I just came about this open source project based on SmartCard-HSM called smartbtc
smartbtc
http://smartbtc.eu/index.html
the SmartCard-HSM smartcard hardware manufacture
https://www.smartcard-hsm.com/features.html
Topic: Secure Element in Hardware Wallets - page 7. (Read 3075 times)
Added new hardware wallet Tangem with EAL6+ Samsung SecureCore microchip and like all other manufacturers they say their chip is the best 
They have open source software development kit for their android and iOS mobile devices:
https://github.com/Tangem
They have open source software development kit for their android and iOS mobile devices:
https://github.com/Tangem
Interestingly, phishing websites almost never ask you for your passphrase, only for 24 words of your seed phrase.
That could be an intentional thing. The passphrase is considered an advanced feature. That means that newbies and those that don't feel comfortable enough to experiment with passphrases most likely don't have one either. It also means that if you know what a passphrase is, and you took the little time that is needed to set one up, you are unlikely to be gullible enough to insert your seed phrase in a fake wallet.agree on this, it is for complete newbies, they could enter their seed phrase in fake wallet, if you done some research, you should probably know that you should not do that
with that said, when I created my first block.io account, I did this because BTC wallets seem so complicated to use, and web wallet was easy to use, and these days I also think that ETH and tokens have much more user friendly usage and experience in wallets (no matter type) than BTC, maybe that is due to nature of the system, or the way the BTC records transactions, but I find it really hard to call me familiar for everyday use, while for ETH the process is linear, or that is just the matter of habit
Interestingly, phishing websites almost never ask you for your passphrase, only for 24 words of your seed phrase.
That could be an intentional thing. The passphrase is considered an advanced feature. That means that newbies and those that don't feel comfortable enough to experiment with passphrases most likely don't have one either. It also means that if you know what a passphrase is, and you took the little time that is needed to set one up, you are unlikely to be gullible enough to insert your seed phrase in a fake wallet. Hard to imagine someone would enter their SEED but it happens!
Interestingly, phishing websites almost never ask you for your passphrase, only for 24 words of your seed phrase. That means if you have set up a passphrase, you will not fall victim to these scam attempts. Scammers are stupid enough not to consider additional security levels users may have. The combination of seed phrase plus passphrase will likely be more robust than secure elements plus 24 words (no passphrase) when it comes to phishing attacks. In short, secure elements don't protect against phishing, while a simple combination of passphrase and scammer's stupidity does.
HCP,
Hard to imagine someone would enter their SEED but it happens!
Hard to imagine someone would enter their SEED but it happens!
The "other guy" with a closed source controller/element has had numerous instances of theft happening with phished app's etc....
And in how many of those cases were the funds lost because the secure element was breached? HINT: zero 
In every single case, the end user broke the golden rule and entered their 24 word recovery phrase into a fake website and/or app instead of only entering it on the device itself. It could just as easily happen to someone connecting to a fake "trezor.wallet.io" website. Which has also happened before.
Secure Element or not... open source or closed source... All the "security" in the world will be useless if you simply hand over the recovery phrase.
We should not trust any devices that contain secure elements either, we can't rely on SE because the information stored in these elements can be obtained in other ways. For example, hackers don't need to get physical access to our SIM card, instead, they can easily convince mobile phone employees to clone the SIM.
That is because your SIM Card contains the information required to authenticate with the cell towers. Operators can permit an alternate SIM card to use your number but that doesn't mean that the SIM card has failed it's purpose. It's primarily purpose is to resist any bruteforce attacks to get the keys and CMIIW, most modern SIM card bricks itself during a bruteforce attacks.Our payment cards have all sensitive information written on them, which makes them vulnerable to phishing, hacking, stealing, etc. If you were to lose it or get robbed, you wouldn't rely on SE to protect your funds, you would block your card instead thus making it completely useless.
The secure element on a debit card is used to protect against cloning attacks. It is difficult to clone the chips in an EMV cards while it is easily to clone the magnetic stripe cards. The scenario that you present isn't the point of EMV cards in the first place, it's designed primarily to combat swiping attacks. When I lose my hardware wallet, I trust that the secure element can resist the attacks until I can transfer my funds out.The one time you can rely on the secure element is when the information that you need is inside the secure element itself. There is no one else to do social engineering to get the information within the SE unless the owner chooses to reveal it himself. When used properly, the secure element will not reveal the information held within and that is it's primarily purpose inside a hardware wallet, and inside a sim card, payment cards etc. For the scenario as stated, HW wallets containing SE still provides an additional layer of security.
