Hardware Wallets and Cyber Security
Any device connected to the internet, no matter how much security is placed around it, given time, will/can eventually be hacked into.
Take US Department of Defence as an example, they quite frequently get hacked.
Carephone Warehouse regulated by the FCA – get hacked on a repeated basis (a few times a year).
Mt. Gox crypto exchange – biggest hack in the crypto industry, yet all of the above companies are spending millions of dollars securing their networks. Despite all the security around them, they frequently get compromised. The weak link in all of this is that you have a population of 7 billion people who have potential access to those networks because they are connected to the internet.
Therefore it follows that for a device to be secure – it needs to be isolated from these 7 billion people (many of whom are professional hackers).
In the crypto world, hardware wallets were introduced to solve this problem. Most hardware wallets are not connected to the internet.
Except when they have to be used to make a transaction, at this point most of these hardware wallets need to be connected to a laptop, desktop or a mobile phone. The moment this is done, these hardware wallets become similar to computers inside Carphone Warehouse or the US Department of Defence.
Hardware wallets connected via Wi-Fi, Bluetooth, NFC are no better off than wallets with a USB cable connected to a computer. This is because ultimately, they can be accessed through their connections.
Firmware Updates
Recently, hardware wallets have come onto the market which address the problem of cyber hacking by providing no connectivity to the wallet through any form of connection. This certainly is a very positive step towards securing digital assets.
However, these wallets overlook another problem that exists with the majority of hardware wallets available on the market.
In the crypto world, new digital coins are released every day. Blockchains which host digital coins have their protocols updated on a regular basis to address new found vulnerabilities. These two facts make it absolutely essential to update hardware wallets on a regular basis. This introduces the next problem.
Hardware wallets update their firmware/software through a USB cable connected to a computer or through some form of wireless connection to the internet or a flash memory card.
It has been shown earlier that USB cables and wireless connections to the internet in order to perform firmware updates re-introduces the same vulnerabilities for which these hardware wallets were brought to market in the first place.
A flash memory card is no more secure than the laptop/desktop computer in which it is plugged into. If this flash memory card is plugged into a hardware wallet to perform a firmware update, the wallet itself becomes vulnerable.
Usability
A major hurdle which prevents the mass adoption of digital currencies is the complexity involved in making a payment.
In a retail environment similar to a supermarket self checkout till, holders of digital currencies wishing to make a payment using existing hardware wallets would need to establish a connection to the POS terminal at the checkout.
A security conscious retailer would never allow a USB hardware wallet to be plugged into their system. The reason being, they simply don’t know if what the customer is plugging in, is virus free or not. Neither would they allow a wireless connection for similar reasons. Needless to say some wireless connections would take several minutes to setup in the first place – a very unpractical exercise at a self checkout till.
There are some wallets on the market which can tackle the above problem at the till by utilising QR codes, however these wallets exhibit two major problems. They all provide either a memory card slot, a wireless connection, or a USB connection for firmware updates. In addition, they all have a single screen, this poses a problem when the data required to be transmitted to the POS terminal cannot be squeezed into a single QR code (which is quite frequently the case). This forces the user to perform several tedious, manual operations depending on how many QR codes need to be scanned by the POS terminal.
Introducing Our Solution… Zecon Dual
Security
Completely air gapped eradicating the possibility of online attacks.
Zero memory card slots preventing the device being compromised during firmware updates.
Not only does the private key never leave the device, it’s also encrypted rendering all intrusion attempts futile.
Features
- Single position scanning thanks to it’s patented dual screens. No more revolving the wallet around the online device.
- Securetransactionsandfirmwareupdates through ultra fast QR code scanning.
- Intuitive interface requires no manual or online instructions.
- Scan recovery matrix for error free importing of wallets.
- Dual screens on either side prevents the need to perform tedious manual operations when scanning multiple QR codes.