Seems like Seedsigner could mitigate this using the rPi's secure boot feature, and maybe some sort of pin challenge that the user entered during initial configuration, but I'm not sure if that requires a network connection or not.
Generally, it should be very difficult to install modified firmware to a security device, usually via a signature check. There is trust extended to the hw vendor to not make a malicious firmware.
it's my understanding that all the major vendors... design their products and firmware in ways where it is difficult to impossible to install 'bad' firmware. it can still be done (ie 'custom' firmware) but warnings and notifications are provided to the user.
This is severely fucked up, be wary when updating your hardware, peeps!
Note that this is not relevant to hardware wallet using multisig between the host computer and the hardware wallet.
IMO, basically all hardware wallet usage should be with multisig. Otherwise you're just replacing one type of supply chain risk with another.
1000 percent
I use Casa Keys co-founded by Jameson Lopp
in other words... use multisig to not have to trust one hardware wallet manufacturer?
I saw this discussed on twitter. Thanks for sharing on SN.
“Well, heh heh… you’re very much not going to like this.”
Seems like Seedsigner could mitigate this using the rPi's secure boot feature, and maybe some sort of pin challenge that the user entered during initial configuration, but I'm not sure if that requires a network connection or not.
This issue seems relevant: https://github.com/SeedSigner/seedsigner/issues/390
would it exfiltrate a passphrase too?
See https://darkskippy.com/faq.html
Generally, it should be very difficult to install modified firmware to a security device, usually via a signature check. There is trust extended to the hw vendor to not make a malicious firmware.
it's my understanding that all the major vendors... design their products and firmware in ways where it is difficult to impossible to install 'bad' firmware. it can still be done (ie 'custom' firmware) but warnings and notifications are provided to the user.