Cypherock
  • Introduction
  • Design Decisions
    • The balance between security and convenience
    • Cypherock X1 Hardware architecture
      • Using ultrasonic welding for the X1 Vault enclosure
      • Encrypted NFC communication for X1 cards
      • Using Javacards instead of MicroSD
      • Choosing USB vs QR Code
      • Why the X1 cards are not upgradeable
    • Cypherock is BIP39 compliant
    • Private keys should be near to impossible to extract
    • Conflict between trusted parties should not result in unauthorized access
    • Using Shamir Secret Sharing vs. Multi-sig
      • How is Shamir Secret Sharing implemented within Cypherock X1
      • Why Cypherock has a default 2/5 threshold scheme
      • Rejected Key Schemes
    • PIN Protection on Cypherock X1
      • Difference between backing up your PIN vs. Seed Phrase
  • Security Overview
    • Introduction
    • Keylabs - Third Party Security Audit
    • Remote Attacks
    • Physical Attacks
      • $5 Wrench Attack
      • PIN Brute Force Attack
      • Evil Maid Attack
      • Flashing Malicious Firmware
      • Side Channel Attack
      • Supply Chain Attack
  • Cypherock X1 Features
    • Eliminate messy paper backups
    • Open source with secure elements
    • Use Cypherock as a seed phrase vault
    • All-in-one Portfolio Manager
  • Getting Started
    • Download cySync
    • Import Seed Phrase from existing BIP39 compatible wallet
    • Generate a new wallet with Cypherock X1
    • How Cypherock generates your 24-word seed phrase
    • Best practices in keeping your X1 cards secure
      • Use the protective card sleeves
      • Geographical Seperation
      • Choosing your guardians
    • How do I know I am not locked-in to using only Cypherock X1
    • How do I know my Cypherock X1 is genuine?
      • Email 2FA for Product Authentication
    • How to recover your Crypto assets in the case of loss or theft
    • What happens to my Cypherock X1 if Cypherock goes out of business?
Powered by GitBook
On this page

Was this helpful?

  1. Security Overview
  2. Physical Attacks

Flashing Malicious Firmware

PreviousEvil Maid AttackNextSide Channel Attack

Last updated 2 years ago

Was this helpful?

A flash attack is a type of attack that targets the firmware of a crypto hardware wallet. In this attack, the attacker replaces the legitimate firmware of the device with a malicious version, which can allow them to gain access to the user's private keys and other sensitive information.

The attack typically works by exploiting vulnerabilities in the device's firmware update process. The attacker may use social engineering or other tactics to trick the user into installing a fake firmware update, or they may intercept the firmware update process and replace the legitimate firmware with their own version. Once the malicious firmware is installed on the device, the attacker can then use it to extract the user's private keys or perform other malicious actions.

There are multiple safeguards Cypherock has taken to mitigate the risks of the Evil Maid Attack:

  1. X1 Vault comes with an immutable bootloader code, which is responsible for keeping track of the history of firmware versions installed on the device. Therefore, it stores information regarding the latest firmware version installed on the device. The firmware version history is protected against any factory resets that users may perform during their usage. During each firmware upgrade, the bootloader compares the firmware version of the new firmware against the last installed version. If the new version is lower than the last installed version, then the firmware update is aborted. The firmware version of the incoming firmware is checked only if the signature of the firmware header is verified.

  2. The bootloader of the X1 Vault does not allow flashing unsigned firmware onto the hardware. The firmware upgrade package consists of three parts, a signed header, two signatures of the firmware binary, and the firmware binary. The firmware upgrade is incomplete until the signatures are verified with either two of the bootloader's four public keys. If any signature is unverified, the programmed binary is wiped from the flash, and the upgrade is aborted.

  3. Cypherock uses a provisioning mechanism that ensures the integrity of the wallet. The provisioning process ensures that the X1 Vault and X1 Cards are authentic and untampered. To learn more about the provisioning process, read more about how to ensure that your .

Cypherock X1 is authentic