Hardware Wallet protection on a online computer

[zaico]

I'm trying to understand how a Hardware Wallet protects its data when connected to an online computer. If it's compromised one can easily read what's inside the USB. Am I missing something?

[Charles-Tim]

The most secure and safe wallet to use are offline wallets, while hardware wallet is one of the offline wallets, which means its private key is completely generated offline and remain offline. While using online wallet to access your hardware wallet, the only risk involve is the recipient address to automatically change to a hacker's address unknowingly to the person that want to send from such wallet. If the sender do not check the address very well and notice the change of address to hackers address, the bitcoin will be sent to the hackers address. So, checking the address and rechecking it again before sending any coin will help during the time, but yet it is best to avoid malware and have good online and offline practice to protect you from attackers.

[ranochigo]

I'm trying to understand how a Hardware Wallet protects its data when connected to an online computer. If it's compromised one can easily read what's inside the USB. Am I missing something?

The private key is never transferred over the USB. The bootloader doesn't have any codes that would transfer the private key to the computer nor does it need to be exposed that way. The unsigned transaction is transferred through the USB and signed on the device. The private key is always stored within the device in a sanitized environment. As long as the device doesn't send the private key or the seed over the USB, it doesn't matter whatever data is sent to and from the device.

[o_e_l_e_o]

If it's compromised one can easily read what's inside the USB.

A good hardware wallet is more than just a simple USB drive. The whole point of hardware wallets is exactly that you can plug them in to compromised or online computers without having your private keys stolen.

The most that a compromised computer could do is craft a malicious transaction and push it to your hardware wallet to be signed. As long as you are paying attention and you don't confirm the malicious transaction on your hardware wallet, then your coins remain safe.

[Pmalek]

Am I missing something?

The two most important elements to the security of your coins is the seed you generate when you first fire-up your hardware wallet and the private keys derived from that seed, which sign transactions allowing you to spend your coins. In the case of Ledger, the seed is only visible on the screen of your hardware wallet. It's native software, Ledger Live, never sees the seed.

The private keys are kept in a sealed environment known as the Secure Element. The keys only get used when you need to sign transactions to spend coins. For that, you need to physically allow your device to sign the transaction by pressing the two buttons on top of it. No software or third-party can see your keys or broadcast the transaction for you.

You can test that yourself if you have a Ledger hardware wallet.
If you use Electrum, create a new wallet for testing purposes. Run the software, click on Wallet > Private Keys > Export. Enter your password and Electrum will display the private keys of 20 receiving and 10 change addresses by default.

Try the same with your Ledger. Plug in your Ledger and connect it to Electrum. Open your bitcoin wallet and try to view and export your private keys. You will see that it doesn't work because Electrum can't access them.

[ranochigo]

The private keys are kept in a sealed environment known as the Secure Element. The keys only get used when you need to sign transactions to spend coins. For that, you need to physically allow your device to sign the transaction by pressing the two buttons on top of it. No software or third-party can see your keys or broadcast the transaction for you.

Secure element doesn't matter all that much in terms of securing the keys from malware. The purpose it serves is to make it harder for it to be extracted via physical attacks. Malware attacks are mitigated by designing the firmware and bootloader to not arbitrarily communicate sensitive information over the USB. Secure element doesn't ensure this, the MCU does. Secure elements mostly acts as a storage medium.

In certain hardware wallets, the private keys has to be exposed  to the MCU for transaction signing as certain secure elements are incapable of signing transactions. The environment is still sanitized nonetheless.

[HCP]

I'm trying to understand how a Hardware Wallet protects its data when connected to an online computer. If it's compromised one can easily read what's inside the USB. Am I missing something?

You're missing the simple fact that Hardware Wallets, while some of them might have the appearance of one, are not just a plain USB stick. They have custom hardware/software/firmware that prevents external devices from accessing the data stored within in.

Essentially they provide a limited "API" that external devices/software have to use to communicate with the device, such that the sensitive information stored within it (ie. seed/private keys) cannot be extracted using that API... at least, in theory

[Lucius]

You're missing the simple fact that Hardware Wallets, while some of them might have the appearance of one, are not just a plain USB stick.

I once helped a friend with a crypto investment, so he asked me what the safest option was for keeping them - I recommended a hardware wallet and sent him links to an e-mail, to which he replied that he already had it at home. Of course, he only had a USB stick which I have to admit was quite similar to the Nano S.

I wonder how many people actually use such USB sticks for their crypto wallets (backups) and live in the belief that they have a hardware wallet?

[HCP]

I wonder how many people actually use such USB sticks for their crypto wallets (backups) and live in the belief that they have a hardware wallet?

Given the number of users that struggle to understand the difference between a "wallet" and an "address" etc... I'd say the number is probably higher than we'd like to hope

Although one might hope that users who see hardware wallets like the Trezor or the Coldcards etc that look nothing like a traditional USB stick, would be less inclined to believe that a simple USB stick is a hardware wallet.

