Profile picture
Peter Todd @peterktodd
, 11 tweets, 3 min read Read on Twitter
I hate dealing with infosec Twitter sometimes... I criticised calling Doom on a Bitfi that had been physically dismantled w/ circuit probes "hacking" - while carefully noting Bitfi did have issues.

What happens? Apparently one of them contacted a client of mine to bad mouth me.
Why is opening a device and playing Doom on it just a dumb stunt?

If you can open a device w/o the user noticing, you can also replace the hardware. And in particular, you can add a MITM *inside the device itself* between any secure element and the UI.
MITM the UI/UX and the security chip can't help you much: you might think you're authorizing a $10 payment to Alice, but the chip thinks you're trying to send $10,000 to Mallory.

Defeating this kind of attack requires tamper protection of *all* the hardware, not just one chip.
I've opened up a Ledger Nano S, and there's definitely room to MITM the display and buttons with a mod board (I used to design electronics, and did HW mods of similar difficulty all the time).

W/ practice adding a MITM mod would take just a minute or two.
Also, in the case of designs like the Ledger Nano S, there's actually two microcontrollers. Only one is a tamper resistant security chip - the other is a standard chip, and is used to control the display and buttons.

You'd be able to install Doom on it too if it were better HW.
The Bitfi hacking team know this of course, as one of them has demoed similar attacks in the past on the Ledger Nano:…

The same person who did the sloppy Doom demo! But that's a 16yo kid, so I'll cut him slack; the rest of the team not so much.
As for the client... What can I say, pure childishness. On the bright side, they respected me enough to know it was probably bullshit. On the not so bright side, they want to stay the heck away from stupid drama like this... And I don't blame them.
What the Bitfi hacking team should have done all along was stick to their actual attacks, like the more recently disclosed cold boot attack. That's an real threat: have a Bitfi stolen and the attacker can immediately steal your coins, w/o further action by you.
The problem with the glamorous Doom stunt is it's misleading in a way that FUDs open hardware.

It's a good thing that we can modify and inspect our devices, even hardware wallets! That's key to a healthy open source ecosystem, and real peer review of security.
You need peer review to catch mistakes; I strongly suspect that a clean laptop running Bitcoin Core can actually have a lower chance of coin loss than many HW wallets due to the risk of coin loss bugs alone.

How many eyes are on the Trezor or Ledger source code vs Bitcoin Core?
Anyway, that's enough dumb Twitter for tonight. Surely there's something better to do this weekend. :)
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Peter Todd
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

1px #999}