Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Hardware wallets
Re: It is NOT secure to use hardware wallets (and it never was)
by
manchester93
on 12/04/2018, 06:53:31 UTC
Quote from: bob123 on April 10, 2018, 08:08:41 AM
And you are also right with the USB drive being the attack vector which would probably be the first one abused.
And it is indeed independent from your network adapters.

But there are other possibilities to transfer your unsigned TX to your offline machine and move your signed TX to your online pc.
The simpliest would probably be witht he help of two webcams:
  • Create unsigned TX on online pc
  • Display QR code of this TX
  • Scan the QR code with webcam connected to your offline machine
  • Sign the TX
  • Display the QR code of the signed TX
  • Scan this QR code with your webcam connected to your online PC
  • Broadcast transaction

Note that to be on the safe side, you should NOT connect your webcam to an online PC after connecting it to your offline storage.
This attack vector (flashing webcam firmware with malicious version) is pretty unlikely.. but it also does exist.

Thanks, I hadn't considered using a setup with photos/QR codes. Interesting. Definitely seems more secure than a thumb drive (although I think a thumb drive attack on an offline/encrypted wallet has got to be a really sophisticated and targeted attack).