Pages:
Author

Topic: [NOW AVAILABLE] BTChip / Ledger HW1 : Bitcoin Hardware Wallet in a USB smartcard - page 12. (Read 62567 times)

hero member
Activity: 692
Merit: 500
Are we supposed to have received email confirmation for a completed order ? I made payment 7 days ago, and never received email confirmation. I made payment with electrum immediately, before the countdown timer expired. The browser screen never updated to say payment confirmed.

I don't have a screenshot of that browser window, I don't have a transaction ID and you use some strange BitID without the manual login option so I cannot BitID login from my address to check the order.
hero member
Activity: 623
Merit: 500
CTO, Ledger
Firmware version 1.4.11 is now available, with quite impressive speed optimizations - upgrade now @ https://firmwareupdate.hardwarewallet.com
hero member
Activity: 623
Merit: 500
CTO, Ledger
yes I already shipped it. Of course you'll only pay once, I won't charge you for supporting my trial & error scheme Smiley
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
Still hasn't received my BTCChip. Sad Any idea WHY? Was there any technical issues on the service you used to ship? OR will it receive soon? I had hope that it will but now it is approximately 1 month, my hope has gone. I have no complains on this company. Take that 0.05 BTC as my donation. Grin Smiley Best Of Luck!

  ~~MZ~~

yeah, I'm afraid it looks like I'm beta testing the post office delivery to non European / US countries. I'll resend it tomorrow using a different service, sorry for the delay.


So haven't you sent it? According to earlier post you said, it was shipped, so if you ship again and somehow both arrives, then won't you lose some money? Should I need to pay again if both arrives? Huh Smiley

  ~~MZ~~
hero member
Activity: 623
Merit: 500
CTO, Ledger
Still hasn't received my BTCChip. Sad Any idea WHY? Was there any technical issues on the service you used to ship? OR will it receive soon? I had hope that it will but now it is approximately 1 month, my hope has gone. I have no complains on this company. Take that 0.05 BTC as my donation. Grin Smiley Best Of Luck!

  ~~MZ~~

yeah, I'm afraid it looks like I'm beta testing the post office delivery to non European / US countries. I'll resend it tomorrow using a different service, sorry for the delay.
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
Still hasn't received my BTCChip. Sad Any idea WHY? Was there any technical issues on the service you used to ship? OR will it receive soon? I had hope that it will but now it is approximately 1 month, my hope has gone. I have no complains on this company. Take that 0.05 BTC as my donation. Grin Smiley Best Of Luck!

  ~~MZ~~
hero member
Activity: 623
Merit: 500
CTO, Ledger
[ Reposting some comments from the Trezor thread, somewhat edited ]

thanks !

If you are using someone else's computer, it may easily have a hacked OS.  Ditto if the malware was installed in your computer by someone hacking into it with root access.  

The Trezor seems to protect against that risk, since the transaction details are displayed on the Trezor's screen and confirmed there.

similar thing here with the keyboard second factor

(Neither device will protect against the user copying or scanning the wrong payment address from merchant's homepage that was hacked --- at the server, by IP/URL spoofing, or by a compromised browser.  For that, the user must be careful to get the address from a secure source that cannot be easily hacked.)

End (server)-to-end (device) BIP 70 will protect against that in the future, providing the trusted CA list is sane - not going to be implementing it in the current device though.

I am not clear yet on how BTCchip works, but if one computer in such a place is compromised, there is a high chance that all of them are.  Especially if (a) the computer was compromised specifically to steal bitcoins from BTCchips (which is the assumption), or (b) the hacker may be an employee of the place.

Computers would have to be all infected and act together in order to exploit both the main client and the client displaying the second factor - highly unlikely in my opinion.

If a chip-enabled credit/debit card gets stolen, the owner should worry that the PIN was captured visually (by a camera or person looking over his shoulder) or by a physically hacked CC reader at some store.

If a BTCchip gets stolen, the owner should worry that the PIN may have been captured visually as he typed it on the computer's keyboard, OR by a keylogger in the computer.   The latter is much more likely to occur than a hacked CC reader.

If a Trezor gets stolen, the owner should worry only if there is a chance that the PIN scramble matrix was captured visually from the Trezor screen.  Malware alone cannot capture the Trezor PIN.

A thief getting access to both the chip and the PIN is not a realistic threat in my opinion as well.

General comment:

Stealing bitcoins by hacking may become a big issue, if it is not already.  Hardware wallets like Trezor and BTCchip surely improve the security, but substantial risk will remain.  Malicious hackers will be strongly motivated to use all their ingenuity to overcome the device's protections.  

sure, security is about balancing risks / convenience / protection / cost, as always.

Bitcoin theft seems more tempting than credit/debit card theft, for several reasons.  For one thing, bitcoin transactions are instantaneous (even though confirmation may take 10 minutes on average) and final.  Even if the victim uses Trezor or BTCchip, if the device is stolen after the thief got the PIN, the coins will probably be gone before the user gets the chance to move them, and they cannot be recovered (unless the thief is caught and convinced to return them).   In comparison, when someone's credit/debit card is stolen, the owner can call the company to cancel it, and there is a good chance that it will be canceled before the thief has a chance to get value out of the card.  Moreover, the bitcoin network provides no anti-theft barriers: no one will call the victim to confirm a transaction that moves a million BTC from his account to someone else's account.  

Even if if the probability of success of some hacking attack mode is 0.1% or less, the per-target cost of such an attack is small, thousands of computers can be hacked automatically, and the payoff from one successful attemp may be quite substantial.  See that Australian guy who was recently hacked out of 750 BTC, almost 300'000 USD. Note that the malware may be programmed to act only if the wallet has a large enough sum.  

I have a different opinion about that - credit/debit card theft today comes mostly from exploitation of different security levels (copy the magnetic track of a chip card, clone it and use it in a country not using chip cards), or identity theft (order a real fake card from stolen credentials). Recovering from such thefts which cannot be identified easily before they happen takes quite a long time (talking about months here).

With Bitcoin everyone plays on the same security level (which is already a nice improvement), and you can already have a second factor confirmation in multisignature wallets (GreenAddress is a good example - confirming each transaction using SMS to a feature phone is quite nice, even without a hardware wallet)

I do not expect that the manufacturers of hardware wallets will go out of their way to warn users of these remaining risks.

I believe that the threat matrix should be clearly provided so that people can know what they're buying

The bitcoin media and the community should do that.

I'd actually feel better if an independent security audit group was formed to specifically do that. That would keep the signal to noise ratio higher.

However, manufacturers should put clear disclaimers in their warranties and ads, so that they are not blamed if bitcoins are stolen from clients.

Quote from: our terms and conditions that nobody reads anyway
No warranty claim can be placed for an amount greater than the price paid in Euros for the product –
the Buyer acknowledges that while the best care has been applied to design a product suitable to
store crypto currency assets securely, no warranty is made by the Seller that the product is free from
software or hardware defects that could cause a loss of a part or the full assets stored on the
products. The Buyer is advised to keep a safe backup of each asset stored in the product.

good enough ?
hero member
Activity: 910
Merit: 1003
[ Reposting some comments from the Trezor thread, somewhat edited ]

1.) [ The BTCchip]  has no screen but offers a "hardened mode" which requires you to plug it into another computer (or the same one). It will emulate a keyboard and tell you the transaction info and a one-time PIN which you'll have to enter after re-plugging again into the main computer with the wallet. It's way less elegant than trezor in this regard, but this protects against malware sneaking in attackers address.
If you plug it into the same computer, which is compromised, the malware could intercept the keyboard signals coming from the device and replace the transaction details shown to the user, while retaining the PIN.  Or is there a protection against that?
How could there even be a protection against that ? It just raises the malware complexity from an application malware to a full OS compromise.

If you are using someone else's computer, it may easily have a hacked OS.  Ditto if the malware was installed in your computer by someone hacking into it with root access. 

