SimplestBitcoinBook on Nostr: Jade is great except for one important detail - it is possible to open, replace the ...
Jade is great except for one important detail - it is possible to open, replace the chip with a compromised one, close the device, and it will function!
The way to mitigate for this is to be sure to flash the firmware before setting it up, as it will not flash if the chip has been compromised.
While this is currently an unlikely supply chain attack vector, I don’t like that it is possible at all, and as bitcoin becomes more valuable supply chain attacks are more likely to increase.
I have spoken to the Blockstream (npub1jg5…6n8n) devs at a conference, and they know this is a problem and are working on a solution, but could not tell me when a new version would come out.
As I see it, a simple solution is to make it such that if the device is opened, it cannot be closed again without breaking, like the ColdCard.
The way to mitigate for this is to be sure to flash the firmware before setting it up, as it will not flash if the chip has been compromised.
While this is currently an unlikely supply chain attack vector, I don’t like that it is possible at all, and as bitcoin becomes more valuable supply chain attacks are more likely to increase.
I have spoken to the Blockstream (npub1jg5…6n8n) devs at a conference, and they know this is a problem and are working on a solution, but could not tell me when a new version would come out.
As I see it, a simple solution is to make it such that if the device is opened, it cannot be closed again without breaking, like the ColdCard.