AirGapped Hardware Wallets

[n0nce]

Issue with QR code encoded malware is file size. A QR code offers extremely limited space, so it'd be super hard to transfer an actual piece of malware software - I'd dare to say impossible - over a single QR code.

QR code can not be hacked, but can be replaced which will be what the hacker will do, there are ways in which the transaction initiated which is to be signed will be changed to his own (hacker's QR code), it will also still just be a QR code but for a hacker which can be very deadly. Malware QR code are existing and they are just like other normal QR codes.

I don't consider a replaced QR code, which is still just a QR representation of a PSBT as a 'malware QR code'. That's just a clipboard attack, which is always possible, no matter what your transport protocol is - whether it's USB, QR codes or anything else. That's also completely out of the hands of the hardware wallet manufacturers. That's why I don't consider this attack scenario. Also almost every wallet these days shows the receiver address on a screen and if you don't check it prior to signing, that's on you in my opinion.

I consider a 'malware QR' a payload that actually changes the program flow of the hardware wallet to - as someone mentioned before - for example leak seed words through the PSBTs.

LOL, of course we should 'avoid malware', I don't think that's even debateable

[1715162023]

1715162023

[1715162023]

1715162023

[1715162023]

1715162023

[1715162023]

1715162023

[dkbit98]

A seed being exposed would be predicated by malware being transmitted to the airgapped machine. The seed could be then leaked via the signature of a transaction. For example, malware could direct the infected computer to use an R-value in a certain range if a particular word is part of a seed. The R-value could also leak where in the seed the particular word is by the R-value being in the i-th portion of the range if the seed word is the i-th word in the seed. One random word could be leaked in a transaction. Once enough transactions have been broadcast, the attacker would know all of the seed words, including the order. The attacker would need to monitor for approximately 5 * 10^4 R-values.

I don't know if you are smoking to much weed or what, but I have to repeat again that there is NO COMPUTER in airgapped hardware wallets so there is nothing to infect or transfer.
QR codes are one-directional and seed words are inside secure elements, so everything you wrote is a bunch of nonsense that is impossible to happen in real life.

Are you aware of any instances in which a trezor was hacked via malware? (this would not include any attach involving physical access to the device).

Yes I know about several clipboard malware, EthClipper malware that is well documented, proven and confirmed by multiple hardware wallet manufacturers.
I also know several scam Trezor and Ledger devices, both of this devices had many flaws with validating inputs, and here is one more attack that involved malware for Trezor Model T in 2019:
https://benma.github.io/2019/11/18/trezor-change-vulnerability.html

There is at least one example I am aware of involving an exchange that had it's air-gapped cold wallet hacked. Several years ago North Korea had what was presumably their air gapped computer involving one of their missles they were test launching hacked, although this may have involved physical access, I am not sure.

You are again writing bunch of sci-fi nonsense without proof, you are trying to prove something I never said, and those ''hacks'' were result of human errors.
Not going to comment anything about North Korea...

With reputed hardware wallets, I have heard that it is possible for QR code to be replaced with hacker's QR code, but not to the extent the seed phrase of such wallet will be revealed, but the initiated transaction to be signed can be replaced in which the bitcoin will be sent to the hacker's address.

Of really? I also heard that pigs and cows can fly...in cartoons and fairytales.

[n0nce]

A seed being exposed would be predicated by malware being transmitted to the airgapped machine. The seed could be then leaked via the signature of a transaction. For example, malware could direct the infected computer to use an R-value in a certain range if a particular word is part of a seed. The R-value could also leak where in the seed the particular word is by the R-value being in the i-th portion of the range if the seed word is the i-th word in the seed. One random word could be leaked in a transaction. Once enough transactions have been broadcast, the attacker would know all of the seed words, including the order. The attacker would need to monitor for approximately 5 * 10^4 R-values.

I don't know if you are smoking to much weed or what, but I have to repeat again that there is NO COMPUTER in airgapped hardware wallets so there is nothing to infect or transfer.
QR codes are one-directional and seed words are inside secure elements, so everything you wrote is a bunch of nonsense that is impossible to happen in real life.