[sheenshane]

I'm trying to understand how a Hardware Wallet protects its data when connected to an online computer. If it's compromised one can easily read what's inside the USB. Am I missing something?

Even though your computer gets compromised, the hackers won't steal your private key as long as you didn't store it on your online computer.  All transactions or even crypto signing stuff will be done on your hardware wallet and it will not leave on the computer, and most HWs are protected with a PIN.  So hackers can't execute hacking online and extract your private key, unless if a hacker will physically access to steals your hardware wallet.

All kind of Bitcoin wallets that connected online will be hackable, you should be knowledgeable enough to keep private key safe which is the only one key to access your Bitcoin.  That's a very important point here that you should always remember.

[o_e_l_e_o]

I wonder how many people actually use such USB sticks for their crypto wallets (backups) and live in the belief that they have a hardware wallet?

I can't imagine it would be that high. To do this, you have to at least be capable of locating your wallet.dat or similar file for the software you are using, moving it to a USB drive, and opening it again from the USB drive when you want to use it. If you can do that, then even just looking at a Ledger or Trezor and realizing they have a screen and buttons should be enough for you to realize they are more than just a simple USB drive.

Still, although obviously not as good as a hardware wallet, storing a wallet file on a USB drive is marginally more secure than just using a straightforward software wallet, since your wallet file is not connected to the internet at all times.

So hackers can't execute hacking online and extract your private key, unless if a hacker will physically access to steals your hardware wallet.

They can't extract your private keys remotely (as far as we are aware for the major hardware wallets), but they can still attempt to push malicious transactions to your device in the hope you will sign them without checking. Hardware wallets are still only as good as the person using them.

[Charles-Tim]

So hackers can't execute hacking online and extract your private key, unless if a hacker will physically access to steals your hardware wallet.

You are right but not totally true.

Like if using hardware wallet like Ledger Nano, it has a secure element but which is close source, the secure element makes it impossible for hackers that steal Ledger Nano wallet to get access to the seed phrase, if the seed phrase can no be accessed, then no access to the private key. So the thieves will only steal the device for nothing.

It is very possible hackers can steal Trezor and able to access the seed phrase, this vulnerability has been discovered by Krakn like two or three years ago. But the use of passphrase to extent the seed will help for such hackers not to be able to access the cryptocurrencies because salting process in which additional words (passphrase) are used lead to generation of different keys entirely which will make it impossible for hakerd to get through to steal your funds.

There are some uncommon hardware wallets, example is the Coolwallet S that do not support passphrase and yet such physical attack can lead to access to its passphrase seed phrase, this will only make hackers to steal such wallet to get through by knowing the wallet seed phrase and have access to the keys generated by the wallet. That is why it is good not to use uncommon hardware wallet.

[ranochigo]

It is very possible hackers can steal Trezor and able to access the seed phrase, this vulnerability has been discovered by Krakn like two or three years ago. But the use of passphrase to extent the seed will help for such hackers not to be able to access the cryptocurrencies because salting process in which additional words (passphrase) are used lead to generation of different keys entirely which will make it impossible for hakerd to get through to steal your funds.

There are some uncommon hardware wallets, example is the Coolwallet S that do not support passphrase and yet such physical attack can lead to access to its passphrase, this will only make hackers to steal such wallet to get through by knowing the wallet seed phrase and have access to the keys generated by the wallet. That is why it is good not to use uncommon hardware wallet.

Secure element is designed to never leak the seeds or to at least make it inherently difficult and/or expensive to access it. Passphrase is used as an additional security measure against attackers if that layer of defense is broken, plausible deniability as well but using a passphrase is not desirable in all situations; not being covered by checksum, forgetting it, etc. AFAIK, CoolWallet has a secure element which makes it that much harder to extract the seeds in the first place.

[Charles-Tim]

[AFAIK, CoolWallet has a secure element which makes it that much harder to extract the seeds in the first place.

I did not mean secure element or not. I meant how uncommon wallets can have unkown vulnerabilities, unlike the common ones like Trezor, Ledger Nano and Cold Card wallet that have been researched more about by experts. The vulnerability that was found in Coolwallet is not about the secure wallet, it is about having access to the hardware wallet and the phone used to access the wallet. The attack can even be through malware or physical theft of both the phone and the hardware wallet which will make the seed phrase to be know.

We recently discovered the CoolWallet S Android application stores the wallet’s PIN, pairing password, and hardware seed in plaintext. This vulnerability means that if the phone becomes compromised, either by physical theft or with malware, the attacker can easily obtain everything they need to empty the paired hardware wallet.

Additionally, the hardware wallet is reliant on the security protections of the paired phone. If the attacker gets both your phone and wallet, they can unlock your wallet and either pair it to another phone or send funds directly from the device with the push of a button.

Although, there was a report from Coolwallet company that the vulnerability has been fixed. But I am talking generally about wallets that are not common, not about secure element. Also Coolwallet suffer some other vulnerability which not yet mention here.

