Yes, that is scary indeed. IMO, using the regular chip for cryptographic ops is a terrible idea. I think they did it to reduce costs.
Ironically, the attack described in this article is thwarted by the secure element in the T3.
3 Likes
Exactly. Ledger and Trezor (particularly Ledger, really) have drawbacks that are substantial and mostly ignored until something bad happens. And history has shown us the crypto community is truly amazing at ignoring dead canaries in a coal mine.
I maintain, the safety and openness of GrapheneOS devices, particularly on Pixel8+ devices, is a stronger foundation to build a hardened wallets on. Install the wallet in a profile dedicated to it, where it has no network permissions and the profile is only active during a transaction and it is quite clear that all things considered, risks are much lower than any Ledger or Trezor. Good reading on the subject: Frequently Asked Questions | GrapheneOS
Granted, indeed, the Zcash app must be as simple as possible and would benefit from multiple audits. That is to say, that app would probably benefit from only doing the signing and QR code generation.
The key point is that communication should only be done through text files, or qr code.
No WIFI, no data network.
I think the OS itself does not matter much in that case.
Hereâs a tutorial for ywallet: https://www.youtube.com/watch?v=78yup4RKxq0
2 Likes
Absolutely! Thatâs certainly how I envision this to work.
The OS is mostly there to run the app in a way that protects the private key in storage as well as in memory.
Yeah I know, itâs awesome, thank you so much!! I have shared that same video in my initial post.
The geekiest transaction I made was from a phone to a cold wallet running on Linux signed by a Ledger S+.
Double hardware wallet FTW!
Itâs doable without any special version.
5 Likes
A relevant thread regarding Ledger:
TLDR: if youâre into Zcash for Privacy and using Ledger for storage, youâre doing it wrong.
I didnât know this option was there personally; glad it is and thank you for mentioning it.
With that being said, âregular folksâ expect privacy when they use Zcash. Most people, like myself apparently, are not aware this option is there and are going to have lots of data about them siphoned back to Ledger Inc. They are even less aware of the level of âanalyticsâ going on , plus itâs closed-source so whoâs to say what is actually going on.
Itâs actually quite similar to the situation with t-addresses. Zcash is known and respected because it provides privacy to its users. Itâs pretty much guaranteed that a substantial portion of users are using t-addresses thinking their privacy is protected.
We need to think more about regular folks that may, or intend to, use Zcash. In particular, we need to make sure we carefully review things we promote (z.cash/ecosystem/ledger), which may put their privacy at risk.
It is clearly not closed source since you can see the source code in your post.
What I have clearly badly articulated was that some parts arenât open source, such as the firmware. Either way, my main point is that by default, Ledger Live is sending way more data than âregular folksâ users of Zcash are expecting.
Well, you make it seem like it is an outrageous practice but collecting analytics is standard these days.
I am not a fan of the commercial practices of Ledger. This is one of the reasons why we will end up with support for Zcash which is slower, less scalable, and without Orchard. However, there hasnât been any hack on the Ledger device whereas Trezor has had several.
Speaking about the expectations of privacy, I call this the âTesla autopilot syndromeâ. Zcash has pitched an easy, scalable & private by-default coin. The reality is different.
4 Likes
I donât think things are clear cut (in security, things are hardly ever clear cut).
In an Android wallet you have to trust a huge chunk of the Android codebase. That is probably tens or hundreds millions of lines of code. Ledger and Trezor have much smaller codebases.
Of course, that also doesnât mean that Ledger and Trezor donât have other issues⊠Iâd love to have a hardware wallet not written in C 
2 Likes
Right, thatâs really why I have said âpotentiallyâ, as in ânot clear-cutâ. Now some things in my initial argument in this thread are very much clear cut, such as the privacy concerns, the physical security risks, and the closed (and permissioned!!) ecosystems. Thatâs a lot of clear cut things imo.
The number of lines of codes argument is quite valid, and is certainly a disadvantage of Android. Yet thatâs exactly what Vitalik is suggesting, and he knows a thing or two on crypto matters. Just like Snowden is using GrapheneOS, and likewise, he knows a thing or two about security.
Remind me, why do you use Zcash, and not Bitcoin again? Chain analysis is just that⊠analytics, after all.
You can accept it as much as you want, but thereâs clearly a large pushback on this from a growing number of people. Using Trezor, I can make it work fully offline and simply point it to a node on my local network. I believe the same is true with Ywallet?
Itâs our choice whether we want to accept the invasion of privacy. I am under the impression that this community is rather into solutions preserving their privacy.
Well, that is not entirely true but I appreciate your efforts. Best of luck!
1 Like
This thread deserves a quick mention of the most recent hack on the Ledger platform; they start to add up, donât they. How long until we get one of more massive proportions?
The recent tweet of Zooko brings up something interesting:
Iâve mentioned the principle of least privilege before, which seem similar enough to the principle of least authority. Call it what you prefer, this principle is critical to security. Android safety has very much improved from its early days, and that is in part thanks to the improvement of the separation of privileges.
Using Ledger, a wallet security is bound to the all too often unfortunate decisions coming from this company. We need alternatives, and as great as Trezor is on some aspects, it has severe security issues of its own.
Now, could a similar hack have happened on GrapheneOS? I do not see how personally, but I would be curious of others informed opinions. Could it happen on an Android Zcash app? Absolutely, but it could also be prevented by using safe development / deployment practices.
1 Like
Listening to the most recent community call, I was reminded by @kworks (27:30) that another feature that is critical to privacy, is to not make it possible for your ISP to know that you are transacting in Zcash. This project is about privacy, and by connecting directly to a node, you are most definitely giving some of that away.
As things stand with hardware wallets:
- Trezor does offer to protect privacy by letting you connect to your personal node and/or connect through Tor; this is excellent. However, this feature of the Trezor Suite is one that is working only on computers, not mobile device. This is a problem for security as computers are, generally, much less secure in that there is a lot less safe compartmentalization (principle of least authority / privileges).
- Ledger does not protect your privacy in any way.
Android Wallets could probably implement this important feature easily.
I appreciate your enthusiasm about Android Hardened Wallets and their capabilities. However, itâs important to consider that not one of the issues youâve mentioned, like the Ledger attack, security of recurrent payments, and the use of online wallets, would be effectively prevented.
Could you please elaborate on that and be specific as I have tried to be?
I will take just one: Ledger.
- Unlike Ledger Inc, GrapheneOS canât have its client database hacked.
- Unlike Ledger Inc, GrapheneOS doesnât rely on a private firmware that can retrieve secrets.
- Unlike Ledger Inc, GrapheneOS doesnât rely on third party CDNs.
If I am wrong, I would appreciate to know where. For now and due to the arguments that I have made, I remain convinced GrapheneOS would be a better offline wallet that Ledger or Trezor can be.
Also I donât understand your phrasing of âsecurity of recurrent payments, and the use of online wallets, would be effectively preventedâ.
GrapheneOS is an OS. Not a single one of the attacks you mentioned would be implemented at the OS level. The same apps would be vulnerable under it as they are under iOS, Android, Windows, Linux or Mac.