Hardware wallet FUD (nonce attacks, unofficial firmware, etc)

[n0nce]

Back to hardware wallet topic, some of this devices are not allowing installation of unofficial firmware and they need to be signed, like in case with Keystone, and maybe Passport (not sure).
I think that for Trezor you can install any firmware you want, even create your device with custom firmware, but risk is that you can lose all your coins if you don't know what you are doing.

On Passport, by default you can only install a firmware image that is signed with Foundation's developer signing key.
However, you can add your own key and then it will let you install firmware signed by yourself and present you with a warning on each boot (so you'd notice if someone did it on your device).

[1714704835]

1714704835

[1714704835]

1714704835

[Pnigro]

What are your thoughts on this article:

https://robertspigler.com/in-defense-of-my-attack

Don't get me wrong, I use hardware wallets, I generate my own seed, etc.

But lately I've come across some anti-HWW bitcoiners and I've been wondering if HWWs are as secure as they claim to be.

[dkbit98]

On Passport, by default you can only install a firmware image that is signed with Foundation's developer signing key.
However, you can add your own key and then it will let you install firmware signed by yourself and present you with a warning on each boot (so you'd notice if someone did it on your device).

That is fine and it reminds me on something similar we can see on smartphones running grapheneos.
I am not sure how other hardware wallets are dealing with this because I never researched it deeply.

What are your thoughts on this article

I don't know what to say about two year old article, nothing new is said there.
There are risks purchasing and using hardware wallets, but you can mitigate most of them if you are careful.
You can buy device locally in official reseller shop, use disposable email address and alternative delivery address for ordering and delivery, use PO or UPS boxes, etc.
Alternative way is to build your own DIY signing device or just use small old laptop as a cold storage.
There is no perfect universal solution for everyone, and I can find negative or positive for any options.

[DaveF]

...But lately I've come across some anti-HWW bitcoiners

Eliminating EVERYTHING ELSE from the discussion, if you take a large enough group of people who are all passionate about something, there will always be groups within that group who are pro something or anti something.

Hardware wallets serve a purpose but they are not always the best answer for everything.
Someone holding $100 of BTC and using it to buy things and then getting more probably does not need a HW wallet.

Posted this close to 3 years ago, still true today: https://bitcointalk.org/index.php?topic=5205304

-Dave

[JL0]

How do we know the device (Blue Wallet, Passport.. etc.) wouldn't transfer the seed off itself using QR code?

Keystone:

Keystone’s QR codes are transparent. Users can verify what is getting in and out of their hardware wallets, ensuring no sensitive information is leaked. The team released the hardware wallet industry’s first open-source tool to decode the QR codes for users to know how the software works and enable signing off on intended transactions.

With Keystone, you are able to decode the QR code content in an easily readable fashion, showing you exactly what the hardware wallet is sending to the Keystone Companion app, and allowing you to verify that no sensitive data is being leaked.

Can this also be used for all other QR codes?


Source:

https://blog.keyst.one/ever-wondered-what-your-hardware-wallet-inputs-and-outputs-9b33b4cedafd

[NotATether]

...But lately I've come across some anti-HWW bitcoiners

Eliminating EVERYTHING ELSE from the discussion, if you take a large enough group of people who are all passionate about something, there will always be groups within that group who are pro something or anti something.

It's similar to the situation with VPNs, where some people claim that they (depending on the VPN provider) actually reduce privacy, since they can identify you based on the size and type of the packets you send from one point to another.

All in all, their recommendation was to make your own VPN using something like WireGuard or OpenVPN. Something similar like a DIY hardware wallet would work too, provided that it's made easy for people to assemble pieces of hardware and firmware together.

[dkbit98]

Can this also be used for all other QR codes?

I know for sure that Safepal hardware wallet has closed source this, so you can't verify anything coming from their QR code, and all other stuff they have is closed source.
I am not sure how this works for Passport hardware wallet, but they have almost everything open source like design and firmware, but you need to verify with them how QR codes work.
For DIY signing device SeedSigner QR code is simply a string of numbers representing each word on the BIP39 wordlist, and Krux signing device supports it:
https://github.com/SeedSigner/seedsigner/blob/main/tools/seed_phrase_to_qr.py

All in all, their recommendation was to make your own VPN using something like WireGuard or OpenVPN. Something similar like a DIY hardware wallet would work too, provided that it's made easy for people to assemble pieces of hardware and firmware together.

It's easy to make DIY hardware signing devices with raspberry pi zero, or with cheap M5StickV or Maix Amigo devices.
Nothing would connect you with Bitcoin and maybe you could purchase them in your local electronic shop.

[n0nce]

How do we know the device (Blue Wallet, Passport.. etc.) wouldn't transfer the seed off itself using QR code?

Just verify the QR codes. Generate a PSBT using the wallet application (in your example, BlueWallet), decode it and verify that it's just a PSBT.
Then take the signed PSBT QR code from the Passport and do the same.

I am repeating myself, but for maximum paranoia-security, you can read through Passport's firmware codebase, notice that it doesn't add any data except the signed PSBT to the QR code, then build it yourself, add your developer key into the Passport and flash it with your built binary.
This guarantees you that it's not doing anything dodgy.

Keep in mind, the application (BlueWallet) can't really 'leak' anything through the QR code anyway, as you only scan it with the hardware wallet. The hardware wallet always 'knows more' (the seed phrase) than the app, so there's nothing to be leaked in that direction.

All in all, their recommendation was to make your own VPN using something like WireGuard or OpenVPN. Something similar like a DIY hardware wallet would work too, provided that it's made easy for people to assemble pieces of hardware and firmware together.

It's easy to make DIY hardware signing devices with raspberry pi zero, or with cheap M5StickV or Maix Amigo devices.
Nothing would connect you with Bitcoin and maybe you could purchase them in your local electronic shop.

Let's always remember though, that open-source and DIY does not guarantee security of the codebase. It's possible / plausible that especially a newer, smaller DIY project with few, non-monetarily-motivated developers has had less 'eyes on the code' and fewer professional penetration tests against it than a commercially developed and sold product.

[dkbit98]

Let's always remember though, that open-source and DIY does not guarantee security of the codebase. It's possible / plausible that especially a newer, smaller DIY project with few, non-monetarily-motivated developers has had less 'eyes on the code' and fewer professional penetration tests against it than a commercially developed and sold product.

True, but in the same time there is much less danger that some attacker would even try to attack relative unknown devices like this.
It's almost impossible for them to achieve anything because this devices are mostly air-gapped (seedsigner, krux), unless you download and install some malicious firmware update.