Sure you can do that, but then you should also not trust any devices that exist today including smart phones, sim cards, SC cards, or payment cards that all have secure elements in them.
Secure elements are not exclusive only for hardware wallets.
We should not trust any devices that contain secure elements either, we can't rely on SE because the information stored in these elements can be obtained in other ways. For example, hackers don't need to get physical access to our SIM card, instead, they can easily convince mobile phone employees to clone the SIM. Our payment cards have all sensitive information written on them, which makes them vulnerable to phishing, hacking, stealing, etc. If you were to lose it or get robbed, you wouldn't rely on SE to protect your funds, you would block your card instead thus making it completely useless. Secure elements are not exclusive only for hardware wallets.
Quote
but I can achieve that with Trezor if the passphrase was used along with the seed phrase. So, I can't see a point in adding secure elements.
I sometimes feel like I must be the only active coder/user (based upon absence of others supporting the feature with their posts) that consistently uses SD encrypt. I have to add again that having my Trezors encrypted in tandem with long passwords makes them virtually unhackable using any conventional definition of the word. Plus with all that encryption I have the protection of using an open source hardware device that is visible to me. No hiding places in a chip keeps me feeling better.
~snip
I understand that there are some IP things that they might want to keep secret for as long as possible, putting time and money into R&D and such and then putting it out there so some fab in a country that does not care about IP can crank out a million units. Not good.
I also know it leads to less trust because we can't verify anything.
-Dave
I understand that there are some IP things that they might want to keep secret for as long as possible, putting time and money into R&D and such and then putting it out there so some fab in a country that does not care about IP can crank out a million units. Not good.
I also know it leads to less trust because we can't verify anything.
-Dave
it is a way of doing business, you have to sign a NDA to have access to proprietary technology
that brings us to another issue, why do we have to trust manufacturer, but trust is inevitable at some point when you are using third party provider services, and hardware wallet is a third party provider service
although it is here for 12 years, this technology is still young to change ways in technology industry, IMHO, and you have to put your trust in something, or manufacture your own hardware device
I have some questions, not a tech-savvy person, just curious.
What part of Microchip ATECC608A is open source? As far as I know, Microchip has stopped publishing datasheets for their microchips after ATECC508A version, further versions are all NDA. Can I trust these secure elements if data is no longer available for everyone to see and check? How can I be sure that governments haven't forced Microchip to implement some backdoors to steal my crypto?
Found an old topic from Trezor explaining the reasons why they don't use secure elements https://blog.trezor.io/is-banking-grade-security-good-enough-for-your-bitcoins-284065561e9b
What part of Microchip ATECC608A is open source? As far as I know, Microchip has stopped publishing datasheets for their microchips after ATECC508A version, further versions are all NDA. Can I trust these secure elements if data is no longer available for everyone to see and check? How can I be sure that governments haven't forced Microchip to implement some backdoors to steal my crypto?
Found an old topic from Trezor explaining the reasons why they don't use secure elements https://blog.trezor.io/is-banking-grade-security-good-enough-for-your-bitcoins-284065561e9b
Kind of brings up an interesting point.
If I sign the NDA I get a lot more info on how it works. But there are things I cannot talk about.
Is that good or bad?
I understand that there are some IP things that they might want to keep secret for as long as possible, putting time and money into R&D and such and then putting it out there so some fab in a country that does not care about IP can crank out a million units. Not good.
I also know it leads to less trust because we can't verify anything.
-Dave
...
Sure you can do that, but then you should also not trust any devices that exist today including smart phones, sim cards, SC cards, or payment cards that all have secure elements in them.
Secure elements are not exclusive only for hardware wallets.
They found something like that in one of the previous ledger nano x wallet exploits, that was later patched and fixed in firmware update, but they claim secure chip was not affected.
Even exposing other information like bitcoin balance and all addresses would not be considered good.
https://www.ledger.com/enhancing-the-ledger-nano-xs-security
Even exposing other information like bitcoin balance and all addresses would not be considered good.
https://www.ledger.com/enhancing-the-ledger-nano-xs-security
Either way, even if a secure element cannot be easily compromised, it will not convince me that my funds are safe, in case I lose my Ledger hardware wallet. It certainly gives me more time to move my funds somewhere else, but I can achieve that with Trezor if the passphrase was used along with the seed phrase. So, I can't see a point in adding secure elements.
First, you, anyway, can't rely on them if hackers got physical access to your hardware.
And second, unlike open-source systems, in closed-source ones, you have to trust SE manufacturers that they have not colluded with malicious third-parties.
In short, secure elements are redundancy, which makes the system less trustless and more vulnerable. That goes against the principles of bitcoin.
