Does anyone know of an off-the-shelf HW wallet whose PCB and software can be verified?
I appreciate that many manufacturers publish the open source code they pertain to use on the device, but are there any that allow verification of the code that's actually running on the device?
The angle I'm coming from is that I have to assume that the HW manufacturer will try and obtain my keys. They're selling me a device that they know I'm going to store valuable keys on, and so probably have my email address, and I'm also likely to open links in their emails/website.
Now if they were able to program the device with some proxy software that maliciously patched any code you uploaded to it and always returned the correct CRC/hash when queried, they would also be in a great position to infect my hot device (computer, phone etc) with malware installed when I click on one of their links.
Now if both the "hot" device and the "cold" HW device have malicious code, then even air-gapping isn't go to stop them obtaining your keys. For example, they could override your QR code with one that tells the HW wallet "give me the seed phrase".
Given this power, I feel very uneasy simply trusting them not to do this.
Am I missing something? Are there any off-the-shelf HW wallets that allow me to connect directly to the microcontroller and program or verify the code it's running?
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments