The Cypherock wallet is an innovative wallet that utilizes many hardware and software security best practices and even features several security firsts that we have not yet seen in other wallets.
Threat Overview
Threats to secure private key storage can be grouped into two categories: threats that come from attacks on the hardware and threats that come from human mistakes. Threats that come from human mistakes mainly comes from seed phrases that have already been eliminated from Cypherock X1.
The attacks possible on a hardware can be broadly classified into:
Remote Attack
Physical Attack
Remote Attack
The term remote means attacks where the attacker doesn't have physical possession of the device. A remote attacker can manipulate data sent to the hardware wallet or control a device that the wallet communicates with. This creates limits on what the attacker can do. If the wallet connects to a computer over USB, the attacker needs to find and exploit a bug in the device’s USB software stack or application layer usage.
The term remote means attacks where the attacker doesn't have physical possession of the device. A remote attacker can manipulate data sent to the hardware wallet or control a device that the wallet communicates with. This creates limits on what the attacker can do. If the wallet connects to a computer over USB, the attacker needs to find and exploit a bug in the device’s USB software stack or application layer usage.
Remote attackers are limited in what software/hardware they can look for vulnerabilities in because they can only see exposed external interfaces. With great sophistication, the attackers are still limited and hence it is much easier to protect code execution and use of internal device secrets because there is less software and hardware exposed to attacks.
Physical Attack
Supply chain attack
Side channel Analysis
Flashing malicious firmware
Evil maid attack
PIN bruteforce attack
$5 wrench attack
The hardest challenge for wallets is protecting secrets from an attacker that has physical access to the device. This type of attacker can steal your device from you on the street or from your house when you are gone. They can modify your device hardware or firmware without your knowledge. Physical attackers have unlimited attack vectors.
Every kind of security can be defeated by a physical attacker if the attacker has enough time and money. As an example, hardware security labs have the ability to completely reverse engineer the silicon chip or a Government in power can force the manufacturer to turn over the design files. After a chip's internal design has been fully recovered, a lab can very effectively target specific areas on the chip using a laser to induce changes in memory or logic. The memory state change can cause the chip to not check critical security parameters before running some operation.
Keeping both the Remote and Physical attack vectors in perspective,
Cypherock X1 seeks to protect your seed phrase and conduct secure
transaction signing. Even if a hacker steals your X1 wallet, it is
impossible to extract your private keys from the device. Furthermore, our
unique design ensures that your assets are safe from all known attacks as
explained below.
Supply chain attack
The X1 wallet comes preloaded with a non replaceable bootloader. On first boot, the device instructs the user to download the desktop application from Cypherock’s website. When the X1 wallet detects the application, user can verify their new device securely. Every X1 wallet and X1 card could be uniquely verified by our server using 256 bit elliptic curve digital signature algorithm. Once the X1 wallet gets verified through the desktop app, user can download the latest signed firmware into the device.
Evil maid attack
Evil maid attack happens when a hacker gets physical access to an unattended device and alters it in some undetectable way, so that the hacker can remotely access it later. Let's assume, if the X1 wallet is embedded with a wireless transmitter, the compromised X1 wallet could transmit any PIN it received. To prevent that happening user is instructed to verify the X1 wallet on every boot. Every wallet and card has a serial number and a unique 256 bit private key.
Side channel analysis
X1 does not store any private information like wallet seed, PIN or PIN attempt counter etc. Hence there is no useful data to extract or glitch upon. PIN authentication takes place inside the EAL 5+ secure element on X1 card.
Pin bruteforce attack
It is important to note that PIN authentication takes place inside the X1 card. Every time a wrong PIN is entered, the waiting time between the attempts increases exponentially.
Flashing malicious firmware
Official firmware is signed by the Cypherock master key. Installing unofficial firmware is not possible on genuine X1 wallet since wallet comes preloaded with a secure bootloader.
$5 wrench attack
A $5 wrench attack occurs when an attacker physically threatens you using a deadly weapon to hand over your private keys or send over the funds.
For maximum security, it is recommended to store X1 card at different locations. This increases the time required to get access to the keys and in turn increases the risk for the attacker. Further you can maintain multiple wallets in single Cypherock X1, one of which can be used as a dummy wallet for which the keys can be handed over.
Combination of X1 Wallet and X1 card is
The first such attempt to decouple storage and computation aspect of a hardware wallet. It is one of the most unique and secure methods to ensure the safety of Crypto assets.