This topic is closely related to something that's been occupying my mind lately. I recently bought a ColdCard, and I've spent a few hours tinkering with it before I christen it "The Hardware Wallet." One of the things about the ColdCard that I like (it's a Mk4, btw,) is that it has a small amount of storage that can be mounted when plugged into a computer's USB port. The storage can be used to transfer wallet files to the PC after generating them in the cold card. When the ColdCard is unplugged all the data that was stored in said mount is automatically erased.
What I'm wondering, is if the data is just merely erased, or is completely purged? I doubt it's overwritten, but since it appears to be RAM is it completely unrecoverable when it loses power? The device also erases any Bip39 passphrase that's been entered when it's logged off or disconnected from power. I wonder how secure the device's memory features are.
There's a hardware difference between
volatile memory and
non-volatile memory. You can't really make something that has the properties of non-volatile memory, but if chosen can lose the data like a piece of volatile memory does.
As for BitcoinGirl.Club's panic attack; The Trezor and it's clones have open source hardware, which is partially why they are vulnerable to this attack vector
From what I can tell from the video, that's not what makes the wallet vulnerable. Kingpin did use the firmware source code (
software!) to identify a flaw. To identify that there's a point in time where the secure memory is transferred to secure memory.
He then introduced a voltage glitch with a variety of offsets from the device boot, and let it run until it 'hit' the right spot and could freeze it in just the right moment & read out the seed.
Being open-source hardware didn't really make this attack easier, since such a 'brute-force' approach will work with other wallets too, if they have such a flaw in the source code.
Even worse, if you own a device whose firmware source code is closed, someone could gain access to the code by bribing a developer or reverse engineering a firmware file; use it for evil and nobody would be notified about it.
The risk can largely be mitigated by adding a Bip39 passphrase to your hardware wallet. This is especially important for the Trezor wallets, and any that use their source code. Even if the hacker is able to steal your hardware, and break into it to extract your seed phrase, there's no way for him to get to your funds if they are locked behind a strong passphrase. I certainly wouldn't consider this a cure, more like buying you a little bit of extra time to create a new seed and transfer all the funds.
I use passphrases on all my hardware wallets now, even if they are not vulnerable to the attack vector demonstrated in that video.
Passphrases are a whole new topic we can discuss somewhere else, but they have their downsides. For example, if not backed up with your seed, there could be all sorts of issues when you (or someone else) will need to restore the seed.
In general, if your hardware wallet falls into a thief's hands, you should just consider the seed compromised and quickly move the funds. Any security measures like secure element and PIN are simply ways to buy time.