The Trezor seems to protect against that risk, since the transaction details are displayed on the Trezor's screen and confirmed there.

(Neither device will protect against the user copying or scanning the wrong payment address from merchant's homepage that was hacked --- at the server, by IP/URL spoofing, or by a compromised browser.  For that, the user must be careful to get the address from a secure source that cannot be easily hacked.)

Hardware wallets are supposed to be most useful when one is traveling and must use a computer provided by the local shop, hotel, guide, cybercafe, etc..  In those scenarios, there is the possiility that the PC has malicious hardware as well as malicious software, that the devce will be stolen after the use, and that there are hidden cameras watching over the user's shoulder.   One should make sure that they are safe in that scenario.
Then just use the next computer sitting nearby to view the second factor. Works well in a cybercafe and a hotel.

I am not clear yet on how BTCchip works, but if one computer in such a place is compromised, there is a high chance that all of them are.  Especially if (a) the computer was compromised specifically to steal bitcoins from BTCchips (which is the assumption), or (b) the hacker may be an employee of the place.

2.) The device requires the user to enter a PIN. If entered wrongly 3 times, device will delete wallet info.
I understand that it is a fixed PIN that must be entered in "non-hardened mode", or before starting the "hardened mode" procedure; correct?  In that case, if malware on the computer captures that PIN, and the device is stolen some time later, would that captured PIN enable the thief to use the device?
yes, the PIN is not an anti malware protection, it's an anti theft protection.

If a chip-enabled credit/debit card gets stolen, the owner should worry that the PIN was captured visually (by a camera or person looking over his shoulder) or by a physically hacked CC reader at some store.

If a BTCchip gets stolen, the owner should worry that the PIN may have been captured visually as he typed it on the computer's keyboard, OR by a keylogger in the computer.   The latter is much more likely to occur than a hacked CC reader.

If a Trezor gets stolen, the owner should worry only if there is a chance that the PIN scramble matrix was captured visually from the Trezor screen.  Malware alone cannot capture the Trezor PIN.

General comment:

Stealing bitcoins by hacking may become a big issue, if it is not already.  Hardware wallets like Trezor and BTCchip surely improve the security, but substantial risk will remain.  Malicious hackers will be strongly motivated to use all their ingenuity to overcome the device's protections. 

Bitcoin theft seems more tempting than credit/debit card theft, for several reasons.  For one thing, bitcoin transactions are instantaneous (even though confirmation may take 10 minutes on average) and final.  Even if the victim uses Trezor or BTCchip, if the device is stolen after the thief got the PIN, the coins will probably be gone before the user gets the chance to move them, and they cannot be recovered (unless the thief is caught and convinced to return them).   In comparison, when someone's credit/debit card is stolen, the owner can call the company to cancel it, and there is a good chance that it will be canceled before the thief has a chance to get value out of the card.  Moreover, the bitcoin network provides no anti-theft barriers: no one will call the victim to confirm a transaction that moves a million BTC from his account to someone else's account. 

Even if if the probability of success of some hacking attack mode is 0.1% or less, the per-target cost of such an attack is small, thousands of computers can be hacked automatically, and the payoff from one successful attemp may be quite substantial.  See that Australian guy who was recently hacked out of 750 BTC, almost 300'000 USD. Note that the malware may be programmed to act only if the wallet has a large enough sum. 

I do not expect that the manufacturers of hardware wallets will go out of their way to warn users of these remaining risks.   The bitcoin media and the community should do that.  However, manufacturers should put clear disclaimers in their warranties and ads, so that they are not blamed if bitcoins are stolen from clients.
hero member
Activity: 623
Merit: 500
CTO, Ledger
I've received my btchip too!

Yeah, a bit complicated.  Need more reading.

we have new videos that might be helpful re GreenAddress setup @ https://hardwarewallet.com/software.html
full member
Activity: 215
Merit: 100
I've received my btchip too!

