-
@ semisol
2025-05-19 13:29:26
Are you sure your SE's arent backdoored, anon?
Many SEs used by HWWs do not include features for attestation of chip authenticity.
A look-alike chip that behaves identically, but has a backdoor can be swapped in at any point during the supply chain, and you wouldn't know. A significant amount of HWWs, including ones marketed as "ultra secure", are vulnerable.
https://i.nostr.build/UYhMaPojqIKyPXcJ.jpg
Normally, high quality SEs offer attestation and mutual authentication, where the manufacturers exchange keys, allowing the HWW to verify that the SE is in fact genuine, like so:
https://i.nostr.build/7VYMwAxHhNkMvrDn.jpg
Most HWWs instead use low-quality, cheap, insecure SEs that are vulnerable to this attack and others.
#bitcoin