Hardware Wallet Review: Digital Bitbox

in #security7 years ago (edited)


source

What is a Digital Bitbox ?

Like the title says, it's a hardware wallet. In contrast to your normal garden variety desktop- or mobile wallet, this little thing is completely offline, meaning the risk of your wallet being compromised is A LOT smaller. In a way, it's almost the same as a Yubikey, in case you are familiar with those.

Watch the official introductory video to get a better idea of how it is supposed to work (don't expect anything flashy though):

At least in theory, this thing seems pretty secure. Because you have to physically press a button on the device every time a payment needs to be authorized, the chance that malware is able to steal your funds is minimal.

Unboxing

DSC_0233.JPG

The device is shipped in a sturdy box which is enclosed in an anti-static bag, which gives a solid impression from the start. I am hoping though that the bag is only intended to keep moisture out, since the Bitbox will be dangling on my keychain in the future.

The contents of the package are as advertised: The Bitbox itself and a 4 GB SD-card. Also, they include two nice stickers.

Getting started

Following the official quick start guide, I first download the desktop app, in my case the 64bit version for Windows. Software version at the time of writing: v2.2.1. I also have a look at the code on Git-Hub, but apart from telling you that it looks tidy and well structured, it is beyond my experience to judge whether the code has any flaws (or maybe I'm just too lazy ;)

After checking the hash of the download, I want to install the application, and there's my fist surprise: No installation required. Nice! So I insert the SD-card into the Bitbox, start the application and plug the device into my computer.

Side note: I always find it a little bit icky if the hash of a file is just next to the download-link on a website, especially if the executable I'm downloading is supposed to be really safe because it handles sensitive information. It's so easy to fake one if you manage to manipulate the other. Would it really hurt to do it like the devs of PuTTY? They have a public GPG key which they use to sign the downloads.

Capture.PNG

So far, so good, the device is recognized and the app is asking me to enter a wallet name and password. I'm not completely sure why I need to give it a name, but that's just me...

Since the device will be offline most of the time, I am going to chose a password that's not super strong, but rather easy to enter on any type of keyboard-layout. (Nope, it's not 12345 ;)

Creating the wallet takes a second, I assume that's the internal random generator of the Bitbox taking its time to create a private key. After this is done, the application screen changes again and displays the contents of my wallet. Sadly I encounter the first error right here: The app tells me that it cannot connect to the internet, even though everything else works just fine. Ok. Unplugging and reinserting the device fixes this issue quickly though, and the app seems to be working.

Capture2.PNG

Firmware upgrade

Let's see what happens if I upgrade the firmware. Under the tab 'Options', there's a button 'Upgrade Firmware...'. Alright.

Hm. All that happens is a file explorer window opening. I guess firmware-updates must be downloaded manually. I'm a bit disappointed; it would have been a nice touch if the app did this automatically. The 'Blink LED' button is fun though^^

Pairing mobile app

Overall security can be increased even further by using the mobile app. This then allows you to set up 2FA where you need to authorize payments in the mobile app as well. Also, you can verify if the payment-address the desktop app shows you is really your address.

Screenshot_2017-08-18-10-26-14.png

The pairing process is interesting. The LED on the Bitbox will blink a number of times, and you have to select how often it blinked in the app. After doing this a couple of times you can touch the Bitbox's touch-button to finish the process. Works like a charm.

Receiving funds

Now that all is set up, it is time to send some BTC to my new wallet and see if it arrives.

Capture3.PNG

Yes, it worked! I always get an adrenaline rush from sending BTC to a new address.

Transmitting funds

The last thing to be tested. I will do a transaction w/o 2FA enabled, and another one with it enabled.

Without 2FA:

Capture4.PNG
Entering destination address, amount and fee

Capture5.PNG
Program is waiting for me to physically touch the Bitbox

It works! Yes I know I don't show it. You will have to take my word for it.

With 2FA:

Enabling 2FA is a one way street. Once the Bitbox is locked with 2FA, the wallet can only be changed via a complete device reset.

Capture6.PNG
Program warning me

The payment process is the same as above, but with an additional step on the mobile app:

Screenshot_2017-08-18-12-06-14.png
Confirmation screen on my smartphone (transaction details covered)

This works as well.

More on security

In case you are interested in this device, I suggest you check out the security FAQ to learn more about the different ways someone could steal your money and how the Digital Bitbox prevents that.

Conclusion

The Digital Bitbox seems to me like one of the most promising hardware wallets so far. It is small and very secure. At the moment it supports BTC, ETH, ETC and ERC20 tokens, but the developers are planning to add more coins in the future. Because it is a FIDO U2F authentication token as well, it really makes a good addition to your set of tools to be safe and secure in the digital world.

Sort:  

Very nice review! I'm a fan of the ATAES132 chip that the Bitbox is using. The dual chip ST31/STM32 architecture (the one Ledger Nano S is using) is CC EAL 5+ and arguably better for cryptographic attestation, but I don't know as much about its side-channel hardening (which the ATAES132 has had a good reputation for). Keeping things simple and using a single-purpose ATAES132 chip narrows possible attack vectors.

