Oddbean new post about login | logout If that happens you're screwed anyway. A compromised HWW might as well contain a radio transmitter. We need better tamper-proof seals.
That’s not a scalable attack. In that model the attacker has to be kinda nearby when you use the HWW.
Ever heard of GSM?
I wonder how you would pull that off. How small is the smallest GSM and how would it know when to strike as GSM is quite detectable. If it blares out its presence on every power-up, that hardware would make the news in a week. So ... scaling is a problem with GSM, too.
I don't know how small GSM is today but I know that ten years ago the smallest widely available wifi module was around 100 times larger and 10 times costlier than today. So it migh become feasible in the future. There are other radio communication protocols as well.
You can definitely include a GSM chip for cheap, but now the device board actually looks visually different, which people can identify, even if admittedly relatively few would. Still, if you did this en-masse it’d likely be discovered before too long, whereas a malicious firmware likely would not.
I'm just wondering if something like the AirTag infrastructure could be used for minimal power antennas. By Apple I'm pretty sure the answer is yes. All the phones are spying on us in more ways than we imagine.
In theory, but I’m not sure if you can transmit arbitrary messages over that without being Apple.
The attacker could pretend it's 256 devices and transmit the seed by simply sending or not sending a message. It's not that high number.
My point was I’m not sure you can pretend you’re *any* devices without being an Apple device. In any case nostr:nevent1qqsqac7czr2hk05gkf0l5s59tg3tz8xyspn9ea7aqxrvg9pswev8y8spzfmhxue69uhk7enxvd5xz6tw9ec82cspz3mhxue69uhkummnw3ezummcw3ezuer9wcq3gamnwvaz7tmjv4kxz7fwv3sk6atn9e5k7qglwaehxw309ahx7um5wgkhyetvv9ujucnfw33k76tw9ehxjmn2vy728fpa
They have cheap BLE tags. If those cannot be reverse-engineered maybe you can record their beacons without the reach of any other device and then just replay them. Buying 256 tags may be worth it if the victim stores tens of millions satoshis. I'd be really surprised if there isn't any way to sneak out 256 bits of data. Or less if the attacker wants to do some brute forcing.
I understand the data to be signed and tied to an Apple ID. It may well also be tied to some per-device factory-sealed key. I mean you can always buy 256 real AirTags but hardware modifications are much more likely to be detected than software ones.
Even without it, there are other similar networks which relay information.
And there are hacks to make other components work as antennas, so there it is again, the dependency on a clean firmware. But the range without a dedicated radio chip is considerably less, reducing the risk in theory for many users.
Yes, that too. You can use Rpis pin to transmit FM radio for instance. Which gives me crazy idea: if you transmitted a fake ad "call <number> and say <seed> to win 1M dollars" how many people could hear it and would call?
I mean the power available to do that from inside a hardware wallet is probably not gonna make it far enough for much anyone to do much with it, doubly so if you only have a relatively limited time to get it through before you run out of power.
Yep, this specific idea was just funny thought, not a serious attack.