Why hardware wallets might not offer as much protection as you think, explained
Remind me… what is a hardware wallet?
Often similar in appearance to a USB stick, a hardware wallet is a device where you can store cryptocurrencies and tokens in one place.
One of the biggest benefits associated with hardware wallets lies in how they offer a form of cold storage — a way of keeping your assets out of a hacker’s reach.
But as we’re going to explain in this article, depending on a hardware wallet doesn’t necessarily guarantee that your portfolio is 100% safe.
Of course, a major risk associated with these devices is that — unless it is backed up — you could lose access to your crypto forever if it is lost or damaged.
An even more pressing matter concerns ensuring that hardware wallets are regularly updated with the latest firmware, providing an additional layer of security. But here’s the rub: Acquiring these updates usually involves connecting directly or indirectly to the internet.
What are the main risks that users face?
Peace of mind is essential when it comes to purchasing a hardware wallet — and you might want to reassess the attributes you’re looking for.
Instead of admiring an LCD screen that a device boasts, or the seemingly endless array of digital assets that it supports, it’s smart to look at the security measures that are in place to protect your crypto — and how a hardware wallet is updated.
Crypto enthusiasts need to take responsibility of their funds — and this means guaranteeing that you have sole and absolute control. Relying on a third party isn’t necessarily going to cut it in times of a crisis.
Some banks offer physical devices that provide a six-digit PIN that users need to enter when logging into their accounts or sending large transactions. Although these devices are air gapped, experts say six digits isn’t enough to deliver absolute security — and integrity can be compromised if the digital signatures it provides aren’t generated in an offline environment.
Air gapped security is crucial — and some hardware wallet providers have started to embrace QR codes for transactions. However, the benefits of this are eroded when firmware updates are executed via USB ports or any other form of connectivity.
What happens if a hardware wallet is compromised?
It all hinges on whether the USB stick or memory card that’s used for a firmware wallet has been infected.
Laptops are easily infected by viruses — and if one of these computers is used to load a USB stick or memory card with a firmware update, it’s possible that the information transferred could include malware or a virus.
This can then make its way over to a hardware wallet, putting a user’s funds at risk. There have been a number of incidents where devices from popular brands were compromised in this way. Even when such vulnerabilities are patched up by the manufacturer, it can only be a matter of time before the next attack vector is exploited.
What’s the answer?
Some experts believe hardware wallets need to be completely air gapped to offer complete protection — and this means removing any other form of connectivity.
BlockUno has created a type of technology called ZeconDual that delivers air gapped firmware updates through ultra-fast transmission of multiple QR codes — and this means that all network components can be safely removed.
The company told Cointelegraph: “Cybercrime is continually on the increase and there’s no indication of it slowing down or ever being eradicated. Devices and their data can only be 100% resilient to a cyberattack if they’re air gapped with all networking components and memory card slots removed. Any other device claiming to be cyberproof is hiding behind a false sense of security as it has been repeatedly demonstrated that any device/system connected online eventually gets hacked.”
Over the past 12 months, BlockUno has created a prototype hardware wallet that brings this new concept to life — and now, it is planning to hold a competition to prove that its technology is 100% resilient to a cyberattack.
Are there use cases beyond crypto?
The issues facing hardware wallets are not exclusive to the crypto sector by any means.
Across multiple sectors around the world, there are a number of industries that have critical systems. They face the same challenge: Remaining up to date and fortified against attacks from the people who are trying to infiltrate.
Every government runs critical systems — alongside the military, hospitals, space agencies, nuclear plants, airports, chemical plants, unmanned train networks, banks and stock brokers.
The ramifications if these critical systems are compromised can be severe. Lives can be put at risk if key systems within a hospital are at risk, or if hackers successfully manage to target air traffic control at a major transport hub. In an increasingly digital world, millions of people can be affected by a single malicious actor pressing Enter.
The number of high-profile incidents is continually rising. Earlier this year, thousands of businesses were affected when the systems of Kaseya were compromised. Supermarkets in Sweden were forced to close because their tills stopped working, while trains ground to a halt.
ZeconDual is positioning itself as the answer for critical systems that need to achieve 100% resilience to cyberattacks.
Disclaimer. Cointelegraph does not endorse any content or product on this page. While we aim at providing you all important information that we could obtain, readers should do their own research before taking any actions related to the company and carry full responsibility for their decisions, nor this article can be considered as an investment advice.