As far as features, the FIDO U2F compatibility could be a big deal if people use it, and the removable SD card is very nice for switching wallets.

Some potential problems is see though:

  • SD card contents don't seem to be encrypted. If it was stolen, all those "plausible deniability" claims on the site are probably meaningless.
  • Hardware wallets like this sign the transaction locally, but need to be connected to the internet to broadcast it. To access the Bitbox, it looks like you need to type your password into the app (if using 2FA), or into the desktop program. This compromises the security of the password.
  • I'm cautious about the use of SD cards. I don't think it's unfair to say that this could be used as an attack vector if specially crafted data was on the card.

I also can't find all the hardware specs I'd like to see, so I guess only the code is fully open source. Speaking of which, it hasn't had any GitHub progress in months. Granted, it's not super complicated code so it shouldn't require a lot of maintenance.

I still don't like the price, and I'd still consider my security guide wallet to be much more secure if set up and used properly.

Side note: there's a big focus on using expensive secure chips, epoxy housing, and all kinds of other physical measures on hardware wallets like this. I believe this is due to the fact that all of the sensitive data is located on one single device - so it must be kept secure. This is the fundamental flaw I try to attack in my guide, but it does mean trading convenience for cheap security.

Wow, thanks a lot for taking the time to write this long response!

  • Regarding the SD-card: I just did a device reset and then used the card to restore my wallet. This process requires the original passphrase to be entered, therefore I assume the backup is encrypted. Of course the backup cannot be protected against brute-force attacks, so this might be one of the more promising attack vectors.

  • Concerning the password: I am still waiting for the day that someone uses the concept of the Kingston DataTraveler-2000 (see picture) for a hardware wallet.

    source

  • Concerning the company itself: It seems they are situated in Switzerland and that they are a spin-off of ETH Zurich. As far as I know, the ETH has a very good name all around Europe and even in the states. When I bought the device for testing, I was a little worried about the appearance of the website. They use a Let's Encrypt SSL certificate without any kind of ownership certification, and there does not seem to be any kind of office address. Possibly this, together with the fact that the code has not been maintained in a while, is caused by the fact that there are only two guys behind it, and they seem to be fresh from uni.

I really hope they are going to take the time to fix these 'issues' in the future and also that they hire some more people. Maybe I will go pay them a visit the next time I'm in Switzerland. If I do I'll report back^^


Currently I don't have all that much time at my hands, but following your guide to a secure wallet is a fixed point on my todo-list.

Sorry @the-tech-guy for my questions, I'm very new to crypto. So this is completely offline and is no doubt safer than the software wallet right, and you can make payments without being online.

But still you need to be online or in sync with the network when sending btc to the hardware wallet? And also when sending from the hardware wallet to software wallet?

Loading...

Liked, followed, & resteemed. Looking forward to your future quality content :)

Have a trezor but if this wallet proves to be good I may get one at a later time.

Thanks ..... So much to learn !!! I am super new to cryto currency and Steemit . I feel so far behind !

You're very welcome. Lesson no 1: Upvote stuff you like. Like my post. Now.
Just joking ;) Google around or have a look at the howto section here on steemit and you'll get the hang of it quickly.

same here, sooo far behind. But there are some nice people like @the-tech-guy to help us get the needed information. Don't worry we'll get this ;-)

This post has received a 5.45 % upvote from @lovejuice thanks to: @diabolika. They have officially sprayed their dank amps all over your post rewards. GOOD TIMES! Vote for Aggroed!

very cool !

A really big thank you to @the-tech-guy for this review! I'm quite new in the crypto business but catching up on the news. On a Meetup in Bern, there was a giveaway of Digital Bitbox so I googled it and saw that this product is from Swiss engineers from ETH Zürich. As a swiss my self, I had to purchase it :-)
It's not here yet but I'm excited to test it.
Has anybody tested the "plausible deniability"?

You're welcome! What kind of meetup was that? Did you get a chance to speak to the guys behind Shift Devices there?

What do you mean with testing the plausible deniability? If you want I can check if the feature of hidden wallets works, but the whole concept of plausible deniability, respectively the success of this, lies mostly with your ability to sell a lie. If you can convince the person that's interrogating/torturing/pressuring you that the password you share is the only one, then it works. If they do not believe you, well...

What do you mean with "Shift Devices"? It was a Meetup in Bern about Blockchain in general, organized by Puzzle ITC.

Well yes, I mean the hidden Wallet function ;-)

Shift Devices is the name of the company behind the Digital Bitbox.

I just tested it and as far as I can see it works. You enter your real password, you get your real wallet. You enter the second password, you see another wallet. If you want to set it up just make sure to at least once look at the 'fake' wallet as well, because it only gets created on the first login.

ok, no I didn't talk with someone from Shift Devices, I think there was nobody from them there.
Thank you for your testing, I didn't receive it yet so I can't test it myself.

No problem. Please let me know when you do.

Hey @the-tech-guy! I hope you are well. I'm facing an issue with my Digital Bitbox wallet. I'm not able anymore to access my funds and the reason might be due to special characters used within the password.

Do you know if anyone else has experienced a similar issue? See here my Reddit post:

Cheers,