Can hardware wallets suffer from ransomware?

[cellard]

I usually don't really recommend hardware wallets, and prefer a general purpose linux laptop for offline storage, because carrying something that screams "there are bitcoin inside this device" is in my opinion a stupid idea.

But I thought about it... can hardware wallets get encrypted by ransomware? even if your linux airgapped laptop is offline, if you are incredibly lucky you could insert an USB or DVD which injects ransomware on your computer. Could then a hardware wallet isolate you from that in all cases, or there are some at least theoretical ways to get inside the device with some malware?

[TryNinja]

I don't think that's possible. And even if it was, having the backup seed is everything you need to recover the coins.

Trezor for example:

Trezor is a relatively simple, specialized hardware device. It does not run any OS, just a small program specifically developed for signing Bitcoin transactions and managing the keys. Thus, the attack surface is very small compared to conventional general-purpose computers. You can say it's practically impossible to infect it.

Security is a much more complicated area though and I wouldn't say it's impossible unless I can formally prove it. It is however the safest device I know of (but this is subjective).

https://bitcoin.stackexchange.com/questions/31983/what-is-it-about-a-trezor-that-means-it-cant-be-infected-by-malware/31988#31988

[ovcijisir]

It's possible if the ransomware/malware creator find bug in hardware wallet firmware/application or try to use known bug on older firmware/application firmware such as "physical memory access issue in TREZOR".
But this require users to do some specific actions in very specific condition and i doubt the ransomware/malware creator would bother implant something that difficult since user simply can recover their bitcoin with seed with other wallet, so i think you don't need to worry about it.

I agree: in worst case scenario user can lose just hardware part of the wallet, but can easily make new wallet with seed of the wallet.

[hatshepsut93]

I usually don't really recommend hardware wallets, and prefer a general purpose linux laptop for offline storage, because carrying something that screams "there are bitcoin inside this device" is in my opinion a stupid idea.

But I thought about it... can hardware wallets get encrypted by ransomware? even if your linux airgapped laptop is offline, if you are incredibly lucky you could insert an USB or DVD which injects ransomware on your computer. Could then a hardware wallet isolate you from that in all cases, or there are some at least theoretical ways to get inside the device with some malware?

Hardware wallets are meant to be very secure, so if it will happen to be vulnerable to ransomware, it would mean that there's some critical security bug and it's also vulnerable to other threats. But both hardware and software wallets should have mnemonic backup phrases, because you shouldn't rely on digital stores like hard drives and flash drives as your only backup method - ransomware, hardware failures, and other risks are always present.
Hardware wallets are popular because most people don't know how to make airgapped cold storage or don't want to bother with it, or it's simply cheaper to buy a hardware wallet than getting a dedicated PC/laptop for it.

[achow101]

But I thought about it... can hardware wallets get encrypted by ransomware?

No.

Hardware wallets ONLY execute things from their firmware; you cannot get a hardware wallet to execute arbitrary code (barring some major vulnerability). Furthermore, hardware wallets are not just generic storage devices, so a computer infected with malware can't read or write arbitrary data to a hardware wallet as it would with any normal storage device.

Some hardware wallets (like the Ledger Nano S) have apps that can be loaded onto the device to run things. If the app were malicious, maybe it could do something which is like ransomeware. However apps are isolated within the device itself (at least for the Ledgers) and don't have access to read and write arbitrary data to and from the devices internal memory (barring some vulnerability).

or there are some at least theoretical ways to get inside the device with some malware?

In theory, if the user is incredibly stupid, some malware could flash a new firmware to the device (which requires the user to push physical buttons on the device itself in order for a new firmware to be flashed) which then results in the stored seed being stolen. In practice, no, there isn't.

[Kakmakr]

The Ransomware will target the software on the browser side or the proprietary software that you need on the computer side to manage your coins. The device on it's own is relatively secure, but that will not help, if you want to access the wallet from the software.

I think this is one of the reasons why hardware manufacturers are moving away from browser plugins and developing their own software to access these devices.

