It is NOT secure to use hardware wallets (and it never was)

[achow101]

I'm not objecting just confused: Is it about firmware, BIOS, fucking NVIDIA device drivers or what? We have Linux and Free BSD, don't we? Is it impossible to have Core's wallet running on top of a clean installed Linux?

I'm seriously interested in your term 'closed source computer', actually it is my main research topic for the last couple of years, I'm just wondering how deep is your interpretation of this concept and whether you have developed any idea as an alternative?

There's more to a computer than just the OS. A lot of firmware such as processor microcode are closed source. So it doesn't matter whether the OS you use is open source; if the firmware for your hardware and the hardware itself is closed source, then you are at risk of that closed source being malicious or containing something that can be exploited. One example of this is the Intel Management Engine which could allow someone to remotely access and control your computer and there's no way to disable it because it is baked into the hardware and firmware, both of which are also closed source.

[1714832168]

1714832168

[1714832168]

1714832168

[1714832168]

1714832168

[1714832168]

1714832168

[1714832168]

1714832168

[cellard]

Do they claim their hardware to be unhackable!?

More or less they were claiming that it's unhackable, and that's my only issue with them.
https://www.ledger.fr/2015/03/27/how-to-protect-hardware-wallets-against-tampering/

There is absolutely no way that an attacker could replace the firmware and make it pass attestation, without knowing the Ledger private key.

This claim was proven false now.

Nevertheless in my opinion I still think a hardware wallet is more secure than any other wallets when used safely.
Just that hardware wallets do have security issues does not make any other type of wallet which have MORE security issues suddenly better.

My ranking of wallets in terms of security would be the following

• Hardware wallets
  If you don't take them outside of your home and attacker don't get physical access they are pretty safe -> with physical access as proven now it might not be safe
• Paper wallets
  If they are kept hidden in a secret place -> but with physical access by an attacker -> no security at all.
  If people carry them around I consider them worse than any mobile wallets (they do at least have a pin to secure the wallet).
• Airgapped PCs
  Pretty safe as long as an attacker don't get pyhsical access. I consider them worse than a hardware wallet because a PC/MAC/whatever even if not connected to the big world has a much bigger attack vector than a hardware wallet if getting pyhsical access.
• Any local hot wallets on PC/MAC
  With spyware or other malicious software these wallets can be easily compromised. No physical access necessary
• Any mobile wallets
  The security of such wallets is usually quite bad. Usually very short pin-codes are used to secure the wallet. As it's easy to lose them an attacker can get physical access to it.
• Online wallets where you control the private keys
• Online wallets where you don't control the private keys

Did I miss any type of wallet?

Beside of my listed ranking anyone can (and should) improve the security by combining several methods above and use multi signature addresses. In this case it is not possible to steal funds if just one of the methods is compromised.

Would be interested if someone has a different ranking than me.

You indeed did forget the most important and still the most secure: Bitcoin Core and all the other open source software where you download the entire blockchain and where you can encrypt the wallet.

Just a few additions:

Paper Wallets can be encrypted, which makes it more secure than cash, but still is open to a regular robbing with weapon use (Tell the password or die), but the main problem I think is that it can be destroyed very easy.

An encrypted wallet.dat fie can be renamed into Michael_Jackson-Earthsong.mp3 and you carry it around (or send it around). Place another unchanged and unencrypted wallet.dat file with a low amount for plausible deniabiity. There are other plausible deniability solutions like hidden partitions etc. Multiple backups make a file pretty much undestroyable.

I never trusted hardware wallets, from my research, airgapped old laptops runnig some linux distro are the best way for cold storage. You must learn how to bring raw transactions from your airgapped computer into an online node, I haven't learned how to do this yet, I will eventually get into it. Unfortunately Core has no improved support for this like Armory does, so you must need to craft the transaction manually, presigned, then move this hash into the node to broadcast it... use a QR code or something so you can avoid USB surface attack.

You can't also leave the computer non fully encrypted. Encrypt the entire drive ideally. I haven't looked into this yet. I tested with Veracrypt before, I did it wrong and I bricked 3 HDDS on my 3 attempts, now they are useless, so beware with that. Do some testing first. I think Linux has no FDE support with Veracrypt, so you must use LUKS which is more complicated, haven't learned yet. Im not sure if dm-crypt is safe enough nowadays.

[Rath_]

I never trusted hardware wallets, from my research, airgapped old laptops runnig some linux distro are the best way for cold storage. You must learn how to bring raw transactions from your airgapped computer into an online node, I haven't learned how to do this yet, I will eventually get into it.

Hardware wallets might be not a best choice for cold storage, but they are still a good choice if you want to access your bitcoins on many different computers which might be compromised. I used to encrypt my Electrum seed using VeraCrypt but I was too scared of keyloggers and other malware. Right now I don't have to worry about it since my TREZOR has a touchscreen to input everything on the device. It is still possible that this model might get hacked anytime soon, time will show us.

[Wind_FURY]

Do they claim their hardware to be unhackable!?

More or less they were claiming that it's unhackable, and that's my only issue with them.
https://www.ledger.fr/2015/03/27/how-to-protect-hardware-wallets-against-tampering/

There is absolutely no way that an attacker could replace the firmware and make it pass attestation, without knowing the Ledger private key.

This claim was proven false now.

Nevertheless in my opinion I still think a hardware wallet is more secure than any other wallets when used safely.
Just that hardware wallets do have security issues does not make any other type of wallet which have MORE security issues suddenly better.

My ranking of wallets in terms of security would be the following

• Hardware wallets
  If you don't take them outside of your home and attacker don't get physical access they are pretty safe -> with physical access as proven now it might not be safe
• Paper wallets
  If they are kept hidden in a secret place -> but with physical access by an attacker -> no security at all.
  If people carry them around I consider them worse than any mobile wallets (they do at least have a pin to secure the wallet).
• Airgapped PCs
  Pretty safe as long as an attacker don't get pyhsical access. I consider them worse than a hardware wallet because a PC/MAC/whatever even if not connected to the big world has a much bigger attack vector than a hardware wallet if getting pyhsical access.
• Any local hot wallets on PC/MAC
  With spyware or other malicious software these wallets can be easily compromised. No physical access necessary
• Any mobile wallets
  The security of such wallets is usually quite bad. Usually very short pin-codes are used to secure the wallet. As it's easy to lose them an attacker can get physical access to it.
• Online wallets where you control the private keys
• Online wallets where you don't control the private keys

Did I miss any type of wallet?

Beside of my listed ranking anyone can (and should) improve the security by combining several methods above and use multi signature addresses. In this case it is not possible to steal funds if just one of the methods is compromised.

Would be interested if someone has a different ranking than me.

You indeed did forget the most important and still the most secure: Bitcoin Core and all the other open source software where you download the entire blockchain and where you can encrypt the wallet.

Just a few additions:

Paper Wallets can be encrypted, which makes it more secure than cash, but still is open to a regular robbing with weapon use (Tell the password or die), but the main problem I think is that it can be destroyed very easy.

An encrypted wallet.dat fie can be renamed into Michael_Jackson-Earthsong.mp3 and you carry it around (or send it around). Place another unchanged and unencrypted wallet.dat file with a low amount for plausible deniabiity. There are other plausible deniability solutions like hidden partitions etc. Multiple backups make a file pretty much undestroyable.

I never trusted hardware wallets, from my research, airgapped old laptops runnig some linux distro are the best way for cold storage. You must learn how to bring raw transactions from your airgapped computer into an online node, I haven't learned how to do this yet, I will eventually get into it. Unfortunately Core has no improved support for this like Armory does, so you must need to craft the transaction manually, presigned, then move this hash into the node to broadcast it... use a QR code or something so you can avoid USB surface attack.

Bitkey, https://bitkey.io/, has. Go to the site, click "usage" then click "coldstorage-offline". Very advisable for long term holders who have millions stored in Bitcoin.

You can't also leave the computer non fully encrypted. Encrypt the entire drive ideally. I haven't looked into this yet. I tested with Veracrypt before, I did it wrong and I bricked 3 HDDS on my 3 attempts, now they are useless, so beware with that. Do some testing first. I think Linux has no FDE support with Veracrypt, so you must use LUKS which is more complicated, haven't learned yet. Im not sure if dm-crypt is safe enough nowadays.

I believe it would be less trouble to partition /home and encrypt that in case you need to reinstall.

[aliashraf]

I'm not objecting just confused: Is it about firmware, BIOS, fucking NVIDIA device drivers or what? We have Linux and Free BSD, don't we? Is it impossible to have Core's wallet running on top of a clean installed Linux?

I'm seriously interested in your term 'closed source computer', actually it is my main research topic for the last couple of years, I'm just wondering how deep is your interpretation of this concept and whether you have developed any idea as an alternative?

There's more to a computer than just the OS. A lot of firmware such as processor microcode are closed source. So it doesn't matter whether the OS you use is open source; if the firmware for your hardware and the hardware itself is closed source, then you are at risk of that closed source being malicious or containing something that can be exploited. One example of this is the Intel Management Engine which could allow someone to remotely access and control your computer and there's no way to disable it because it is baked into the hardware and firmware, both of which are also closed source.

I know about Intel's ME, but I was just asking OP whether he is mentioning it or what?

As of Intel's ME, there are solutions to  neutralize or disable it people even suggest not to use Intel processors made since 2008 and AMDs since 2013.

But I think it is not just about foolish architectures like this and even a system built around an 'innocent' 80386 cpu is susceptible not because of its bios or any other hardware potential backdoor but for a more inherent characteristic of our contemporary technological paradigm that allows machines to be dominated by attackers without disclosure.

By 'attackers' I don't just refer to crackers or state agents I am mentioning the owners, legitimate owners as well!
Imagine some black hat cracker who goes to the market buys a laptop, installs some evil software on it, plugs it to the internet and participates maliciously in some public protocol, trying to take advantage of its security holes while it is pretending to be a fair player, it is a hijacked laptop in my terminology!

Our current state in computing technology, gives unlimited access to the owner (and the army of crackers, hardware manufacturers, state organisations, ...) to install whatever s/he wants without disclosure.

This way people have access to 'things' that can be 'anything' and pretend to be 'something' else! This is totally a mess which security experts, cryptographers, ... are trying to cover it up, both desperately and inefficiently.

[Happiest]

And here I am thinking that using a ledger ware is the best safe place to store my bitcoin as sometimes I travel a lot. I have been meaning to buy one since it's easily portable but seeing that article, I am quite confused.
I am always skeptical of storing my bitcoin in my laptops cause most times, I change laptops alot and I fear selling my used laptop to to stranger might leave a trace of my wallet.dat.  So is there any portable means of storing bitcoin that is not paper wallet?

[wansei]

I wasn't too comfortable with the hardware being "out of my control" during shipping etc., so I used other hardware wallet solution - simple, cheap/free and extremely safe:

Everyone has old unused laptops laying around. I took two laptops. On both I formatted hard drives and did clean reinstall of the system. 1 of these laptops will never be connected online, network adapters are disabled. On the other laptop, go straight to download section of electrum wallet. Download wallet and verify the authenticity. Take clean USB stick, format it and put downloaded electrum wallet there. Take the usb stick and insert it into the first laptop (the one without internet connection). Create wallet. This laptop will NEVER go online. If you are totally paranoid you can destroy the USB stick

The laptop with the internet active is used for Electrum - watch only wallet. This type of wallet has no access to your private keys, yet you can see your balances and iniciate transactions (these have to be confirmed via confirm file, created on the laptop with the original wallet).

This process should be reasonably safe.

[Rath_]

I wasn't too comfortable with the hardware being "out of my control" during shipping etc., so I used other hardware wallet solution - simple, cheap/free and extremely safe:

Everyone has old unused laptops laying around. I took two laptops. On both I formatted hard drives and did clean reinstall of the system. 1 of these laptops will never be connected online, network adapters are disabled.

I have also met with an opinion that you should use a computer which has never been connected to the Internet. I have no idea why would it be important beside potential malware being downloaded earlier. Your solution is definitely safe and recommended by many people but still, it isn't really convenient and portable. I guess it's the best choice for people who were thinking of using hardware wallets as their main "purse". I will personally stick to them since I send my coins often in many different places.

[HCP]

The important things to note from this entire episode are:

1. The recently exposed vulnerabilities in Ledger and Trezor have been patched - Update your devices!
2. NO wallet can be proven to be 100% secure and NO wallet should be treated as such
3. Despite our best efforts, there will always be a certain level of "trust" involved somewhere in the chain (hardware and/or software level)

As with a lot of things in life, it comes down to risk management and how much risk is "acceptable" in your specific situation - "Minimise the risk"™ 

[RGBKey]

The important things to note from this entire episode are:

1. The recently exposed vulnerabilities in Ledger and Trezor have been patched - Update your devices!
2. NO wallet can be proven to be 100% secure and NO wallet should be treated as such
3. Despite our best efforts, there will always be a certain level of "trust" involved somewhere in the chain (hardware and/or software level)

As with a lot of things in life, it comes down to risk management and how much risk is "acceptable" in your specific situation - "Minimise the risk"™ 

I agree with all of your points, and I personally own a ledger nano device but I also think that the Ledger team understated how vulnerable the device can be, especially once it is in the physical possession of someone else. I will probably continue to use it, as I think it's still got a very good security to usability ratio, but I think that it might have been advertised a bit as something it probably is not.

[bitmover]

I think users have far more trust in the integrity and security of the software than the coders themselves.

[Stedsm]

This shows that keeping our coins safe has been ultimately cut down to such levels where we cannot trust anything, except our own deeds.
Keeping it safe is a matter of how safe we try to keep it - IT"S US WHO WILL NEED TO PERFORM EVERYTHING IN A KNOWLEDGEABLE MANNER.
Though, never thought that hardwares could really be unsafe (Had different thoughts though, like if our PC itself has a malware in it and if we use ouor hardware in such device). I trust paper wallets only, but are they also trustworthy? As they come from these "ONLINE" websites only, so shall we trust them too? And if everything's prone to vulnerability, what should be the best place we may put our coins at?

[Rath_]

I trust paper wallets only, but are they also trustworthy? As they come from these "ONLINE" websites only, so shall we trust them too? And if everything's prone to vulnerability, what should be the best place we may put our coins at?

There shouldn't be any problems with a paper wallet as long as you generate it offline. I think there was an online generator which saved people's seeds and later stole their BTC. Extreme holder could encrypt and engrave it on something that would be fire and waterproof. That's one of the safest method if you don't plan spending your bitcoins or any other cryptocurrency for the next few years.

We have a lot of operating systems available on the Internet with different features and security measures. For example. TREZOR is open-source, this might encourage more developers, who may be concerned about security of their money, to create their own, separate version of what's supposed to run on your hardware wallet. They won't be able to fix issues connected with the hardware itself, though.

[Lucius]

This shows that keeping our coins safe has been ultimately cut down to such levels where we cannot trust anything, except our own deeds.
Keeping it safe is a matter of how safe we try to keep it - IT"S US WHO WILL NEED TO PERFORM EVERYTHING IN A KNOWLEDGEABLE MANNER.
Though, never thought that hardwares could really be unsafe (Had different thoughts though, like if our PC itself has a malware in it and if we use ouor hardware in such device). I trust paper wallets only, but are they also trustworthy? As they come from these "ONLINE" websites only, so shall we trust them too? And if everything's prone to vulnerability, what should be the best place we may put our coins at?

I think that hardware wallets are still one of the safest ways for safe storage of private keys,although from time to time a security vulnerability appears,but also very quickly after that we have update which fix the problem.This is something quite normal,not only with hardware wallets,but with any other device or operating system which exists today.

Paper wallets are good for long term storage if user is make such wallet offline in 100% clean device.But instead of paper I would always choose some more durable material such as plastic or metal.Then user just need to get private keys - engrave&save them in a safe place.To check balance it's enough to have public key so there is no need to touch "paper wallet".

[1Referee]

I think that hardware wallets are still one of the safest ways for safe storage of private keys,although from time to time a security vulnerability appears,but also very quickly after that we have update which fix the problem.This is something quite normal,not only with hardware wallets,but with any other device or operating system which exists today.

It's not normal at all. Hardware wallets advertise themselves as being the most secure way of securing your private keys, but they continue to find themselves in a position that draws negative and unwanted attention. How long will people swallow this? I don't think much longer, because you can keep releasing firmware fixes and whatnot, but the more often you have to do this, the lower your overall credibility becomes as hardware wallet manufacturer. I was doubting whether or not to purchase one, but haven't done so because I am not going to put my faith in a piece of hardware that I personally don't know of what leaks its firmwire may contain that we don't yet know of, or even in the hardware part itself. I have been reading here and there that people owning hardware wallets will revert back to the old and solid paper wallets, and rightfully so.

[Lucius]

I think that hardware wallets are still one of the safest ways for safe storage of private keys,although from time to time a security vulnerability appears,but also very quickly after that we have update which fix the problem.This is something quite normal,not only with hardware wallets,but with any other device or operating system which exists today.

It's not normal at all. Hardware wallets advertise themselves as being the most secure way of securing your private keys, but they continue to find themselves in a position that draws negative and unwanted attention. How long will people swallow this? I don't think much longer, because you can keep releasing firmware fixes and whatnot, but the more often you have to do this, the lower your overall credibility becomes as hardware wallet manufacturer. I was doubting whether or not to purchase one, but haven't done so because I am not going to put my faith in a piece of hardware that I personally don't know of what leaks its firmwire may contain that we don't yet know of, or even in the hardware part itself. I have been reading here and there that people owning hardware wallets will revert back to the old and solid paper wallets, and rightfully so.

I understand your stand,and many others think in that way,but is there so far even one recorded case that someone lost BTC or any other altcoin from hardware wallet and that the cause was a security breach?To my knowledge such a situation has not yet occurred,for safe storage and everyday use hardware wallets are currently the best choice.

But if user have large amount of coins and has no intention to spend them in the near future,then paper wallet represents the safest option for long term storage.Although every users need to know that paper is not something that lasts forever(or ink),we have users on this forum who have problem to read private keys because ink is faded.

[Stedsm]

I think that hardware wallets are still one of the safest ways for safe storage of private keys,although from time to time a security vulnerability appears,but also very quickly after that we have update which fix the problem.This is something quite normal,not only with hardware wallets,but with any other device or operating system which exists today.

It's not normal at all. Hardware wallets advertise themselves as being the most secure way of securing your private keys, but they continue to find themselves in a position that draws negative and unwanted attention. How long will people swallow this? I don't think much longer, because you can keep releasing firmware fixes and whatnot, but the more often you have to do this, the lower your overall credibility becomes as hardware wallet manufacturer. I was doubting whether or not to purchase one, but haven't done so because I am not going to put my faith in a piece of hardware that I personally don't know of what leaks its firmwire may contain that we don't yet know of, or even in the hardware part itself. I have been reading here and there that people owning hardware wallets will revert back to the old and solid paper wallets, and rightfully so.

