Once more on the current security of HW.

[satscraper]

TL; DR

Bulk of HW in circulation operate partly owing to MCU developed by couple of chip manufactures. These chips deal with private keys and if compromised by backdoor may leek sensitive information.

Concerns arise from the fact that  government agencies use similar tactics for surveillance while STMicroelectronics is

 

What are your thoughts, guys, on this?

https://thebitcoinmanual.com/articles/achilles-heel-btc-hardware-wallets/

[1714474613]

1714474613

[1714474613]

1714474613

[1714474613]

1714474613

[1714474613]

1714474613

[1714474613]

1714474613

[dkbit98]

What are your thoughts, guys, on this?

Than you would have the same problem with all electronic devices, including computers, laptops, smartphones, etc.
Simple solution for this is using air-gapped open source devices, so even if microchips are compromised, risk should be much lower because this devices are not connected with anything.
I am always suspecting big chip manufacturers are installing hidden backdoors, it's a fact laptops have them, so ideal solution would be release of open source chips that can be investigated by security experts.
We are long road ahead for that to happen, even RISC-V have their flaws, but I hope Trezor upcoming chip will shake things up.

If you want to check what most hardware wallets are using for microchips and secure elements, visit one of my topics called Secure Element in Hardware Wallets:
https://bitcointalk.org/index.php?topic=5304483.0

[satscraper]

Simple solution for this is using air-gapped open source devices, so even if microchips are compromised, risk should be much lower because this devices are not connected with anything.

Air-gapped open source  devices are fine but unfortunately they are also vulnerable to  "chosen nonce attack" which may be specific for wallets with compromised MCU.  To disguise this attack they may gradually  leek the small portions of  relevant info so that the whole SEED could be reconstructed from chosen transactions.

If you want to check what most hardware wallets are using for microchips and secure elements, visit one of my topics called Secure Element in Hardware Wallets:
https://bitcointalk.org/index.php?topic=5304483.0

Thanks, very informative thread, gradually reading  and trying to comprehend  every post in it.

[DaveF]

The main thing to keep in mind is that with most camera possibly all of the hardware wallets out there today they are using standardized chips to perform the functions. So yes these chips might be doing something shady, but and this is important, it would be doing it for all the devices that they are used on. So if something was wrong with them it would not just involve hardware wallets.

Also, there are many eyes on these chips camera so while yet again they could be doing what they are doing, some very brilliant cryptographers and security people probably would have already seen something being “off" with them. They might not know exactly what is wrong, but they would know something is wrong.

At the end of the day it's been proven time and time again back the humans that use the devices are by far the weakest link.

There are people that keep using certain hardware wallets even though they have been proven to be security risks or outright vulnerable to attacks. And yet they are still being sold and people are still using. At that point, why would you even bother making a chip that is vulnerable, it's easier just to start your own hardware wallet manufacturing company and sell it cheap enough that people buy it no matter how much other people scream that it's not secure.

-Dave

[satscraper]

The main thing to keep in mind is that with most camera possibly all of the hardware wallets out there today they are using standardized chips to perform the functions. So yes these chips might be doing something shady, but and this is important, it would be doing it for all the devices that they are used on. So if something was wrong with them it would not just involve hardware wallets.

Correct, but it is hard to believe that HW vendors buy those chips on the wild market apiece. More likely than not  they do it by batches via contracts with  makers. So those chips used in HW   might have dedicated  "hidden" features.

[Cricktor]

I'm not sure how many HW manufacturers do it already in their code. They shouldn't rely on a single TRNG as source for entropy but rather combine multiple RNG sources, combine them safely (no expert here, I guess XORing them is enough) and thus no single "rigged" *RNG source from any chip in the HW can spoil entropy used to generate the seed and nonces. (I know that the BitBox02 uses multiple sources of entropy for seed generation and likely for nonce generation, too. I haven't checked the source code by myself yet, though.).

To particularly address the nonce covert channel attack there's the Anti-Klepto Protocol, explained here as implemented in the BitBox02. Please, forgive my focus on BitBox02 as an example for in my opinion suitable countermeasures. It's just that I informed myself a lot about this HW and consider it a good one. It's not perfect, but which HW is?

[DaveF]

The main thing to keep in mind is that with most camera possibly all of the hardware wallets out there today they are using standardized chips to perform the functions. So yes these chips might be doing something shady, but and this is important, it would be doing it for all the devices that they are used on. So if something was wrong with them it would not just involve hardware wallets.

Correct, but it is hard to believe that HW vendors buy those chips on the wild market apiece. More likely than not  they do it by batches via contracts with  makers. So those chips used in HW   might have dedicated  "hidden" features.

Doubt it, most of them don't sell direct to 'small users' and lets be honest that is what hardware wallet makers are.
They unless you are taking thousands and thousands all at once you get the 'go the resellers' when trying to buy. Trust me, been there, done that.

Keep in mind most of these chips cost below $1 when dealing in the single unit price and drop to $0.80 or less when dealing in quantity. They don't want to talk to you for 2500 of them, they want to sell to Mouser or Digikey and have them deal with you:

https://www.mouser.com/ProductDetail/Microchip-Technology/ATECC608B-MAHDA-S?qs=sPbYRqrBIVnKfPKcuUlUgg%3D%3D
https://www.digikey.com/en/products/detail/microchip-technology/ATECC608B-MAHDA-S/13415130?s=N4IgTCBcDaIAQEEAqBRAwmgbABgBwCEBaAWQQAkARBQgZRAF0BfIA

Even when you get to the higher end chips, you are still under $3.00 each in quantity 10+:
https://www.mouser.com/ProductDetail/Analog-Devices-Maxim-Integrated/DS28C36BQ%2bT?qs=vLWxofP3U2zN7T53brV95A%3D%3D

I guess the best way to put it, is one of the clients for my day job is a board level component manufacturer. When I need a part that is in their 'sample pack' or small local warehouse I can grab it from them if I am in the area. But if I need 25 of a part, THEY send me to digikey....

-Dave

[dkbit98]

Air-gapped open source  devices are fine but unfortunately they are also vulnerable to  "chosen nonce attack" which may be specific for wallets with compromised MCU.  To disguise this attack they may gradually  leek the small portions of  relevant info so that the whole SEED could be reconstructed from chosen transactions.

I never saw a single case of this attack being conducted with success in real life scenario, and I would say that chances of stuff like this happening is minimal or near impossible.
That doesn't mean that airgapped wallets are perfect, but when you combine them with passphrases and multisig setup, you are getting best protection for average bitcoiner.

The main thing to keep in mind is that with most camera possibly all of the hardware wallets out there today they are using standardized chips to perform the functions. So yes these chips might be doing something shady, but and this is important, it would be doing it for all the devices that they are used on. So if something was wrong with them it would not just involve hardware wallets.

I think that Passport wallet is using mostly open source hardware components and that includes camera, so I don't see any risk there if done correctly.

[satscraper]

Meanwhile the official doc describing security of STM32 microcontrollers wildly used in HW caught my eye. As it states they may undergo various type of outbreaks  and although  their design countermesures many of those attacks HW makers must take extra special measures to eliminate/mitigate possible threats.

Even MCU of air-gapped HW may be under the threats. Say those of them which utilize NFS protocol to communicate with software proxies may be vulnerable if that protocol have some  weaknesses. That is why it is very important for HW to be open sourced.

Very dangerous (and at the same  time the most cost-involved)  are hardware invasive attacks which are possible at direct access to device. So each HW  possessed by you  must be considered as device to which you and only you have access, no one else.