Ledger published an article exploring the importance of hardware wallets and a look inside the technologies used inside their own wallets. They cover everything from hardware and chip design to the firmware running on the devices.
On of the pros of Bitcoin since its birth is that it’s a public ledger, anyone is allowed to send and receive payments and data on the Blockchain. However, Bitcoin’s network does not provide a way of encrypting communication between nodes, which allows manipulation of data, mass surveillance and analysis of its users.
Although encrypted communication is currently a possibility with VPNs, TOR or other mechanisms, it is not easy for the average user to setup such a connection. There is BIP draft called BIP151 that aims to add encrypted communication to Bitcoin’s network and which currently seems implemented only by Armory.
This is summary for a submission by Ruben Somsen on bitcoin-dev on censorship resistant transactions.
Bitcoin transactions with light client wallets involve addition of transaction fees as incentive for miners to include the transaction to the blockchain through the process of mining. This creates a win-win situation.
First, without any specific conditions, miners get paid the fees provided the transaction gets included in a valid chain with the most proof-of-work.
Secondly, the user enjoys the benefit of his transaction being added to the blockchain. The fees also ensure the security of transaction on the network as miners cannot ignore the transactions or other miners will process it because it has a reward attached.
For the full node Bitcoin Core however, conditions for adding transactions to the blockchain are more specific, one of which is that transactions can only be added to a block with a block height that is one higher than the last.
Recently a physical attack vector on the Trezor One hardware wallet was disclosed by a security researched called Sunny, Trezor was quick to release a firmware update 1.6.1 but the researcher realized that another attack vector of the same type was possible so SatoshiLabs released the new firmware update 1.6.3 on the 30th of August.
Trezor comes with a tamper-evident seal and the attack vector only affects tampered devices, so if you bought your Trezor used or if it came with the seal broken, make sure you update the firmware first then set it up. If you’re updating an older Trezor, make sure to have the correct recovery seed on hand as you’ll need it to set it up.
The newest firmware verifies the authenticity of the bootloader in the device. The bootloader checks the signature of the firmware. If both are genuine, your device will not display a warning, and therefore your Trezor is safe to use.
A timewarp attack on Bitcoin allows malicious miners to game the timestamp system to allow them to increase the rate of block generation beyond what the blockchain meant it to be. This attack has been possible since 2012 and was demonstrated on the testnet.
This was dismissed as an unimportant issue for the past few years as it requires the majority of hashrate and is easily blocked once someone starts using it.