Spectre and Meltdown are going straight for your Private Keys – How safe is your hardware wallet?

The BBC reported today that the tech industry kept the latest threat to our online life secret for six months, hiding behind non-disclosure agreements.

 

 

Apparently, there are two bugs, known as Meltdown and Spectre, which exploit security vulnerabilities in Intel, AMD, and ARM processors in all types o devices, including PCs, laptops, tablets, and smartphones.

 

Meltdown affects all devices with Intel chips, which are estimated to be in 90% of all computers (desktop and laptop combined), the BBC reported. Intel stock price had its own Meltdown today with $11 Billion of market value knocked off the company’s share price.

 

 

The bad news is what every Bitcoiner or Crypto owner knows – We are all at risk.

This is what we all know:

1.Don’t trust your PC or Laptop [ It might have Intel inside ]
2.The idea that applications or wallets are shields is nonsense
3.Move your Crypto offline or onto a hardware wallet

 

 

So now the question – How safe are your popular hardware wallets?

Hardware wallet companies, Trezor and Ledger were quick to defend their products.

As Cointelegraph reported, Pavol Rusnak, the chief technical officer at Satoshi Labs, the parent company of Trezor, wrote:

“As more people are asking: @TREZOR is not vulnerable to recent Meltdown and Spectre hardware attacks because it has processor not affected by these. Also, our firmware is always signed, so the device never runs untrusted code. Using a hardware wallet is now more important than ever.”

 

Rusnak further emphasized that users should rely on hardware wallets because Spectre attacks have drastically impacted the cloud services on which many cryptocurrency exchanges and wallet platforms operate.

 

In a related event, today, several cryptocurrency exchanges including Bittrex were taken offline due to the vulnerabilities found in Intel CPUs and Azure cloud services offered by Microsoft, and by extension, the exchanges hosted on Azure.

 

New York Times cybersecurity journalist Nicole Perlroth wrote:

“Meltdown and Spectre show that it is possible for attackers to exploit these design flaws to access the entire memory contents of a machine. The most visceral attack scenario is an attacker who rents 5 minutes of time from an Amazon or Google or Microsoft cloud server and steals data from other customers renting space on that same cloud server.”

 

 

How to keep funds safe

Bitcoin experts and cryptocurrency hardware wallet developers have recommended that customers to move their funds away from centralized online platforms to hardware wallets.

 

Jonas Schnelli, a Bitcoin Core developer, stated:

“The current privileged memory side channel attacks just confirms what many Bitcoin users already know. Don’t trust your PC. Don’t think applications (and private keys) are shielded. Use a hardware wallet.”

In contrast to exchanges which take control and custody of client funds, hardware wallets allow users to maintain full control of their private keys and thus their funds.

 

Ledger Wallet warns against Wi-Fi

The Ledger development team released a detailed blog post as to why hardware cryptocurrency wallets are not at risk due to Intel, AMD and ARM CPU vulnerabilities. The company wrote:

“Ledger’s devices are not affected by these attacks. First of all, to exploit these flaws, the attacker has to be able to run arbitrary code. As long as you only use Ledger’s embedded apps (which is strongly recommended), your Nano S / Blue is not vulnerable to these kinds of attacks.”

Most importantly, because any modern machine is affected by the Spectre vulnerabilities, it would be wise not to use Wi-Fi while sending and receiving cryptocurrencies.

 

 

Quoted from the Ledger blog:

Is my Ledger hardware wallet affected?

Here is the good news. Ledger’s devices are not affected by these attacks.
First of all, to exploit these flaws, the attacker has to be able to run arbitrary code. As long as you only use Ledger’s embedded apps (which is strongly recommended), your Nano S / Blue is not vulnerable to these kinds of attacks.

Furthermore, BOLOS (Ledger’s secure OS) runs on Secure Chips and takes advantage of Hardware security features such as MPU to ensure memory isolation between OS and apps spaces. On general purpose CPUs, the performance is the main concerns, no specific hardware-based mechanism is provided to enforce isolation

Meltdown attack takes advantage of general purpose CPU which implement ‘out of order’ execution to improve performance. The Secure Core implemented in the Secure Element of Ledger Nano S does not embed such a feature. It’s not designed for performance but for security.

Full story – Click Here

 

However, in these wallets, they still run an operating system with electronic chips and even though the safety of these are stressed by the companies we would suggest an alternative that provides complete security.

 

 

The Swiss Bank in Your Pocket

The Swiss Bank in your pocket suite of banking applications work on the premise where your keys are never stored on your PC or laptop, furthermore, the keys are encrypted and stored on an encrypted USB device. Not only is this device encrypted but is synced to work with only a specific PC or laptop. The application can also not be downloaded if not paired with an encrypted USB. These features create the same security as in an offline wallet and thus ensures that your funds are ultra- secure.  More on the Swiss Bank in Your pocket here: Click here

 

 

An interesting development on the concern about Wi-Fi is that Embedded Downloads, the developers of the world’s first blockchain phone, the BitVault® is also in the process of developing secure encrypted routers using blockchain technology to safeguard Wi-Fi.

 

The cryptocurrency, EOT [ Encryption of Things ] will be utilized for this encryption.  More on EOT – Click Here

 

Download the free Bit-Media App from the Google Play or Apple stores.

Click below and get your FREE BIT-MEDIA APP

 

 

Are you a Bitcoin Believer?  Test your belief here – The Bitcoin Believers Business Manifesto

Please leave your questions and comments below:

Introducing you to the Embedded Vault

Turn your computer into a secure, encrypted hardware device

Download Embedded Vault here

 

 

 

What is EOT – Encryption of Things?