Cypherock
  • Introduction
  • Design Decisions
    • The balance between security and convenience
    • Cypherock X1 Hardware architecture
      • Using ultrasonic welding for the X1 Vault enclosure
      • Encrypted NFC communication for X1 cards
      • Using Javacards instead of MicroSD
      • Choosing USB vs QR Code
      • Why the X1 cards are not upgradeable
    • Cypherock is BIP39 compliant
    • Private keys should be near to impossible to extract
    • Conflict between trusted parties should not result in unauthorized access
    • Using Shamir Secret Sharing vs. Multi-sig
      • How is Shamir Secret Sharing implemented within Cypherock X1
      • Why Cypherock has a default 2/5 threshold scheme
      • Rejected Key Schemes
    • PIN Protection on Cypherock X1
      • Difference between backing up your PIN vs. Seed Phrase
  • Security Overview
    • Introduction
    • Keylabs - Third Party Security Audit
    • Remote Attacks
    • Physical Attacks
      • $5 Wrench Attack
      • PIN Brute Force Attack
      • Evil Maid Attack
      • Flashing Malicious Firmware
      • Side Channel Attack
      • Supply Chain Attack
  • Cypherock X1 Features
    • Eliminate messy paper backups
    • Open source with secure elements
    • Use Cypherock as a seed phrase vault
    • All-in-one Portfolio Manager
  • Getting Started
    • Download cySync
    • Import Seed Phrase from existing BIP39 compatible wallet
    • Generate a new wallet with Cypherock X1
    • How Cypherock generates your 24-word seed phrase
    • Best practices in keeping your X1 cards secure
      • Use the protective card sleeves
      • Geographical Seperation
      • Choosing your guardians
    • How do I know I am not locked-in to using only Cypherock X1
    • How do I know my Cypherock X1 is genuine?
      • Email 2FA for Product Authentication
    • How to recover your Crypto assets in the case of loss or theft
    • What happens to my Cypherock X1 if Cypherock goes out of business?
Powered by GitBook
On this page

Was this helpful?

  1. Security Overview
  2. Physical Attacks

Evil Maid Attack

PreviousPIN Brute Force AttackNextFlashing Malicious Firmware

Last updated 1 year ago

Was this helpful?

An evil maid attack is a type of attack that involves physically accessing a device or system to gain unauthorized access to sensitive information. The term "evil maid" comes from the idea that a hotel maid could surreptitiously gain access to a user's device while the user is away from their room, leaving the user's data at risk.

In the context of cryptography, an evil maid attack typically involves a hacker physically accessing a computer or device that has been left unattended, in order to install malicious software, replace hardware components, or extract cryptographic keys or other sensitive information. The goal of the attack is typically to gain access to encrypted data or passwords that the user has stored on the device, in the case of wallets this could mean access to the private keys of the wallet to drain funds.

There are a few approaches Cypherock has taken to mitigate the risks of the Evil Maid Attack:

  1. Using ultrasonic welding on the X1 Vault: Ultrasonic welding makes it difficult for an attacker to physically compromise the wallet without leaving any traces of damage, thereby alerting the owner of any physical tampering. You can read more about how ultrasonic welding plays a role in X1 Vault hardware security on the dedicated page .

  2. Official firmware is signed by Cypherock's keys at the time: Cypherock has a proprietary provisioning process that ensures the integrity of the X1 Vault. The process helps determine any changes that may have been made to the hardware, or the firmware. The provisioning process is covered in the section talking about how to verify if .

  3. The Cypherock X1 avoids a single point of failure with Crypto keys: Cypherock's architecture removes the single point of failure with private keys. This is made possible by utilizing which cryptographically splits the private key into 5 parts that are stored individually on the X1 Vault and 4 X1 Cards. Cypherock uses a cryptographic threshold of 2/5 where a user requires any 1 of the X1 Cards and the X1 Vault to make a transaction. Since each of the cryptographic parts can be secured seperately, evil maid attacks become significanlty harder.

here
Cypherock X1 is genuine
Shamir Secret Sharing