Yeah, a bit complicated.  Need more reading.
hero member
Activity: 623
Merit: 500
CTO, Ledger
Kick ass! Read half of your post and had to comment  Smiley

(goes back reading...)

same here, a bit complicated.
(goes back reading...)

good luck, don't forget that everything past the first part of the first post is a bit outdated. Also, videos are coming really soon now Smiley
member
Activity: 98
Merit: 10
Kick ass! Read half of your post and had to comment  Smiley

(goes back reading...)

same here, a bit complicated.
(goes back reading...)
hero member
Activity: 623
Merit: 500
CTO, Ledger
I only know that it'll happen shortly. Talking about weeks now, I won't say 2 for obvious reasons  Grin
legendary
Activity: 942
Merit: 1026
when is expected to come out an app out of chrome working with btchip?
i think electrum is expected soon

It's done already, just not released yet, but it works if you get it from github.
Do you know the date when this final version of electrum will be released?
hero member
Activity: 623
Merit: 500
CTO, Ledger
sure, it shipped last wednesday 17
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
When I checked the order, it is saying 'Product shipped without tracking' , so does that it is shipped? So when was it shipped? I just want to know, so that I can calculate ETA. Thanks! Smiley

  ~~MZ~~
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
It is telling that order is expired even after sending BTC. Embarrassed Huh Can you tell me why it is showing like that? Is it because of the confirmation? Will it be okay after it get some confirmations? Order reference : 06e84be6-4dfc-454f-8f8f-6be1f368f521 . TX : 0fa9d42f3704b22796cd7c494d0dfa4de236f401de5b9fbc1cb26049ba0e2013. Thanks!

  ~~MZ~~

yes, that transaction seems weird. Was it "pushed" by blockchain.info ? It seems that's the only reference seeing it.

Nope. Sorry, I was off for some days. I checked it just now.

Summary:
Size   438 (bytes)
Received Time   2014-09-15 17:50:20
Included In Blocks   320943 (2014-09-16 09:33:48 +943 minutes)
Confirmations   939 Confirmations

P.S. I saw your PM. Thanks. I hope I will get it. Smiley You really are doing a good job. Smiley

  ~~MZ~~
hero member
Activity: 623
Merit: 500
CTO, Ledger
full member
Activity: 238
Merit: 100
Thanks vitruvio and btchip.
hero member
Activity: 623
Merit: 500
CTO, Ledger
Can someone explain to me how this improves the security of GreenAddress. As I am new to BTChip and GreenAddress.

Process to use GreenAddress/BTChip
a) The GreenAddress seed is generated on the live machine.
b) I store a backup of the seed and notedown PIN
c) A copy of the seed is written to the BTChip
d) BTChip is able to sign transactions
e) However, the GreenAddress login can easily be done using the PIN. (without the need for a seed or BTChip). So, I assume the Green address seed is being stored somewhere on my PC.
f) Even if you were to use the BTChip for login. The mnemonic can be easily accessed from the Green address GUI, once the login is accomplished. If it can be accessed using the GUI, I assume the malware can access it as well.

e) the PIN is disabled if you create the account when using the card - and you can delete the PIN if you decide to onboard an existing account into the card, which solves the problem.

f) that part might be a bit confusing - you see the mnemonic on wallet creation, because it's not disabled right away, but you won't see it if you log in using BTChip after that.

Then you can login with the btchip, if you lose the btchip you will lose all of course, for me it's easier to lose the btchip with my car keys than to lose a seed phase written in a paper and stored properly.

I'm not sure I get what you mean here - that might be because I don't drive, but you keep a seed backup in any case (whether the seed is generated by the GreenAddress client during setup, or generated by the dongle), that you can use if you lose the card - the point is that you never have to type the seed or the PIN into a potentially vulnerable computer again to log in or move funds.

Nobody explain it but I think this works that way, if I'm wrong please correct me show me a user manual and then I won't have to suppose how.

the user manual is a bit lagging behind, we'll update the FAQ with specific BTChip security details soon
Pages:
Jump to: