Bitcoin Forum
January 18, 2020, 10:58:50 PM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: I am getting a hardware wallet ! - How do check if its been tampered with?  (Read 68 times)
LtMotioN
Member
**
Offline Offline

Activity: 210
Merit: 27


View Profile
March 29, 2018, 10:56:28 PM
 #1

Hi guys
I will be getting a hardware wallet in 2 weeks or so, will probably be going for the Nano as it supports more coins. However how can I know that the box hasnt been opened and re-sealed or anything before I got it ?  I mean anything can happen in the warehouse from the online shop im buying from, or at airport customs.. etc..

To my understanding there is a piece of paper in there with my seed words, how can I know that nobody has those ?

Dogs are nice, I don't like cats though.
1579388330
Hero Member
*
Offline Offline

Posts: 1579388330

View Profile Personal Message (Offline)

Ignore
1579388330
Reply with quote  #2

1579388330
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1579388330
Hero Member
*
Offline Offline

Posts: 1579388330

View Profile Personal Message (Offline)

Ignore
1579388330
Reply with quote  #2

1579388330
Report to moderator
mithrim
Sr. Member
****
Offline Offline

Activity: 434
Merit: 409



View Profile
March 30, 2018, 12:50:28 AM
Last edit: March 30, 2018, 01:01:05 AM by mithrim
 #2

Hi guys
I will be getting a hardware wallet in 2 weeks or so, will probably be going for the Nano as it supports more coins. However how can I know that the box hasnt been opened and re-sealed or anything before I got it ?  I mean anything can happen in the warehouse from the online shop im buying from, or at airport customs.. etc..

To my understanding there is a piece of paper in there with my seed words, how can I know that nobody has those ?


The best thing would be to only buy from an official reseller or the original store, that makes you rather safe from supply-chain attacks.

If you go for a ledger be aware that they had exactly this problem before the last firmware update. Someone could manipulate the ledger nano s (and blue) in that way that even the creation of a new seed wouldn't have helped, see here: https://www.ledger.fr/2018/03/20/firmware-1-4-deep-dive-security-fixes/

Make a hard reset in any case and be sure that you've got Firmware 1.4.1 or higher.

You can't be 100% safe tough, unfortunately.


     ████████████████
     ██            ██
████████████████   ██
██            ██   ██
██  ▀▀▀▀▀▀▀▀  ██   ██
██  ▀▀▀▀▀▀▀▀  ██   ██
██  ▀▀▀▀▀▀▀▀  ██   ██
██            ██   ██
██            ███████
████████████████    
WP

TELEGRAM
TWITTER
NEWS

TOKEN SHOP
BECOME PARTNER
TRADING PORTAL

50x.com


                              ▄████▄
                        ▄▄█████▀▀███
                    ▄▄████▀▀     ███
              ▄▄▄████▀▀    ▄▄   ▐██
          ▄▄█████▀       ▄█▀    ██▌
     ▄▄████▀▀▀       ▄███▀      ██▌
    ████▀        ▄▄████▀       ▐██
     ██████▄▄  ▄█████▀         ██▌
          ▀████████           ▐██
            ▀████▌            ███
             ▀███  ▄██▄▄     ▐██▀
              ███▄███▀███▄   ███
              ▀███▀▀   ▀▀███▄██▌
                          ▀▀█▀▀
.

                      ▄▄▄██▄▄▄    ▄
     ██▄            ▄████████████▀
     █████▄▄       ▐█████████████▀
      █████████▄▄▄▄▐████████████▌
     █▄█████████████████████████▌
     ▀██████████████████████████
       ▀███████████████████████
       ▐██████████████████████
         ▀██████████████████▀
           ▄▄█████████████▀
     ▀████████████████▀▀
          ▀▀▀▀▀▀▀▀

Bitfort
Sr. Member
****
Offline Offline

Activity: 588
Merit: 292

invest trade and gamble wisely


View Profile
March 30, 2018, 01:05:35 AM
Last edit: March 30, 2018, 02:00:29 AM by Bitfort
 #3

Hi guys
I will be getting a hardware wallet in 2 weeks or so, will probably be going for the Nano as it supports more coins. However how can I know that the box hasnt been opened and re-sealed or anything before I got it ?  I mean anything can happen in the warehouse from the online shop im buying from, or at airport customs.. etc..

To my understanding there is a piece of paper in there with my seed words, how can I know that nobody has those ?



No, you won't receive the seed (if so then it's almost 100% positive someone already saw it, wrote it down and have access to that wallet).
Seed will be generated brand new once you first start the device.

GAMBLING: crypto-games | kingdice | yolodice | bitvest | bitdice | primedice | bitkong | betstreak | bustadice | betking | fortunejack - SPORTSBOOKS: bitcoinrush  | nitrogensports | onehash |  - EXCHANGES: poloniex | bittrex | bitfinex | binance | kraken | bitstamp | hitbtc | coinbase | bitshares | cryptopia | coinexchange RENT a mining rig or LEASE your own at MRR
Potato Chips
Sr. Member
****
Offline Offline

Activity: 1176
Merit: 411


noot noot o/


View Profile
March 30, 2018, 01:17:31 AM
 #4

Ledger uses attestation to prove a wallet's authenticity so if the device is tampered, you won't be able to use it as it won't be recognized.
Read this article for give to give you more depth about this topic: https://www.ledger.fr/2015/03/27/how-to-protect-hardware-wallets-against-tampering/

There's also a way for hardware savvy's: https://support.ledgerwallet.com/hc/en-us/articles/115005321449-How-to-verify-the-security-integrity-of-my-Nano-S-


LtMotioN
Member
**
Offline Offline

Activity: 210
Merit: 27


View Profile
March 30, 2018, 06:41:49 AM
 #5

awesome thanks guys. This is one of those things where you kinda learn as you do it. But for a hardware wallet learning only then is too late.

I fully trust the retailer I am buying from, reason Im not going official site is due to customs taxes/ import duties and so on.

Dogs are nice, I don't like cats though.
jseverson
Hero Member
*****
Offline Offline

Activity: 1218
Merit: 701


View Profile
March 30, 2018, 11:37:59 AM
 #6

Another thing to add: another common attack involving hardware wallets is the inclusion of seeds on a piece of paper. If you find one packaged with your hardware wallet, it's likely compromised, but a reset should be enough to stay safe in those cases.

It's not a problem if you fully trust your retailer, but one thing to consider is that you're trying to save a few bucks while risking thousands by potentially getting a compromised device. Just a thought.

HCP
Legendary
*
Offline Offline

Activity: 1218
Merit: 2136

<insert witty quote here>


View Profile
March 30, 2018, 12:16:52 PM
Merited by Potato Chips (1)
 #7

Ledger uses attestation to prove a wallet's authenticity so if the device is tampered, you won't be able to use it as it won't be recognized.
Read this article for give to give you more depth about this topic: https://www.ledger.fr/2015/03/27/how-to-protect-hardware-wallets-against-tampering/
Note that a recently publicised exploit managed to fool the attestation process... To prevent issues, you should make sure that:

1. You ensure your Ledger Nano S is running the latest firmware. (1.4.1 at the time of this post)
2. You reset the Ledger Nano S at least once to ensure that any "preloaded" seed is wiped
3. You ignore any pre-printed card that proclaims to be your seed

NOTE: Should you actually receive a Ledger Nano S that comes either preloaded with a seed, or with an included pre-printed card... you should return it and ask for a refund as it is likely that it has been tampered with. You should also report the reseller to Ledger.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!