Nothing new here, just a different type of theoretical attack that requires you to run malicious software on your signer. With our model, users are responsible for making sure they are running good software -- same as it ever was.
quotinghttps://hackaday.com/2024/03/29/lora-with-no-radio
note1w2t…kzp8
This hack is pretty wild and SeedSigner (npub17ty…3mgl) is affected as far as I can see. Or does it not enable a previously impossible Evil Maid Attack:
Eve only needs access to the device for seconds to binary-patch the firmware on it. The compromised firmware would send out the seed, encrypted for Eve's receiver that she's hiding anywhere inside the house, while functioning normally else.
Now, when Alice loads her wallet on the compromised SS, it blasts out the keys and the receiver catches it.
Prior to this hack, a companion app could detect exfiltration but now, any companion app is side-stepped completely.
As a fan of SeedSigner (npub17ty…3mgl)'s approach, I wish there was a simple mitigation but maybe there is. Maybe incorporating tinfoil in the casing fixes this. Of a full metal casing so the maid can't just remove the tinfoil.