Additionally, secure elements that are widely used in hardware wallets usually can't handle simple peripheral tasks: you can't control buttons, you can't establish a USB connection, you can't control display functions. That is the reason why secure elements require additional microcontrollers. These microcontrollers are for general purposes, which means they are more vulnerable, and they are not secure whatsoever. If hackers somehow managed to reflash these general-purpose controllers, that would potentially allow them to retrieve sensitive information from secure elements.
They found something like that in one of the previous ledger nano x wallet exploits, that was later patched and fixed in firmware update, but they claim secure chip was not affected.
Even exposing other information like bitcoin balance and all addresses would not be considered good.
https://www.ledger.com/enhancing-the-ledger-nano-xs-security
Let me remind members here that there has NEVER been an instance of that one controller weakness "in the wild" for Trezor T's. The "other guy" with a closed source controller/element has had numerous instances of theft happening with phished app's etc....
Additionally, secure elements that are widely used in hardware wallets usually can't handle simple peripheral tasks: you can't control buttons, you can't establish a USB connection, you can't control display functions. That is the reason why secure elements require additional microcontrollers. These microcontrollers are for general purposes, which means they are more vulnerable, and they are not secure whatsoever. If hackers somehow managed to reflash these general-purpose controllers, that would potentially allow them to retrieve sensitive information from secure elements. A Raspberry Pi? Is that not just the same as storing your private key on a micro SD card?
Air gapped wallet, to be specific. I usually consider it as storing my private key on a micro SD card but with layers of encryption so that an adversary cannot crack it within a short period of time, if needed. Being able to sign the transactions offline will negate most malware attacks as the airgap will deter most malware. If not for the ease of signing, using a pen and pencil to write down the seed would have been sufficient. 
They don't want to ever change this, and that is why my open source wallets of choice would be ColdCard mk3, BitBox02 and CoboVault and not in that specific order.
I appreciate that recommendation and I found the OP here very informative, because I'm functionally computer illiterate (more or less). I love the Ledger devices, but that closed source code aspect does give me some doubts, though small ones.Never heard of the above wallets, although ColdCard does ring a bell somewhere in my noggin. I'll have to check them out.
Hardware wallets are expensive, the secure element is useful. If you want a cheaper but not as sophisticated alternative, use a RaspBerry Pi offline.
A Raspberry Pi? Is that not just the same as storing your private key on a micro SD card? 
Is it still true the trezor is not safe as i heard something like its open or closed source? Forgot which one meant safe.
Trezor is completely open source, which is good.. because the source code is open a.k.a. publicly available.
However, there is a hardware vulnerability.. Use a long and secure password and you are fine tho. It is "just" a physical attack vector which allows to extract the seed.
Someone said if someone had access to your ledger for a few minutes, they could do something to do it. Anyone can confirm this?
No.
This applies to the trezor without any password protection. That's the physical attack vector i referenced.
But one important attack vector is the online machine it is used with. While in theory there shouldn't be any way to compromise the device from an online pc, this shouldn't be completely ignored.
Especially phishing attacks can work pretty well. And a vulnerability in the microcontroller and/or secure element can make the hardware wallet insecure when used with a compromised PC (which it is made for).
This attack vector only applies to hardware wallets, but not to air-gapped wallets.
I wouldn't consider a hardware wallet as secure as an air-gapped wallet solution.
Definitely, I won't consider anything impossible when it comes to security. If the attacker can compromise the hardware wallet with a vulnerability in a secure element and without physical access, then it would be terrible. I hope that it wouldn't happen and it's probably why some hardware wallets are able to be run with an airgap as well. If that's the concern, then I guess that'll make it more equal.Especially phishing attacks can work pretty well. And a vulnerability in the microcontroller and/or secure element can make the hardware wallet insecure when used with a compromised PC (which it is made for).
This attack vector only applies to hardware wallets, but not to air-gapped wallets.
I wouldn't consider a hardware wallet as secure as an air-gapped wallet solution.
Some APTs and malwares has demonstrated their ability to jump airgaps. Definitely possible and has been done but it's quite a lot of work, would've been easier to just compromise the OS itself. What I think could be a potential concern other than the sidechannel (I've mentioned that enough and I know secp256k1 mitigates some of it), is that despite the ability to encrypt the files, which should be viewed as a workaround other than a mitigation, there isn't any way to ensure that the files cannot be extracted from the device, I believe you can clone the HDD/SD card to try it again and again. As you've mentioned, the seeds are stored within the secure element and X failed attempts would brick it and render it unrecoverable in some HW wallets.
Jump to: