Very nice review! I'm a fan of the ATAES132 chip that the Bitbox is using. The dual chip ST31/STM32 architecture (the one Ledger Nano S is using) is CC EAL 5+ and arguably better for cryptographic attestation, but I don't know as much about its side-channel hardening (which the ATAES132 has had a good reputation for). Keeping things simple and using a single-purpose ATAES132 chip narrows possible attack vectors.
As far as features, the FIDO U2F compatibility could be a big deal if people use it, and the removable SD card is very nice for switching wallets.
Some potential problems is see though:
- SD card contents don't seem to be encrypted. If it was stolen, all those "plausible deniability" claims on the site are probably meaningless.
- Hardware wallets like this sign the transaction locally, but need to be connected to the internet to broadcast it. To access the Bitbox, it looks like you need to type your password into the app (if using 2FA), or into the desktop program. This compromises the security of the password.
- I'm cautious about the use of SD cards. I don't think it's unfair to say that this could be used as an attack vector if specially crafted data was on the card.
I also can't find all the hardware specs I'd like to see, so I guess only the code is fully open source. Speaking of which, it hasn't had any GitHub progress in months. Granted, it's not super complicated code so it shouldn't require a lot of maintenance.
I still don't like the price, and I'd still consider my security guide wallet to be much more secure if set up and used properly.
Side note: there's a big focus on using expensive secure chips, epoxy housing, and all kinds of other physical measures on hardware wallets like this. I believe this is due to the fact that all of the sensitive data is located on one single device - so it must be kept secure. This is the fundamental flaw I try to attack in my guide, but it does mean trading convenience for cheap security.
Wow, thanks a lot for taking the time to write this long response!
Regarding the SD-card: I just did a device reset and then used the card to restore my wallet. This process requires the original passphrase to be entered, therefore I assume the backup is encrypted. Of course the backup cannot be protected against brute-force attacks, so this might be one of the more promising attack vectors.
Concerning the password: I am still waiting for the day that someone uses the concept of the Kingston DataTraveler-2000 (see picture) for a hardware wallet.
source
Concerning the company itself: It seems they are situated in Switzerland and that they are a spin-off of ETH Zurich. As far as I know, the ETH has a very good name all around Europe and even in the states. When I bought the device for testing, I was a little worried about the appearance of the website. They use a Let's Encrypt SSL certificate without any kind of ownership certification, and there does not seem to be any kind of office address. Possibly this, together with the fact that the code has not been maintained in a while, is caused by the fact that there are only two guys behind it, and they seem to be fresh from uni.
I really hope they are going to take the time to fix these 'issues' in the future and also that they hire some more people. Maybe I will go pay them a visit the next time I'm in Switzerland. If I do I'll report back^^
Currently I don't have all that much time at my hands, but following your guide to a secure wallet is a fixed point on my todo-list.