Topic: [Official Thread] Case - Multi-Signature Hardware Wallet - page 2. (Read 4464 times)

Yes I am in a similar situation. I attempt to update it, but it refuses. I was hoping last night it was due to a large load so many upgrading and all, but seems not.

I am getting more and more concerned as the issues continue and the lack of a true 2 of 3 multisig is used. I say lack of a true 2 of 3 because without case servers you really only have 1 key. There is no way to currently get a key off a device or use it in any useful format without the case servers.

Steve, I noticed that there is no way to check the bitcoin balance in a user's Case account from the device, and that is really needed. Hard to make payments if you do not know what your balance is on the go. Is a firmware update needed to add that option to the home screen?

The first firmware update seems to have been release, but I can't get my unit to update for the life of me.  It recognizes there's an update and will initiate the process, but keeps shutting off during the update process and tries to restart the process when it powers up again.  I remember reading something earlier about issues with firmware updates in areas with low GSM signal so I tried bringing it to work where my phone usually gets 4 or 5 bars.  The update process bar gets around 20% through and the system seems to shut off suddenly with no activity after letting it sit for 20 minutes or so.

Not sure if you saw the recent email, but there was an email saying they encountered a small hardware flaw and were working to fix it. Anyone with a unit already with get a software fix to fix the issue

Case seems to be having problems getting units shipped out in a timely fashion. We pre-ordered in May as soon as the product was offered for sale on the website, still have not received ours. Paid for, mind you, not a review sample. Jake Day reported in his review video that the charging pad was overheating perhaps they have halted shipping until an alternate charger is sourced.

Update: received our Case wallet and there is now no problem with overheating of the wireless charger.

That's about Ledger Nano/HW.1 (that you can verify with your own set of tests against its deterministic specification), not Case.

Also getting source code for an hardware product doesn't mean much if you're not able to validate which source code said hardware product is running in the field.

Just found relevant thread on reddit: https://www.reddit.com/r/Bitcoin/comments/3mhe5p/case_wallet_teardown/.

"As we are using secure elements, we are bound by NDA to not reveal the chip's APIs (this is part of the current security by obscurity model of this kind of architecture). Therefore we cannot publish our source code, nor could you compile yourself anyway, by lack of tools.
The attestation being embedded in our firmware, it is therefore not open source either."

There will be no source code for this device, because of NDAs.
Requires a lot of trust in the unknowns (people and code).
 

Very informative.
There are several hardware weaknesses in this wallet that can enable the remote attacker to do anything he wants on the device.

1. GSM chip (GE866) can run python scripts, receive over-the-air commands and firmware updates.
    The detailed documentation is available on the manufacture site.
    For the price of 45$ anyone can buy it and practice hacking before moving to the actual wallets. Then all devices are compromised - after they have been delivered.
    Actually, what prevents someone in the manufacturing and delivery chain to change the firmware and deliver "Trojan horse" to the end customer?
    How do we know it has not been done already in the first shipped batch?

2. Crypto controller receives firmware updates over-the-air by GSM chip.
    What prevents a remote attacker from uploading other firmware directly to the device? Or from the local cache in the GSM modem?
 
3. Third result in google:  http://freescale-crack.blogspot.co.il/2014/03/stm32f437-code-extraction.html
    Ready reverse for the specific ARM controller used in this device, just like for many other parts.
    The obscurity of the code is no protection.
    (There was a promise a few months ago to release the source code for the device. Is it available for review?)

The motivation is high and the attack development price is low with ready solutions, all in SW and with remote access.
These are just a few vulnerabilities from looking at the teardown pics.
The claim for no single point of failure is accurate - there are multiple points of failure.
In this case, ease-of-use focus probably compromised basic function of the hardware wallet - ultimate security of the private key.

Got mine too. Its nice, and works out of the box, but a few smaller features are missing. For example resetting the device/wiping it, message signature signing, and pin authorization instead of or with fingerprint scan. Id also like to see raw transaction signing happen.

http://www.stellaw.info/blog/2015/9/26/case-wallet-teardown

Anybody received one of these yet and give a review?

ok, so you do have an external connection. Also why is the transaction not broadcasted directly, since the device has everything to sign it ?


Batteries have a limited lifespan, especially very flat batteries, which are most of the time freshly out of R&D.


sorry, I'm even more confused now. If I lose the device, how am I going to use it to restore ? And if you can provide a backup device, does that mean that the fingerprint registration is done on Case server ?

After scanning a QR code, you are prompted to validate the transaction by swiping your finger, and the desired amount of bitcoin are sent to their intended recipient. The transaction is sent from the device to our server, and then is posted to be verified.

The battery is not replaced, it is wirelessly charged. Case will incorporate the QI Inductive Charging Standard.

If you lose your actual device, Case will send you a restoration device to transfer your Bitcoin off of the lost hardware. This will allow you to restore your lost bitcoin from the old hardware.

how do you send transactions then ? also how do you perform firmware updates ?


can you change the battery ?


Also I'm not sure I'm getting the multisig model - if it's 2 of 3, when you lose the device, do you recover your funds through your fingerprint and the vault key ? meaning that your fingerprint is stored on some cloud service somewhere ?

Right to the point! Case is a multi-signature hierarchical deterministic Bitcoin wallet.

Our device authenticates transactions by three different factors:

• Possession: Things only the user has (Example: Credit Cards)
• Inherence: Things only the user is (Example: Bio-metrics)
• Knowledge: Things only the user knows (Example: Passwords)

Our multi-factor authentication model:

• Possession: The device has one embedded private key to confirm transactions.
• Inherence: Your fingerprint is encrypted and confirmed with your transaction to act as the second key.
• Knowledge: The third key is stored offline in a vault. This is only accessed if you lose your device.

Our mission is to provide an easy to use Bitcoin wallet, without compromising security. By design, Case has no single point of failure. There are no external connections and the device is sealed during manufacturing. No additional computer software or app required. Transparency of your wallet address means you control your Bitcoin directly.

How to use Case in a transaction:

• Pressing the ฿ button powers on Case
• The small camera on the back detects QR codes you wish to scan
• Swipe to confirm the transaction details on the display

The Price is approximately $200.

How much is the price?
And how does it work?

Verifying this thread by posting on our old account. Hope this clears any confusion moving forward!

http://i300.photobucket.com/albums/nn18/stevedunkel/case_zpsiyfdribo.png

Exciting updates are happening at Case Wallet! Last week, we officially changed our name from CryptoLabs to Case Wallet Inc.

We remain focused on our main mission of providing the world's most secure and easy-to-use bitcoin wallet. Our last thread is a few months old, and we wanted to provide you with the latest updates throughout our launch phase. Here are some highlights of what makes Case unique from other Hardware Bitcoin Wallets:

• GSM Enabled with built in Multi-IMSI SIM Cards
• Works in over 60 Countries at Launch: No Monthly Fee
• Bio-metrically Enabled: The template is encrypted and stored on the device
• Multi-signature authentication
• 3 Steps to complete a transaction: Click, Scan, Swipe
• Portable: Size of a Credit Card

We look forward to sharing our passion of Bitcoin with the community. Blog posts in the coming weeks will discuss a wide array of Bitcoin topics. We are excited to hear what interests you! Feel free to post comments and questions. We appreciate input from our followers.

Steve Dunkel
Media Coordinator Case Wallet Inc.

Website:
www.choosecase.com

Screenshots:
http://i300.photobucket.com/albums/nn18/stevedunkel/laptop_composite_1920_saturated_60_zpsdhhfzi0e.jpg

http://choosecase.com/images/case_render.jpg

http://choosecase.com/images/case_breadboard.jpg