Oddbean new post about | logout
 Do you have a link to the Mk4 exploit? 
 STM32s are already known to be not very difficult to dump.

Along with existing attacks on the DeepCover SE and the ATECC one, this allows extraction of the seed.

The ATECC one especially has poor track record having been defeated by the same attack on 3 revisions of the chip. 
 Do you like Seedsigner? 
 It arguably is one of the few devices in the Bitcoin signing device space that properly explains its threat model, risks and benefits.

If you are wondering, your bank card is more secure than 95% of HWWs. 
 This is why I have a hard time leaving the Apple ecosystem. It's has plenty of flaws, but weak protections isn't one is them. Are there any other consumer systems with seL4-grade firmware? 
 Most HWWs are developed using cheap IoT SEs, some with poor track records. These only provide protections against basic attacks and anyone that stole a few HWWs holding 1BTC can easily make a good return on investment.

They also are not developed with security by design: it’s literally “throw shit at a wall until it works” 
 I figured, I'm drawn towards the DIY devices for those reasons. The attacks required to exploit seem extremely advanced

I thought the Crypto guide fork with a Satochip plugin was an interesting twist. 

https://youtu.be/Rhs9z5uL7qg?feature=shared

https://github.com/3rdIteration/seedsigner
 
 🤖 Tracking strings detected and removed!

🔗 Clean URL(s):
https://youtu.be/Rhs9z5uL7qg

❌ Removed parts:
?feature=shared 
 I’m intending to be transparent with what my device can and can’t do, unlike most vendors out there.

Also, using a proper SE, same as the ones in a lot of servers + security keys + ID cards etc. 
 Cool. Keep us posted