Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Speculation
Re: Wall Observer BTC/USD - Bitcoin price movement tracking & discussion
by
Voodah
on 29/12/2017, 06:51:43 UTC
Quote from: Rosewater Foundation on December 29, 2017, 06:31:56 AM
Quote from: Voodah on December 29, 2017, 06:26:25 AM
Quote from: jojo69 on December 29, 2017, 06:20:38 AM
Quote from: Rosewater Foundation on December 29, 2017, 06:10:49 AM
Quote from: jojo69 on December 29, 2017, 05:49:30 AM
The part in question is the STM32F205RET6 ARM processor which is easy enough to order up at the usual sources.

Unfortunately, counterfeit parts are epidemic in the components industry today, and the incentive to spin up a "special" one of these is...rather large

Can't you trust the usual places to source you clean parts? Where do SatoshiLabs order their parts?

Now you are starting to think.  THAT is a very good question.  One would hope that they have a secure delivery arrangement with the manufacturer...one would hope...their website is mute on the subject.

You guys had convinced me to get one until I read this post.

Is there any evidence to raise the minimum glimpse of suspicion? #doyouknowsomethingwedont?



I'd like to know how much damage one of these counterfeit parts can do? How nefarious can they possibly act in this context? Given the amount of dough other people have at stake, I suspect there's already been a lot of digging. I'm personally willing to risk being weirded by technology more than I'm prepared to have someone walk away with a paper wallet. But just barely.


It'd be big, specially for Trezor as a company; but I don't think it would be that big or even profitable in terms of money if you think about it. Being offline devices, the damage would be considerably mitigated by time alone. You'd (hopefully) get an email from Trezor an hour after the first few cases confirm a trend warning you to not plug and power your hw anywhere.

Going through the long con of modifying a chip design, going into production, distributing to retailers/waiting for the chips to be used by a company, and then sold and used; only to then choose a date when enough are in circulation to trigger the 0day, and only get as bounty the first random few wallets that come online that day... There are probably easier less involved ways to be a criminal.

They could try to simply sneak out a couple packets with key data every so often, and just acumulate them for the future; but that would get easily found out by people using them in secure networks.