Semisol on Nostr: Are you sure your SE's arent backdoored, anon? Many SEs used by HWWs do not include ...
Are you sure your SE's arent backdoored, anon?
Many SEs used by HWWs do not include features for attestation of chip authenticity.
A look-alike chip that behaves identically, but has a backdoor can be swapped in at any point during the supply chain, and you wouldn't know. A significant amount of HWWs, including ones marketed as "ultra secure", are vulnerable.
Normally, high quality SEs offer attestation and mutual authentication, where the manufacturers exchange keys, allowing the HWW to verify that the SE is in fact genuine, like so:
Most HWWs instead use low-quality, cheap, insecure SEs that are vulnerable to this attack and others.
#bitcoin
Published at
2025-05-19 13:29:26Event JSON
{
"id": "e9fe4b0fc51e26590e05e5a43c6f844ede4615dd472bd309c08c709485302484",
"pubkey": "52b4a076bcbbbdc3a1aefa3735816cf74993b1b8db202b01c883c58be7fad8bd",
"created_at": 1747661366,
"kind": 1,
"tags": [
[
"t",
"bitcoin"
]
],
"content": "Are you sure your SE's arent backdoored, anon?\n\nMany SEs used by HWWs do not include features for attestation of chip authenticity.\n\nA look-alike chip that behaves identically, but has a backdoor can be swapped in at any point during the supply chain, and you wouldn't know. A significant amount of HWWs, including ones marketed as \"ultra secure\", are vulnerable. \n\nhttps://i.nostr.build/UYhMaPojqIKyPXcJ.jpg\n\nNormally, high quality SEs offer attestation and mutual authentication, where the manufacturers exchange keys, allowing the HWW to verify that the SE is in fact genuine, like so: \n\n https://i.nostr.build/7VYMwAxHhNkMvrDn.jpg\n\nMost HWWs instead use low-quality, cheap, insecure SEs that are vulnerable to this attack and others. \n\n#bitcoin",
"sig": "c15f0cc390f1020e69fc75962c9f58b4ec9e17557ac591a8fa1af77b2a2a15e66ce4830430140b85288640d3cfce0ca88017b9cb9f1fe2d5112a78d11aee6103"
}
