Why hardware wallets might not offer as much protection as you think, explained

Published at: Sept. 15, 2021

Are there use cases beyond crypto?

The issues facing hardware wallets are not exclusive to the crypto sector by any means.

Across multiple sectors around the world, there are a number of industries that have critical systems. They face the same challenge: Remaining up to date and fortified against attacks from the people who are trying to infiltrate.

Every government runs critical systems — alongside the military, hospitals, space agencies, nuclear plants, airports, chemical plants, unmanned train networks, banks and stock brokers.

The ramifications if these critical systems are compromised can be severe. Lives can be put at risk if key systems within a hospital are at risk, or if hackers successfully manage to target air traffic control at a major transport hub. In an increasingly digital world, millions of people can be affected by a single malicious actor pressing Enter.

The number of high-profile incidents is continually rising. Earlier this year, thousands of businesses were affected when the systems of Kaseya were compromised. Supermarkets in Sweden were forced to close because their tills stopped working, while trains ground to a halt.

ZeconDual is positioning itself as the answer for critical systems that need to achieve 100% resilience to cyberattacks.

Learn more about BlockUno

Disclaimer. Cointelegraph does not endorse any content or product on this page. While we aim at providing you all important information that we could obtain, readers should do their own research before taking any actions related to the company and carry full responsibility for their decisions, nor this article can be considered as an investment advice.

What’s the answer?

Some experts believe hardware wallets need to be completely air gapped to offer complete protection — and this means removing any other form of connectivity.

BlockUno has created a type of technology called ZeconDual that delivers air gapped firmware updates through ultra-fast transmission of multiple QR codes — and this means that all network components can be safely removed.

The company told Cointelegraph: “Cybercrime is continually on the increase and there’s no indication of it slowing down or ever being eradicated. Devices and their data can only be 100% resilient to a cyberattack if they’re air gapped with all networking components and memory card slots removed. Any other device claiming to be cyberproof is hiding behind a false sense of security as it has been repeatedly demonstrated that any device/system connected online eventually gets hacked.”

Over the past 12 months, BlockUno has created a prototype hardware wallet that brings this new concept to life — and now, it is planning to hold a competition to prove that its technology is 100% resilient to a cyberattack.

What happens if a hardware wallet is compromised?

It all hinges on whether the USB stick or memory card that’s used for a firmware wallet has been infected.

Laptops are easily infected by viruses — and if one of these computers is used to load a USB stick or memory card with a firmware update, it’s possible that the information transferred could include malware or a virus.

This can then make its way over to a hardware wallet, putting a user’s funds at risk. There have been a number of incidents where devices from popular brands were  compromised in this way. Even when such vulnerabilities are patched up by the manufacturer, it can only be a matter of time before the next attack vector is exploited.

What are the main risks that users face?

Peace of mind is essential when it comes to purchasing a hardware wallet — and you might want to reassess the attributes you’re looking for.

Instead of admiring an LCD screen that a device boasts, or the seemingly endless array of digital assets that it supports, it’s smart to look at the security measures that are in place to protect your crypto — and how a hardware wallet is updated.

Crypto enthusiasts need to take responsibility of their funds — and this means guaranteeing that you have sole and absolute control. Relying on a third party isn’t necessarily going to cut it in times of a crisis.

Some banks offer physical devices that provide a six-digit PIN that users need to enter when logging into their accounts or sending large transactions. Although these devices are air gapped, experts say six digits isn’t enough to deliver absolute security — and integrity can be compromised if the digital signatures it provides aren’t generated in an offline environment.

Air gapped security is crucial — and some hardware wallet providers have started to embrace QR codes for transactions. However, the benefits of this are eroded when firmware updates are executed via USB ports or any other form of connectivity.

Remind me… what is a hardware wallet?

Often similar in appearance to a USB stick, a hardware wallet is a device where you can store cryptocurrencies and tokens in one place.

One of the biggest benefits associated with hardware wallets lies in how they offer a form of cold storage — a way of keeping your assets out of a hacker’s reach.

But as we’re going to explain in this article, depending on a hardware wallet doesn’t necessarily guarantee that your portfolio is 100% safe.

Of course, a major risk associated with these devices is that — unless it is backed up — you could lose access to your crypto forever if it is lost or damaged. 

An even more pressing matter concerns ensuring that hardware wallets are regularly updated with the latest firmware, providing an additional layer of security. But here’s the rub: Acquiring these updates usually involves connecting directly or indirectly to the internet.

Tags
Related Posts
What is a seed phrase and why is it important?
How to keep your seed phrase safe A crypto seed phrase in the wrong hands can do damage, so it is advisable to always ensure it is safe. The following are some tips for ensuring your seed phrase is secure. Never share your seed with anyone else: It’s extremely important that you never reveal your recovery phrase to anyone. Why? Because if someone else finds out your recovery phrase, they will be able to access — and therefore control — your crypto funds. Make a note of it on paper and keep it in a secure location: This is the …
Blockchain / Aug. 27, 2022
This platform turns data into cryptocurrency
Large-scale data breaches and the abuse of data by cybercriminals have become an everyday reality. Data is being utilized to drive massive profits in big tech and beyond. In 2018, a breach at Marriott Hotels resulted in 500 million records being stolen, and just earlier this year, Facebook had an enormous break where the details from 533 million users were taken. Cirus is offering individuals new financial opportunities through data monetization using the power of Web 3.0. With over 4,000 Cirus devices currently deployed in real households, the Cirus team is aiming to propel a new ownership economy. By harnessing …
Blockchain / Sept. 17, 2021
'Less sophisticated' malware is stealing millions: Chainalysis
Cryptojacking accounted for 73% of the total value received by malware related addresses between 2017 and 2021, according to a new malware report from blockchain analysis firm Chainalysis. Malware is used to conduct nefarious activity on a victim’s device such as a smartphone or PC after being downloaded without the victim’s knowledge. Malware-powered crime can be anything from information-stealing to denial-of-service (DDoS) attacks or ad fraud on a grand scale. The report excluded ransomware, which involves an initial use of hacks and malware to leverage ransom payments from vicitms in order to halt the attacks. Chainalysis stated: “While most tend …
Blockchain / Jan. 20, 2022
Crypto app targeting SharkBot malware resurfaces on Google app store
A newly upgraded version of a banking and crypto app targeting malware has recently resurfaced on the Google Play store, now with the capability to steal cookies from account logins and bypass fingerprint or authentication requirements. A warning about the new version of the malware was shared by malware analyst Alberto Segura and treat intelligence analyst Mike Stokkel on Twitter accounts on Sept. 2, sharing their co-authored article on Fox IT’s blog. We discovered a new version of #SharkbotDropper in Google Play used to download and install #Sharkbot! The found droppers were used in a campaign targeting UK and IT! …
Blockchain / Sept. 5, 2022
NFT-delivered court orders an answer to blockchain-related litigation: Lawyers
Non-fungible tokens (NFTs) are becoming an increasingly popular solution to serving defendants in blockchain-based crimes that would otherwise be unreachable, according to crypto lawyers. The last year has seen an increase in litigation delivered over NFTs in cases where those accused of blockchain crime wereuncontactable through traditional methods of communication. In November 2022, the United States District Court for the Southern District of Florida granted a United States law firm The Crypto Lawyers its request for its client to serve a defendant via NFT. While the defendant's identity was unknown, the plaintiff accused the defendant of stealing cryptocurrency to the …
Adoption / Jan. 24, 2023