of an airgap machine is that the hardware can be purchased anonymously.  For ordinary individuals, buying an inexpensive laptop (sufficient for Bitcoin, PGP, etc.) off the shelf for cash is the only practical means I know for precluding any chance of a targeted supply-chain attack.  Wherefore this part of the Ledger vulnerability disclosure blog post caught my attention (boldface is in the original):


Well, that was always my biggest problem with hardware wallets!  How do I get one?

A company garners my distrust when it not only fails to adequately address this question, but gives its customers advice so irresponsible as to verge on negligence (archive.is link corrected to https):


Do they claim their hardware to be unhackable!?

The first rule of computer security is physical security.  If an attacker comes into physical possession of your hardware, then you must thence permanently consider that hardware to be compromised.

My understanding of tamper-resistant hardware wallets was always that they would resist extraction of keymat already stored on the device—backward-looking protection of data at rest.  Not that they would guarantee forward safety of the device after it had been in possession of an adversary.

An airgap PC with properly⁰ encrypted disks will also protect your coins against thieves who steal the device—but with the difficulty that this only moves the key management problem from one place to another:  How do you secure your disk encryption keys?  Tamper-resistant hardware could be quite helpful here; I’ve had some relevant thoughts, but of course, that would require obtaining uncompromised tamper-resistant hardware.

(Of course, an airgap PC which has been stolen and recovered must be treated as permanently compromised.)

---

0. Don’t get me started.

It's worth noting that paper wallets have also been seen to have defects, and those have been corrected, and modern paper wallets are more secure than early ones were.

Yes, and that was irresponsible marketing. Most security-minded people know better than to blindly trust software/hardware just because it hasn't been broken yet. I believe exploits will continue to emerge when it comes to hardware wallets. Accordingly, users should tread with caution.

As for what I recommend -- traditional cold storage for most coins:


How about an air-gapped PC? Or an encrypted wallet on thumb drive? One of the points here is that nobody should be storing all (or most) of their coins in the same wallet they regularly spend from.

I still think hardware wallets are fine for day-to-day spending. But I would treat them like a hot wallet and be on the lookout for social engineering tactics.

Yeah, this is the problem with posts like this, spreading fud and misinformation about hardwallets......  that wasn't any critical bug, as the attacker need physical access..... But New comers may not understand that clearly enough and think web wallets are safer...

Web wallets are much worse. Just use Bitcoin Core, or other similar software. Web wallets have many more attack vectors than local software.

I was amazed by this news, I thought that hardware wallets are top secure for saving our bitcoins, Indeed, I thought to buy one in the future, but after reading this PDF. I will keep my bitcoin in some web wallets as I don't have too much, in the same time, I will search for the secure wallet from now on.

I think that hardware wallets happen to be very much so in the spotlight right now. Let's not forget that there was also an Electrum vulnerability found and patched recently. I believe that part of this has to do with how long hardware wallets have existed compared to their software counterparts, and how much time people have spent researching them.

Personally, I trust hardware wallets more than software wallets still. I'm not sure they're inherently insecure, but I don't believe they're perfect either. I think as far as security versus convenience, they rank pretty high up there on my list.

Yes, I think hardware wallets are indeed inherently insecure, just like any SPV wallet. I also call every cryptocurrency exchange inherently insecure even though it might not have been hacked until now.

I don't know how you come to the conclusion, that I don't know how a computer works, but anyway ... just the knowledge about how it works, might still not be enough to trust it 100%, but I guess we have not much of choice until we see open source chip production. One good example is the latest Intel issue and I am sure there will be more to follow. Btw I have addressed this one already a few postings before in this topic:





I didn't say 'closed source OS' but 'closed source computers'. No problem. Misreading can happen.

Just because there are vulnerabilities found does not mean that they are inherently insecure. Do you say the same things about software wallets too (many of which have had vulnerabilities found and patched, just like with these hardware wallets)? Do you say the same thing about the general purpose computer you use which you don't even know how it works? Every piece of software and many pieces of hardware will have some vulnerability found in them; given enough time, it's almost inevitable.

That's slightly misleading. This 15 year old has dedicated a lot of time into working on hardware wallets, particularly in their firmware. He's been involved in numerous other vulnerability discoveries in the past with Trezors (and possibly Ledgers). The kid is very smart, probably smarter than you when it comes to hardware wallets. He's not just some random 15 year old who found this; he actually dedicated a lot of time into learning about how hardware wallets work and has been working with them for years.

I don't think you understand what an evil maid attack is. It is, by definition, a physical access attack. You need to have physical access to the device in order to perform any of the known vulnerabilities (which have since been patched). An evil maid attack means literally that someone (like a maid) enters your room physically and does something malicious to a device (hence an evil maid).

Vulnerabilities take time to fix and release. They can't just publish that there is a vulnerability or details about the vulnerability before a fix is available. It probably took them 4 months to figure out a solution. Also, Ledger can't force users to update, and there has been plenty of alerting (which, by the way, also cannot be forced).

There's a hardware and software attestation process that you can go through to ensure that your Ledger has not been tampered with.

https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/
Scroll down to "Disclosure timeline"

What is the source for the 4 months? As far as i know this has been fixed pretty fast..




You don't have to trust anyone. You can verify everything yourself (hardware + firmware).
The ledger team has published a guide: https://support.ledgerwallet.com/hc/en-us/articles/115005321449-How-to-verify-the-security-integrity-of-my-Nano-S-




You don't have to use a closed source OS. You have decided for yourself to use closed source software.
Everyone is free to use the software he wants. There are a lot of open source linux distributions available on the internet.

That's why it's called the evil maid, we can call it dishonest butler, sneaky plumber, corrupt cable tech.
Whatever. WE are human, we make mistakes, you left it siting next to your PC for whatever reason instead of putting it away. Under 3 minutes and a netbook. That's all they need.

They actually did not



And I think that set me off more then anything. They badmouthed other places for saying that their taper tape was worthless, while putting out a product that a 15 year old (yes a very smart one) cracked by himself.

Beyond this, I am dropping out of this thread. I doubt either one of us is going to change the others mind.

-Dave