If I understood correctly, what they mean with 'computer' is the hardware wallet. The idea is to construct a QR code that contains a payload (at least that's what I classify as malware, merely replacing a QR code on the host to send funds to the attacker is not a 'malware QR') as well as specific invalid / unexpected bits or bytes that trigger an exception in the QR code scanning part of the wallet's firmware. By exploiting that exception, the wallet's program flow is altered and forced to replace its firmware by the firmware contained in the QR code using the firmware upgrade code that is on the device, thus 'infecting' the wallet. Afterwards, the wallet may create transactions that leak the seed words by encoding them in transaction hashes or something like that.

It's all super hypothetical and nobody has done anything like that so far. But in theory, if you can get code injection, you should be able to extract the seed words, since it's usually possible to display the seed words on screen, so they're not unreadable by code running on the device.

As mentioned before I also highly doubt that such a malware, including the modified fw would fit in a QR code that is not instantly rejected by the device due to being way too large (like those big grid QR codes, which are not used for PSBTs).

[dkbit98]

It's all super hypothetical and nobody has done anything like that so far. But in theory, if you can get code injection, you should be able to extract the seed words, since it's usually possible to display the seed words on screen, so they're not unreadable by code running on the device.

It's super-super-hypothetical and I think that in example of Keystone hardware wallet you can't display seed words on screen or extract it for security purposes.
Once the seed words gets into the Secure Element, it never gets out, and you can't see it again, but you can import the seed again and verify if it is correct.
I am not sure how other airgapped wallets are handling this, and I never said that airgapped wallets are perfect but they are safer than regular wallets.

[o_e_l_e_o]

It's super-super-hypothetical

Not only that, but such an attack would have to be very specifically targeted against a particular user, since I would need to know exactly what make and model (and potentially even firmware) of hardware wallet you are using, and I would also need to know the UTXOs you would be spending so I could monitor the blockchain for transactions involving those UTXOs so I could extract the necessary information from the signatures.

If someone knows that much information about your wallets and security practices, then which is more likely: They create a never-seen-before malware from scratch which targets you specifically, manage to infect your hardware wallet with it, and then spend weeks, months, or even years, waiting for it to leak enough information for them to steal your coins, or they show up to your door and hit you with a wrench?

There are an infinite number of ways you could lose your coins, but it's all about considering what are the most likely attack vectors.

[dkbit98]

If someone knows that much information about your wallets and security practices, then which is more likely: They create a never-seen-before malware from scratch which targets you specifically, manage to infect your hardware wallet with it, and then spend weeks, months, or even years, waiting for it to leak enough information for them to steal your coins, or they show up to your door and hit you with a wrench?

Someone could in theory do this if wallet is closed source, they can add hidden malware with backdoor and nobody would ever know until we see newspaper headlines start talking about this.
Meanwhile they could be selling empty boxes and malfunctioned devices with faulty batteries, it's just me semi-hypothetical spaking about one possible scenario

In case of Coldcard wallet, I think it's possible to extract seed word, maybe DaveF or someone else who owns the device could verify this.

[n0nce]

It's all super hypothetical and nobody has done anything like that so far. But in theory, if you can get code injection, you should be able to extract the seed words, since it's usually possible to display the seed words on screen, so they're not unreadable by code running on the device.

It's super-super-hypothetical and I think that in example of Keystone hardware wallet you can't display seed words on screen or extract it for security purposes.
Once the seed words gets into the Secure Element, it never gets out, and you can't see it again, but you can import the seed again and verify if it is correct.
I am not sure how other airgapped wallets are handling this, and I never said that airgapped wallets are perfect but they are safer than regular wallets.

Oh that's interesting. I haven't used an airgapped wallet myself so far and I think all hardware wallets I tried allow you to see the seed words on screen. Would be interesting to know if all airgapped wallets disabled this functionality and why.

[o_e_l_e_o]

I haven't used an airgapped wallet myself so far and I think all hardware wallets I tried allow you to see the seed words on screen. Would be interesting to know if all airgapped wallets disabled this functionality and why.

