Thinking about the the evil maid potentiality for compromised security exists?
An evil maid cleans your hotel room and your seedsigner, a singlesig signer for your wallet.
The maid boots up your airgapped seedsigner, clones it, and leaves a replacement pi. You don't notice your original pi has been swapped out which gives time for any pin cracking, whilst the wallet from your unlocked device (also copied by maid) is in the hotel room next door, over the week on holiday, you notice your wallet balance emptied.
Long shot, not sure that it's possible, but my guess it is?
  • Not defending any arrogance
Solid scenario but not one I've heard. Good reason to secure both your seed plates and signing device.
reply
I guess it's uncommon for the sophisticated maid attack for the average hotel guest. But I hear that for high profile international visitors, diplomatic, possibly industry figures are going to run the risk of compromised security when traveling, corporate or political espionage.
I like both projects and I guess the advantage of seed signer is that it taught me much on how systems can be made secure with the caveat that there's always supply chain attack vectors.
Who are qualcomm, broadcom Inc.? Do they have my best interests at heart. I think that's where I'd like to learn about hardware specific for meeting the needs of the security conscious.
I like Coldcard being hardware without the software that puts me off other HWW.
reply
There is no way I'd be taking my signing device with life savings with me on a trip... but I guess that's me. I would load up spending money on a mobile wallet before I'd do that.
reply
41 sats \ 0 replies \ @xz 3 Apr
Maybe attacks would be more sophisticated in future. Or just more sophisticated maids. That's my thought. It's future proofing to a degree.
I remember there was a post on SN about someone that got their wallet drained after moving to relocate. I guess there are those times too. Although that might have been down to a different security flaw, and all of this is hypothetical, who knows how much there will be risks moving forward.
reply
33 sats \ 2 replies \ @xz 3 Apr
That's a fair point.
reply
This is the "it depends" part so often missing from security discussions. Absolutists are usually full of it. They are usually more interesting in dunking on others vs. explaining and educating people so that can make informed decisions.
Also this whole comment section is why I spend time on SN. So much more valuable than the dumb Twitter crowd and I'll say it.. Nostr for the most part. Low attention span fiat brain rot is strong on short form web sites/social media.
reply
33 sats \ 0 replies \ @xz 3 Apr
I feel ya.
reply