Is the hardware wallet really safe?

[vapourminer]

All protection is an illusion of security.
Your main defense is not to arouse interest in professional attackers. From this point of view, I would advise you to reduce the number of access points, especially if they are via a wi-fi.

I'm not a professional, I'm just keeping a close eye on the news on cyber security...

thank you for the detailed reply.

i wanted to reply in a bit more detail but ill just reply to this part (multiple wireless APs etc) for now.

i had though of the fact that a bunch of wireless individual APs and such in a single residence would be an invitation to see why. so my "solution" is to have most wireless APs in my basement on the floor. thus surrounded by concrete and dirt, so the only way for the signal to go (more or less) is up into the house space (which is the only place i want it seen), and not outside of the house footprint. as well as turn the power output as low as i can on device. thus minimizing  people driving by seeing the APs

low tech i know but its the best i can come up with.

[1713282980]

1713282980

[1713282980]

1713282980

[Voland.V]

All protection is an illusion of security.
Your main defense is not to arouse interest in professional attackers. From this point of view, I would advise you to reduce the number of access points, especially if they are via a wi-fi.

I'm not a professional, I'm just keeping a close eye on the news on cyber security...

thank you for the detailed reply.

i wanted to reply in a bit more detail but ill just reply to this part (multiple wireless APs etc) for now.

i had though of the fact that a bunch of wireless individual APs and such in a single residence would be an invitation to see why. so my "solution" is to have most wireless APs in my basement on the floor. thus surrounded by concrete and dirt, so the only way for the signal to go (more or less) is up into the house space (which is the only place i want it seen), and not outside of the house footprint. as well as turn the power output as low as i can on device. thus minimizing  people driving by seeing the APs

low tech i know but its the best i can come up with.

-
The fact that you bricked your access points in the basement doesn't save you from attack.  Attacks only run on the network, on your ip.

I didn't believe it when I read how easy it was to attack an AP remotely using a ready-made program.  And I didn't believe that it could be done by someone without that experience or skill.  I was wondering if cheaters could act against me in the same way.

I found free programs on the usual Internet (not even on the Darknet), which find exactly the access point wi-fi, find on the network and around the world:
- or a map of the area;
- or an I.P. address;
- or simply a map of access points available for hacking in the country of your choice.

No way, I thought I found my access point and watched the program hack it for interest.  And the program did it all on its own.

This example showed me that even a person without special knowledge is capable of attacking access points.

For this reason, I don't see any point in shielding routers' radiation.

Try hacking your access points yourself.  You can find the program in Darknet yourself, I don't want to advertise these things.  I don't know how we can protect ourselves in the current paradigm of security systems.  We need to change the fundamentals.  And who needs this?

[bob123]

I didn't believe it when I read how easy it was to attack an AP remotely using a ready-made program. 
[...]
This example showed me that even a person without special knowledge is capable of attacking access points.

It is not that easy.
First, you need to define the scope. What exactly does count as an attack?
Attacking the availability is always possible (from within the range).
Attacking the confidentiality or integrity of the data is not as easy as you think.

Sure, if you are using outdated technology (outdated router or WEP), than it takes less than a few seconds to minutes to enter your network.
However, with an up-to-date router software and a proper encryption, there currently is no known way to intrude a network through 802.11x.

[Lucius]

Sure, if you are using outdated technology (outdated router or WEP), than it takes less than a few seconds to minutes to enter your network.
However, with an up-to-date router software and a proper encryption, there currently is no known way to intrude a network through 802.11x.

And that's exactly what we have in practice, a very large number of old devices that are vulnerable to the point that they are hacked by kids who play with programs like BackTrack and hack WEP protection within minutes, or WPA2-PSK with WPS enabled within a few hours. It all really depends on how good an ISP is when it comes to firmware upgrades or replacing old devices.

[bob123]

And that's exactly what we have in practice, a very large number of old devices that are vulnerable to the point that they are hacked by kids who play with programs like BackTrack and hack WEP protection within minutes, or WPA2-PSK with WPS enabled within a few hours.

Actually i can't confirm that.
Since i am working in the field of cyber security, i occasionally wardrive (basically scanning for wifi networks while walking/driving) out of curiosity.
A very small percentage (roughly less than 1%) is using WEP. The amount of WPS enabled is slightly higher, but definitely below 5%.

This might not be the case everywhere, but in my country that's what i could find out (not representative).

Even with Kali (the successor of Backtrack), a linux distribution designed for penetration testing, there isn't much you can do with the majority of Wifi networks.


However, i agree that with WPS enabled every somewhat techy kid could easily break into such a network. Checking the Settings for WPS and obviously also choosing a strong (non standard) password already adds quite some security.

[Voland.V]

Recent news on the subject. In general, there is so much news that it is no longer possible to reread everything. Oh, you don't have to. Everyone will draw conclusions for themselves.

Security researchers from ESET discovered a dangerous vulnerability Kr00k (CVE-2019-15126) in widely used Wi-Fi chips Broadcom and Cypress and affects more than a billion devices worldwide (smartphones, tablets, laptops, routers and IoT devices) using the protocol WPA2-Personal or WPA2-Enterprise with the encryption algorithm AES-CCMP.  Now Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi) and access points from Asus and Huawei are under attack.The Kr00k vulnerability is related to Key Reset attack (KRACK), which allows attackers to crack Wi-Fi passwords protected by WPA2 protocol (again keys, key technologies).

Huge problems with device shells that contain embedded vulnerabilities, such as embedded passwords and embedded SSH/SSL keys.  The advent of one such device in your home, including an IOT device that connects it to your home wi-fi, allows you to attack all other devices connected to the same access point (keys, passwords, technologies built on a key function).

[Voland.V]

And while there are no comments, here's the latest news on our password and key-based security:
AI-assisted password guessing! Cybercriminals are using ML to improve user password guessing algorithms. More traditional approaches, such as HashCat and John the Ripper, already exist and compare different variants of the password hash to successfully identify the password that matches the hash. However, using neural networks and Generative Adversarial Networks (GAN), cybercriminals will be able to analyze vast sets of password data and generate password variations that match a statistical distribution. In the future, this will lead to more accurate and targeted guessing of passwords and a higher chance of profit.

In a February 2020 clandestine forum post, we found a GitHub repository that has a password analysis tool with the ability to parse 1.4 billion accounts and generate password variation rules.
In addition, we also saw a post listing a collection of open-source hacking tools that have been hacked [...] to. Among these tools is AI-based software that can analyze a large set of password data from data leaks. This software ensures that it extends its ability to guess passwords by teaching GAN how people tend to change and update passwords, such as changing "hello123" to "h@llo123" and then to "h@llo!23".