They obviously have to display the words the first time they are generated so you can write them down, but after that, a good hardware wallet should not provide the functionality to show them again as it kind of defeats the purpose of a hardware wallet. If there is the functionality to show the seed phrase (or indeed the private keys) in plain text, then there is the possibility of an attacker exploiting that functionality, either via a direct physical attack or remotely via malware, to extract and access the seed phrase.

[n0nce]

I haven't used an airgapped wallet myself so far and I think all hardware wallets I tried allow you to see the seed words on screen. Would be interesting to know if all airgapped wallets disabled this functionality and why.

They obviously have to display the words the first time they are generated so you can write them down, but after that, a good hardware wallet should not provide the functionality to show them again as it kind of defeats the purpose of a hardware wallet. If there is the functionality to show the seed phrase (or indeed the private keys) in plain text, then there is the possibility of an attacker exploiting that functionality, either via a direct physical attack or remotely via malware, to extract and access the seed phrase.

I agree, unfortunately, many devices do display the seed words when asked. This increases the attack surface.

ColdCard has functionality to show them:

View Seed Words
    Shows warning screen, and then displays the 24 seed words on the Coldcard screen. If defined, the BIP-39 passphrase is also shown.

Foundation Passport as well:

The user can choose to display the wallet seed on screen

BitBox02 as well:

Once you have typed in your correct device password, your recovery words will be displayed on your BitBox02

Keystone looks good
Trezor looks good
Ledger looks good

[witcher_sense]

They obviously have to display the words the first time they are generated so you can write them down, but after that, a good hardware wallet should not provide the functionality to show them again as it kind of defeats the purpose of a hardware wallet. If there is the functionality to show the seed phrase (or indeed the private keys) in plain text, then there is the possibility of an attacker exploiting that functionality, either via a direct physical attack or remotely via malware, to extract and access the seed phrase.

For a potential attacker to access the functionality of seed phrases written in plain text, they first need to somehow unlock a device. Right? But if they already unlocked it, they can spend money without having to know the secret. If, on the other hand, an attacker has a special tool to extract the device's seed without unlocking it, it doesn't actually matter if a device has certain UI vulnerabilities or not. The only problem I see in showing a seed in plain text on the device's screen is that you should always make sure you're not being watched through your laptop's web camera or other similar means.

[Charles-Tim]

For a potential attacker to access the functionality of seed phrases written in plain text, they first need to somehow unlock a device. Right? But if they already unlocked it, they can spend money without having to know the secret.

This defeats the purpose of hardware wallet which is storing of seed phrase completely offline, if the seed phrase is in a plain text and accessible anytime it is requested for on the device, then it is hot wallet, which will make it more vulnerable to online attacks. Then malware will be able to extract the seed phrase.

[witcher_sense]

This defeats the purpose of hardware wallet which is storing of seed phrase completely offline, if the seed phrase is in a plain text and accessible anytime it is requested for on the device, then it is hot wallet, which will make it more vulnerable to online attacks. Then malware will be able to extract the seed phrase.

An air-gapped hardware wallet remains unconnected to the Internet all the time, the fact that you have an opportunity to see your seed in plain text doesn't change its status from "offline" to "online." I also can't think of the ways an attacker can employ to install malware if we never connect directly to the Internet. I also don't agree with the statement that the main purpose of a hardware wallet is to store something offline because if it were so, then it would be no different from storing it on a piece of paper. The key purpose, I believe, is signing transactions offline.

[o_e_l_e_o]

For a potential attacker to access the functionality of seed phrases written in plain text, they first need to somehow unlock a device. Right?

Ordinarily, sure, but if you introduce a process to retrieve the seed phrase from wherever on the device it is encrypted and hidden and display it in plain text, then you increase the attack surface and create the possibility of someone managing to hijack that process to retrieve the seed phrase without having unlocked the device.

But if they already unlocked it, they can spend money without having to know the secret.

Knowing a seed phrase is significantly worse, since an attacker can wait until you deposit larger amounts of coins to your wallets before stealing them, and can also now attempt to bruteforce any additional passphrased wallets which use that seed phrase.

I also can't think of the ways an attacker can employ to install malware if we never connect directly to the Internet.

Either with physical access to the device, or through malicious firmware updates which you would transfer to the device via an SD card or similar.

