Security
Security is the most important thing for the user when it comes to private key storage.
The attacks possible on a hardware can be broadly classified into:
Remote Attack
Physical Attack
Remote Attack
The term remote means attacks where the attacker doesn't have physical possession of the device. A remote attacker can manipulate data sent to the hardware wallet or control a device that the wallet communicates with. This creates limits on what the attacker can do. If the wallet connects to a computer over USB, the attacker needs to find and exploit a bug in the device’s USB software stack or application layer usage.
Remote attackers are limited in what software/hardware they can look for vulnerabilities in because they can only see exposed external interfaces. With great sophistication, the attackers are still limited and hence it is much easier to protect code execution and use of internal device secrets because there is less software and hardware exposed to attacks.
Physical Attack
Supply chain attack
Evil maid attack
Side channel Analysis
PIN bruteforce attack
Flashing malicious firmware
$5 wrench attack
The hardest challenge for wallets is protecting secrets from an attacker that has physical access to the device. This type of attacker can steal your device from you on the street or from your house when you are gone. They can modify your device hardware or firmware without your knowledge. Physical attackers have unlimited attack vectors.
Every kind of security can be defeated by a physical attacker if the attacker has enough time and money. As an example, hardware security labs have the ability to completely reverse engineer the silicon chip or a Government in power can force the manufacturer to turn over the design files. After a chip's internal design has been fully recovered, a lab can very effectively target specific areas on the chip using a laser to induce changes in memory or logic. The memory state change can cause the chip to not check critical security parameters before running some operation.
Keeping both the Remote and Physical attack vectors in perspective, HODL Tech seeks to protect your seed phrase and conduct secure transaction signing. Even if a hacker steals your X1 device, it is impossible to extract your private keys from the device. Further our unique design ensures that your assets are safe from all known attacks as explained below.
Supply chain attack
The X1 device comes preloaded with a non replaceable bootloader. On first boot, the device instructs the user to download the desktop application from HODL Tech’s website. When the X1 device detects the application, user can verify their new device securely. Every X1 device and cyCard could be uniquely verified by our server using 256 bit elliptic curve digital signature algorithm. Once the X1 device gets verified through the desktop app, user can download the latest signed firmware into the device.
Evil Maid Attack
Evil maid attack happens when a hacker gets physical access to an unattended device and alters it in some undetectable way, so that the hacker can remotely access it later. Let’s assume, if the X1 device is embedded with a wireless transmitter, the compromised X1 device could transmit any PIN it received. To prevent that happening user is instructed to verify the X1 device on every boot. Every X1 device and card has a serial number and a unique 256 bit private key.
Side channel Analysis
Wallet does not store any private information like X1 device seed, PIN or PIN attempt counter etc. Hence there is no useful data to extract or glitch upon. PIN authentication takes place inside the EAL 6+ secure element on cyCard.
PIN bruteforce attack
It is important to note that PIN authentication takes place inside the cyCard. Every time a wrong PIN is entered, the waiting time between the attempts increases exponentially.
Flashing malicious firmware
Official firmware is signed by the HODL Tech master key. Installing unofficial firmware is not possible on genuine X1 device since X1 device comes preloaded with a secure bootloader.
$5 wrench attack
A $5 wrench attack occurs when an attacker physically threatens you using a deadly weapon to hand over your private keys or send over the funds.
For maximum security, it is recommended to store cyCard at different locations. This increases the time required to get access to the keys and in turn increases the risk for the attacker. Further you can maintain multiple wallets in single HODL Tech , one of which can be used as a dummy wallet for which the keys can be handed over.
Combination of HODL Tech and cyCard is
the first such attempt to decouple storage and computation aspect of a hardware wallet. It is one of the most unique and secure methods to ensure the safety of Digital assets.