pull down to refresh
0 sats \ 0 replies \ @douglas 20h \ parent \ on: We are BitBox, makers of the open source BitBox02 - AMA! AMA
Yes! We have a blog post on this topic:
https://blog.bitbox.swiss/en/supply-chain-attacks/
Besides tamper-evident packaging, the better way is via the device authenticity check. Briefly, each BitBox02 has a unique key on its secure chip, that is generated and signed during factory installation.
The BitBox App automatically verifies authenticity using a challenge-response process to this key. If the device fails to prove it's genuine, a clear warning is shown to the user.