https://hackaday.com/2024/03/29/lora-with-no-radio
This hack is pretty wild and SeedSigner (npub17ty…3mgl) is affected as far as I can see. Or does it not enable a previously impossible Evil Maid Attack:
Eve only needs access to the device for seconds to binary-patch the firmware on it. The compromised firmware would send out the seed, encrypted for Eve's receiver that she's hiding anywhere inside the house, while functioning normally else.
Now, when Alice loads her wallet on the compromised SS, it blasts out the keys and the receiver catches it.
Prior to this hack, a companion app could detect exfiltration but now, any companion app is side-stepped completely.
As a fan of SeedSigner (npub17ty…3mgl)'s approach, I wish there was a simple mitigation but maybe there is. Maybe incorporating tinfoil in the casing fixes this. Of a full metal casing so the maid can't just remove the tinfoil.
Leo Wandersleb
npub1gm…78rf6
2024-03-30 18:10:54
Author Public Key
npub1gm7tuvr9atc6u7q3gevjfeyfyvmrlul4y67k7u7hcxztz67ceexs078rf6Published at
2024-03-30 18:10:54Event JSON
{
"id": "7297b15ec06fa45e3b63f7c523ef9799e315227a294499af63b66b4605f675ca",
"pubkey": "46fcbe3065eaf1ae7811465924e48923363ff3f526bd6f73d7c184b16bd8ce4d",
"created_at": 1711822254,
"kind": 1,
"tags": [
[
"p",
"f2c96c97f6419a538f84cf3fa72e2194605e1848096e6e5170cce5b76799d400",
"",
"mention"
]
],
"content": "https://hackaday.com/2024/03/29/lora-with-no-radio\n\nThis hack is pretty wild and nostr:npub17tyke9lkgxd98ruyeul6wt3pj3s9uxzgp9hxu5tsenjmweue6sqq4y3mgl is affected as far as I can see. Or does it not enable a previously impossible Evil Maid Attack:\n\nEve only needs access to the device for seconds to binary-patch the firmware on it. The compromised firmware would send out the seed, encrypted for Eve's receiver that she's hiding anywhere inside the house, while functioning normally else.\n\nNow, when Alice loads her wallet on the compromised SS, it blasts out the keys and the receiver catches it.\n\nPrior to this hack, a companion app could detect exfiltration but now, any companion app is side-stepped completely.\n\nAs a fan of nostr:npub17tyke9lkgxd98ruyeul6wt3pj3s9uxzgp9hxu5tsenjmweue6sqq4y3mgl's approach, I wish there was a simple mitigation but maybe there is. Maybe incorporating tinfoil in the casing fixes this. Of a full metal casing so the maid can't just remove the tinfoil.",
"sig": "ddf72eb4969d0c254b3811b23fc060b471cf90018a9aaf2e7addfbba1dc3a4bf0626e09d5d0ce2914ac4725e832dd6054de232cb3e9eb8e57ffd3d559795c1ea"
}