I understand your stand,and many others think in that way,but is there so far even one recorded case that someone lost BTC or any other altcoin from hardware wallet and that the cause was a security breach?To my knowledge such a situation has not yet occurred,for safe storage and everyday use hardware wallets are currently the best choice.

But if user have large amount of coins and has no intention to spend them in the near future,then paper wallet represents the safest option for long term storage.Although every users need to know that paper is not something that lasts forever(or ink),we have users on this forum who have problem to read private keys because ink is faded.

We all are here for privacy and safety, both.
And as said somewhere, past performance does not guarantee future results. Everything is hypothetical and so is the usage of these hardwares, when even computers are not safe with our so-called perfect Anti-Virus which guarantees us that it holds the best properties and all the data that could prevent our PC from being hacked or be malware-affected, still can't fight the newer ones (Viruses) that are being badly released by those hackers with the intention to steal all our data - can you guarantee that such hardwares are trustworthy even after reading the complete PDF given herein by the OP?

[oneirozwis13]

Till this point in my reading in the crypto world, I had never even been exposed to the idea (nor did it occur to me) that hardware wallets were not as safe as they seemed. Thanks AGD for sharing this with a wider audience, was a fascinating read. At the very least, it is very good food-for-thought. 

[cellard]

I never trusted hardware wallets, from my research, airgapped old laptops runnig some linux distro are the best way for cold storage. You must learn how to bring raw transactions from your airgapped computer into an online node, I haven't learned how to do this yet, I will eventually get into it.

Hardware wallets might be not a best choice for cold storage, but they are still a good choice if you want to access your bitcoins on many different computers which might be compromised. I used to encrypt my Electrum seed using VeraCrypt but I was too scared of keyloggers and other malware. Right now I don't have to worry about it since my TREZOR has a touchscreen to input everything on the device. It is still possible that this model might get hacked anytime soon, time will show us.

If your computer was fully encrypted and never accessed the internet, then how could it have a keylogger? Assuming it's properly airgapped, that is, no physical wifi card, ethernet card, or anything else of this nature, then even if somehow the computer got infected with a keylogger, how could the keylogger communicate with the attacker to send the logs?

Seems pretty solid to me. Meanwhile, hardware wallets have their own RNG and you can't just never be fully sure, and the fact that they are devices supposed to contain bitcoin by default it's just an obvious target.

[Lucius]

We all are here for privacy and safety, both.
And as said somewhere, past performance does not guarantee future results. Everything is hypothetical and so is the usage of these hardwares, when even computers are not safe with our so-called perfect Anti-Virus which guarantees us that it holds the best properties and all the data that could prevent our PC from being hacked or be malware-affected, still can't fight the newer ones (Viruses) that are being badly released by those hackers with the intention to steal all our data - can you guarantee that such hardwares are trustworthy even after reading the complete PDF given herein by the OP?

I never said that hardware wallets are 100% secure,such a thing actually does not exist-but for daily use and for storage of not too large amounts of coins I think there is no better solution at this time.If user have 50 or 100 BTC only safe storage is something totally offline,with no connection to internet.

I read that report the day it was published and the author says :

An attacker can exploit this vulnerability to compromise the device before the user receives it, or to steal private keys from
the device physically or, in some scenarios, remotely.

So the greatest danger here came from delivery process,if someone wants to intercept the package and compromise the device before being delivered to the user.This is certainly possible,but if ordered directly from the manufacturer with tracking number I think the possibility of manipulation with package is very small.

All other attacks can be performed only remotely,and requires that user do some bad things like to allow install of custom MCU firmware or to have infected computer.

Ledger is update their firmware and says that all of these vulnerabilities are now fixed.Saleem Rashid confirms that some of problems are resolved in "Fixing The Attack" part,but even he is not sure that all problems are resolved.

In the end I can not guarantee that hardware wallets are worthy of trust,it is the decision of each user individually.So far there is no documented case that any user is lost coins in hardware wallet and that the cause for this is security flaw in device-but that does not mean that this will not happen in the future.