Saturday, May 25, 2024
Home > City News > Cryptocurrency: Securing your Hardware Wallet

Cryptocurrency: Securing your Hardware Wallet

Manjunatha K
Cryptocurrency security expert, Koinlocker

It is a known fact that the storage of bitcoins is a risky and challenging as it is vulnerable for hacking. In the process of securing the Bitcoins, we have found that hardware wallets are to be most secured devices to hold BItcoins. Hardware wallets are special purpose computing device that generate the transaction key from the private key and do not share the private key even to the connected computer. However the available hardware wallets in the market also have some of the vulnerabilities that hackers can exploit. It is essential to understand these security risks so that one can prevent them getting exposed.
n Man in Middle Attack: Some of the hardware wallets do not display complete receiving address in their native display. This would be an opportunity for hackers, they can push a malware in the PC that is connected to the device. The malware will be monitoring, whenever the user tries to receive any Bitcoin, it will generate a new address that will have same numbers for the digits that are getting displayed in the hardware wallet and other digits are being manipulated to their address. User will not get to know that the address that is displayed in the device and their connected computer are different as the digits that are visible will remain same. After transaction is completed the bitcoin will finally transferred to the hackers address.
n USB Device Firmware Upgrade: The USB DFU allows the firmware of the device to be upgraded via the USB port and a device manager on the connected computer. Unfortunately, there are potentially a number of attack vectors that are opened up by being able to remotely flash the firmware via the USB. The microcontroller used in some of the hardware wallets allows user to take the flash dump where the private key is being stored. If the device upgraded with malicious code, the attacker could effectively gain control over the funds.
n Bypassing the pin: What happens when you lose the hardware wallet that land up in the hackers hand. In some of the currently available devices, hackers can easily bypass the pin by bridging some pins in the external clock cheps; This is also called as clock glitch attack.
n Supply chain: User has to ensure that the package sealed with hologram put by the manufacturer is intact before opening the package. Hacker can insert a programming header to flash malicious version of the software. When user connects the device, it may expose the hackers receiving address instead of the current device receiving address. Bitcoins transferred to the device will land in the hackers wallet.
n Recovery Phrase: The recovery phrase being the 12–24 word series that allows the reconstitution of private keys using BIP39. All current hardware wallets support recovery phrase, that can be used to recover the private key when the device is lost. Anyone who get the recovery phases can steal the Bitcoins. Is is very essential to preserve them securely.
In spite of all the above security threats, if user understands and takes the necessary precaution, then the hardware wallets are most secure way of storing Bitcoins. There are lots of research going on to make the hardware wallet more secure from being hacked!.

Leave a Reply

Your email address will not be published. Required fields are marked *