[n0nce]

This defeats the purpose of hardware wallet which is storing of seed phrase completely offline, if the seed phrase is in a plain text and accessible anytime it is requested for on the device, then it is hot wallet, which will make it more vulnerable to online attacks. Then malware will be able to extract the seed phrase.

An air-gapped hardware wallet remains unconnected to the Internet all the time, the fact that you have an opportunity to see your seed in plain text doesn't change its status from "offline" to "online."

I agree with this; it's still far from a hot wallet, just alone for the fact that it's still a hardware wallet to begin with. A hot wallet is just a piece of software running on an internet connected PC. That's a whole other thing, Charles

I also can't think of the ways an attacker can employ to install malware if we never connect directly to the Internet.

Well, as long as there is communication (which there is), there is potential of infiltrating malware. In this case, the communication is done via QR codes, which can - in theory - for sure carry an exploit and potentially malware as payload.

It's highly unlikely, but it's possible.

Now, if your device has no built-in way, no functions in ROM, to read out the seed, the attacker will have to query the chip directly, if it's even possible, so it will be significantly harder for them to extract the seed phrase. Instead, if the wallet does have the built-in ability to show the words on screen, the code is somewhere in memory and can be read out by malware.

This being said, it's highly unlikely that malware infection by QR code will be achieved by someone in the first place, but I'm not talking about present / proven attacks, I'm just talking attack surface (hypothetical). And it is indeed definitely smaller if you don't have functions ready to be executed that fetch the seed for you.

Edit: As oeleo said, firmware update is another way to infect the device with such malware!

[dkbit98]

I agree, unfortunately, many devices do display the seed words when asked. This increases the attack surface.

In addition to those wallets you mentioned, I think that Safepal is also not allowing exporting or showing of mnemonic words (but it's closed source so I don't recommend it),
Ellipal wallet is even worse Android based device and it's possible to extract seed words, similar like with Trezor and Keepkey, so I would only use this wallets with passphrase:
https://breaking-bitcoin.com/docs/slides/2019/ExtractingSeeds.pdf

For a potential attacker to access the functionality of seed phrases written in plain text, they first need to somehow unlock a device. Right?

It's trivial to unlock PIN codes from those devices, and I think that some DIY wallets like PiTrezor are keeping seed words in regular format on SD card, but you can always encrypt your SD card.

Either with physical access to the device, or through malicious firmware updates which you would transfer to the device via an SD card or similar.

Firmware downgrades are main attack form for hardware wallet devices and I think some wallets still have this option enabled by default.

[witcher_sense]

Ordinarily, sure, but if you introduce a process to retrieve the seed phrase from wherever on the device it is encrypted and hidden and display it in plain text, then you increase the attack surface and create the possibility of someone managing to hijack that process to retrieve the seed phrase without having unlocked the device.

Right, I am not arguing against that, it does increase the attack surface precisely because the more features and complexity there are, the easier it is for an attacker to find the ways to exploit them and harder for white hats to find and fix vulnerabilities. That is one of the reasons why bitcoin, unlike dumb-contracts, has never been hacked. Just keep it terribly simple.

Knowing a seed phrase is significantly worse, since an attacker can wait until you deposit larger amounts of coins to your wallets before stealing them, and can also now attempt to bruteforce any additional passphrased wallets which use that seed phrase.

Probably. However, for a successful bruteforce attack, a malicious actor needs to know beforehand that there is a considerable amount of money behind the passphrase, at least it needs to be bigger than what he is going to invest in bruteforce hardware, he also should have high confidence that the passphrase is of relatively low length and entropy, otherwise, there is no point in trying.

Either with physical access to the device, or through malicious firmware updates which you would transfer to the device via an SD card or similar.

Regarding malicious firmware updates it should be questioned first if we should update an air-gapped wallet at all.

[o_e_l_e_o]

Regarding malicious firmware updates it should be questioned first if we should update an air-gapped wallet at all.

I see where you are coming from, but there are plenty of reasons why a completely airgapped wallet might need updated,
everything from patching vulnerabilities to supporting new address types such as segwit or taproot. It would also have to be a brave company to release a wallet without any way of updating the firmware. Can you imagine if after they've sold a million units someone discovers some critical vulnerability and they have no way of patching or mitigating it? That would probably be the end of said company.

[PrimeNumber7]

Regarding malicious firmware updates it should be questioned first if we should update an air-gapped wallet at all.

I see where you are coming from, but there are plenty of reasons why a completely airgapped wallet might need updated,
everything from patching vulnerabilities to supporting new address types such as segwit or taproot. It would also have to be a brave company to release a wallet without any way of updating the firmware. Can you imagine if after they've sold a million units someone discovers some critical vulnerability and they have no way of patching or mitigating it? That would probably be the end of said company.

Can you really say a Hardware wallet is truly "air-gapped" if you are pushing firmware updates to it? Doing so in a way that your "average" user can complete the process without undue expenses.

I think to keep the HW wallet having it's "air-gapped" status after updating firmware, someone would need to compile the source code of the software that updates the firmware, and the firmware itself manually, and verify signatures signing the above code, signed by an entity you can trust, all on an air-gapped computer. I don't think this is something someone could do without a fairly decent amount of technical knowledge, and there would be costs involved that probably exceed the cost of the HW wallet.

I think if you were to update firmware via connecting the HW wallet to an internet-connected device, I don't think most people would consider the HW wallet to be "air-gapped" anymore. There are plenty of ways to do this safely while putting the risk of malware being introduced at near zero, as current HW wallet manufacturers do today, but I also think this procedure means these HW wallets are not "air-gapped".

[n0nce]

Can you really say a Hardware wallet is truly "air-gapped" if you are pushing firmware updates to it? Doing so in a way that your "average" user can complete the process without undue expenses.

I think to keep the HW wallet having it's "air-gapped" status after updating firmware, someone would need to compile the source code of the software that updates the firmware, and the firmware itself manually, and verify signatures signing the above code, signed by an entity you can trust, all on an air-gapped computer. I don't think this is something someone could do without a fairly decent amount of technical knowledge, and there would be costs involved that probably exceed the cost of the HW wallet.

I think if you were to update firmware via connecting the HW wallet to an internet-connected device, I don't think most people would consider the HW wallet to be "air-gapped" anymore. There are plenty of ways to do this safely while putting the risk of malware being introduced at near zero, as current HW wallet manufacturers do today, but I also think this procedure means these HW wallets are not "air-gapped".

In the end, everyone may choose their own definition of things and choose the method they like most to store their coins.
Matter of fact though: the commonly accepted definition of an airgapped wallet is that it's not physically connected to an online machine. I know it's vague, so there's room for interpretation.

As for your suggestions: Lixin from Keystone confirmed they are planning for a version of their device that comes without firmware, so both the initial install and any updates will need to be compiled and flashed by you yourself. Maybe this would be something for you!

2) With our next gen we will have a cypherpunk version which allows users to burn their own firmware. And this version won't be shipped with a workable firmware so the user has to compile his own firmware and hopefully this will avoid new comers from buying it.

I am not 100% sure how the firmware is updated on this device, but as far as I know, Passport and ColdCard use an SD card to transfer the firmware update. This means you're still not directly connected to a computer while updating. But sure, the file could be modified when copied to the SD. Only issue is the device verifies it before applying it (same as when updating via USB cable usually), using signatures.

Finally, if someone's really sure their host machine is super infected and don't trust it to update their wallet they can also just not update it Nobody forces anyone to update a first-gen hardware wallet to a version that supports SegWit for example, it will continue working on the very first firmware. And in case of a security issue, you can just buy a new device and transfer the funds if you don't trust installing the security patch via firmware update.

[dkbit98]

Can you really say a Hardware wallet is truly "air-gapped" if you are pushing firmware updates to it? Doing so in a way that your "average" user can complete the process without undue expenses.

Yes you can.
In a same way like you would still use Airgapped computer with updated version of Electrum or any other software wallet with offline system update, not connecting to internet.
It's your own fault if you screw something up during the process of update, and procedure is very simple, click download on other online computer, verify software signature and then install it on airgapped computer.