Bitcoin wallet security remains a thorn in the side of the disruptive digital currency. Hardware Bitcoin wallets are a good way to protect your digital wealth, but most of them have a software side that is not as secure as it could or should be. Ledger, one of the leading names when it comes to hardware Bitcoin wallet security, has recently announced some security enhancements for their Nano.
Ledger’s Secret Code
Authenticating newly created Bitcoin transactions is one of the most important aspects of any bitcoin wallet, regardless of whether it’s a software or hardware solution. The Ledger wallet Nano uses a security card inside the device which is allegedly vulnerable to certain attack vectors. Needless to say, companies a Ledger cannot afford to sell an insecure Bitcoin wallet solution.
These attack vectors would be aimed at the code that needs to be entered into a computer, which corresponds to a static security card. While that sounds rather secure – and in fact, it actually is – a computer infected with some form of malware could sniff out this secret code on the security card once a fair amount of transactions have taken place. As a result, a hoodlum could end up creating his/her own transactions, sign it with the secret code and steal the user’s bitcoins.
Ledger engineers have come up with a solution to this problem. A mobile application – which will work with the wallet Nano – has been developed, and will act as a new form of two-factor authentication. Transaction details can now be confirmed by using this mobile app before the transaction is signed.
No Absolute Security
Whether or not this mobile application offers any advantage compared to other two-factor authentication solutions such as MePin, YubiKey or even a multisignature implementation remains to be seen. However, Ledger CTO Nicolas Bacca is confident that this solution offers advantages compared to a 2-of-2 multisig implementation.
Granted, a piece of malware would have to be coded in a specific way in order to compromise both the host computer and host mobile device. Furthermore, attacking both devices at the same time would prove to be a daunting task. However, there is never such a thing as achieving absolute security, and despite Ledger’s best efforts, the human factor in the equation still proves to be the biggest risk.