[zaico]

Thanks everyone for the replies. My apologies for not answering before.
If I understood correctly from your replies hardware wallets are secure as long as the firmware is not compromised. The truth is I'm a bit surprised to see the community relying the storage to private companies when bitcoin and has been open source and DIY from the beginning. I found the offline (original) wallet method to be the most reliable and after reading you, correct me if i'm wrong, it still is. I'm referring to having and offline PC or liveUSB with your cold wallet there.

[dkbit98]

The truth is I'm a bit surprised to see the community relying the storage to private companies

Nobody here is storing Bitcoin in any private companies, because bitcoin is stored on blockchain and hardware wallets are only keeping keys offline with no direct internet connection.
We are not promoting any hardware wallets, they are just simple and better way for holding coins than using regular hot wallets.

I found the offline (original) wallet method to be the most reliable and after reading you, correct me if i'm wrong, it still is. I'm referring to having and offline PC or liveUSB with your cold wallet there.

For most people it is not enough because they are sloppy, they make mistakes with offline wallets and they don't care about privacy at all, but you can do as you like.

[o_e_l_e_o]

I found the offline (original) wallet method to be the most reliable and after reading you, correct me if i'm wrong, it still is.

There are pros and cons to both methods, and there is nothing stopping you from using both methods. I prefer a permanently airgapped computer with full disk encryption for the bulk of my cold storage. I transfer transactions back and forth using QR codes, using two separate webcams which are unplugged immediately after use, therefore eliminating any concerns regarding transferring malware or malicious code via a USB drive. The computer is stripped of all unnecessary hardware, only runs a basic open source OS and my bitcoin wallet and no other software, does not share peripherals with any other device, is stored in a safe in my house when not in use, and is only used in a room with curtains closed. However, I also use a couple of hardware wallets for funds I want to keep offline, but I will also be transacting with more often than with my main cold storage, which I might only touch once or twice a year. The ease of use of a hardware wallet is significantly higher than that of my main cold storage - just plug it in to my main computer I can be transacting within seconds.

Further, setting up an airgapped and encrypted cold storage device is not a trivial task, especially for someone with little technical knowledge, and there are many places you can go wrong in both the initial set up and the ongoing use. Conversely, buying a hardware wallet achieves a very good level of security (and I'm certain that some would even argue a better level of security), and is far easier to set up and use.

[hugeblack]

It's about the possibility of making these devices if you don't trust them, download the open source code on the physical devices and run them.
As mentioned above, it is related to economics cost. Hardware wallets provide acceptable protection for beginners, with the possibility of supporting many altcoins at a cheaper price than providing airgapped PCs.
As for companies and individuals who only care about their privacy and security, they do not use regular closed source hardware wallets

[DireWolfM14]

I prefer a permanently airgapped and computer with full disk encryption for the bulk of my cold storage. I transfer transactions back and forth using QR codes, using two separate webcams which are unplugged immediately after use, therefore eliminating any concerns regarding transferring malware or malicious code via a USB drive. The computer is stripped of all unnecessary hardware, only runs a basic open source OS and my bitcoin wallet and no other software, does not share peripherals with any other device, is stored in a safe in my house when not in use, and is only used in a room with curtains closed.

I have a small laptop that use in the same way.  I recently updated it with Ubuntu Desktop 20.04.2 minimal install, Ian Coleman's Bip39 tool, and Electrum.  That's all that's I have installed on it.  I haven't physically disabled the network adaptors and USB ports.  I like to keep the software updated, so I plan to use the hardware from time to time for easier upgrades.  Once the machine is set up the way I like it I disable the NIC and USB devices using the bios settings, which are also password protected.  The wifi adaptor is always disabled, I only use a wired connection when updating a newly installed OS.

I also use an encrypted USB as a redundant back up for all my seeds.  I store the seeds in an encrypted text file, and the USB stick is one of those aluminum enchased Corsair Survivor sticks.  Am using bitlocker for encryption, which is probably not the best thing since all my other devices are using open source OSs and software.  Since my data is PGP encrypted anyway, I don't think it's that big of a risk.  Of course I have my seeds backed up on paper and stainless steel, stored in a fire resistant document bag, in a fire resistant steel safe.  It's just nice to have them available electronically when I restore cold wallets on my off-line machine.

[o_e_l_e_o]

I haven't physically disabled the network adaptors and USB ports.

Although I do rip out the hardware I won't be using just to be extra safe, I don't think physically removing or disabling hardware that requires you to physically plug a cable in to operate is completely necessary, as long as you are pretty sure you won't absent-mindedly hook it up. I would recommend physically removing WiFi adapters and other wireless connectivity hardware, though.

Am using bitlocker for encryption, which is probably not the best thing since all my other devices are using open source OSs and software.

Yeah, I would move away from BitLocker when you get the chance. It is closed source as you point out, but there are also widespread concerns that the FBI encouraged Microsoft to code a backdoor in it for them, as well as it suffering from some pretty major security flaws. My go to open source encryption software is either LUKS or VeraCrypt.