The people behind the Ransomeware is very clever and they will just encrypt all the code on the computer side or they will use a man-in-the-middle attack like they did with Ledger.

[Lucius]

No.

Hardware wallets ONLY execute things from their firmware; you cannot get a hardware wallet to execute arbitrary code (barring some major vulnerability). Furthermore, hardware wallets are not just generic storage devices, so a computer infected with malware can't read or write arbitrary data to a hardware wallet as it would with any normal storage device.

I have to admit I was wondering if anything like this is possible with hardware wallets,but since users have seed the problem could easily be resolved just by reset device and type seed again.This is good info for anyone who is in fear of ransomware.

I think this is one of the reasons why hardware manufacturers are moving away from browser plugins and developing their own software to access these devices.

I think the main reason is in fact that Chrome announced they will not support apps in the near future,and this is force Ledger&Trezor to accelerate their work on new desktop&mobile app.One thing I did not like when I bought Ledger Nano S was a user interface through Chrome apps.

[gentlemand]

Some hardware wallets (like the Ledger Nano S) have apps that can be loaded onto the device to run things. If the app were malicious, maybe it could do something which is like ransomeware. However apps are isolated within the device itself (at least for the Ledgers) and don't have access to read and write arbitrary data to and from the devices internal memory (barring some vulnerability).

Ledger have doubled down on telling people they need to verify everything on device. Anything their computer is showing them via the apps could be compromised.

[wilwxk]

I agree with the ideia of the hardware wallet is just a gadget with a tag of "there is bitcoins", but talking about the security of the hardware i think the worst problem are not the external attacks of hackers breaking the firmware and stoling the bitcoin, I think the problem is with the trust of the companies which sell these wallets, most of the avaliable wallets in the market are not open-hardware and doesnt have the firmware open for the public, there is only apps which the public can help to develop.

[Rath_]

I agree with the ideia of the hardware wallet is just a gadget with a tag of "there is bitcoins", but talking about the security of the hardware i think the worst problem are not the external attacks of hackers breaking the firmware and stoling the bitcoin, I think the problem is with the trust of the companies which sell these wallets, most of the avaliable wallets in the market are not open-hardware and doesnt have the firmware open for the public, there is only apps which the public can help to develop.

Technically, the same thing could happen to your trusted software such as Armory, Electrum or Bitcoin Core. Not so long time ago, there was a critical vulnerability in Electrum which allowed to steal your wallet using JavaScript. It shouldn't be a problem on air-gapped laptop but still there are probably more bugs that we do not know about.

Furthermore, hardware wallets are not just generic storage devices, so a computer infected with malware can't read or write arbitrary data to a hardware wallet as it would with any normal storage device.

I'm quite interested how TREZOR will handle it. TREZOR T has a micro SD card slot which could be used for something malicious. Right now, it is only used for updating the bootloader at startup. Encrypted storage was also mentioned but I guess it will be separated from the rest of software and hardware.

[gentlemand]

I'm quite interested how TREZOR will handle it. TREZOR T has a micro SD card slot which could be used for something malicious. Right now, it is only used for updating the bootloader at startup. Encrypted storage was also mentioned but I guess it will be separated from the rest of software and hardware.

I've already seen people moaning about the Trezor T. I wonder whether there's any balance between new bells and whistles weakening security. I really hope they're not compromising on anything to look more futuristic to their customers. I'll assume they know what they're doing.

[Rath_]

I've already seen people moaning about the Trezor T. I wonder whether there's any balance between new bells and whistles weakening security. I really hope they're not compromising on anything to look more futuristic to their customers. I'll assume they know what they're doing.

I received my TREZOR T a few days ago and I didn't have any problems with it. However, I heard that some people had problem with installing their bridge which is needed for communication between TREZOR and their website. A few first devices were also shipped with outdated bootloader, but it is fairly easy to update it, it took me about 5 minutes. There are only a few thousand of TREZOR T devices, I was aware of potential problems while I was ordering the pre-order. Also, it is worth mentioning that they had to write its software from the scratch. They still have plenty of time before they start regular sale (expected Q2 2018).