420 sats \ 0 replies \ @Fabs 5 Aug
This is severely fucked up, be wary when updating your hardware, peeps!
reply
I saw this discussed on twitter. Thanks for sharing on SN.
reply
“Well, heh heh… you’re very much not going to like this.”
reply
Note that this is not relevant to hardware wallet using multisig between the host computer and the hardware wallet.
IMO, basically all hardware wallet usage should be with multisig. Otherwise you're just replacing one type of supply chain risk with another.
reply
1000 percent
I use Casa Keys co-founded by Jameson Lopp
reply
in other words... use multisig to not have to trust one hardware wallet manufacturer?
reply
Seems like Seedsigner could mitigate this using the rPi's secure boot feature, and maybe some sort of pin challenge that the user entered during initial configuration, but I'm not sure if that requires a network connection or not.
reply
would it exfiltrate a passphrase too?
Generally, it should be very difficult to install modified firmware to a security device, usually via a signature check. There is trust extended to the hw vendor to not make a malicious firmware.
reply
it's my understanding that all the major vendors... design their products and firmware in ways where it is difficult to impossible to install 'bad' firmware. it can still be done (ie 'custom' firmware) but warnings and notifications are provided to the user.
reply