Do you think your hardware wallet is safe?
Hardware wallets are generally considered the most secure way for storing cryptocurrencies. In deed, they have few features that give you some level of protection and couple of advantages over standard software wallets, but you should also understand the risks involved.
The first comes from a possible attack that hijacks the clipboard on your computer, this is where copied text is stored. The attacker gains control of the victim’s clipboard and replaces its content with their own data. They can detect high value transactions and swap out the recipient’s authentic address for an address controlled by the attacker.
Next potential problem is an insecure RNG (Random Number Generator), which unfortunately provides only pseudo-randomness during a creation of your seeds. The generator uses mathematical algorithms that can be predictable to an advanced attacker. An RNG may also become insecure as a result of malicious weakening or an unintentional mistake.
The security of any computing device, including hardware wallets, relies on the security of all its compounds. Software, firmware or hardware may get infected with bugs, creating gaps that allow attackers to gain unauthorised access to your assets.
Finally, hardware wallets can be modified in a shipping process when attackers pre-configure the system in order to steal money from the rightful owner.
For quite some time I have been looking for an option that would address the above issues. Only recently I have found the device called HODLER. The bunch of tech savvy guys behind it claim that HODLER is an ultimate hardware wallet, which is not only completely independent, giving you the freedom of using it anytime anywhere but also adds unsurpassed levels of protection.
More about the device can be found here: https://hodler.tech/
I don't think that's possible since the transaction would need to be resigned by the hardware wallet (and that should be a huge red flag to any user).
But still, no wallet if 100% secure and most of the issues you brought up are very real.
I personally prefer a cold paper wallet anyway, although it only works for storage and not every day transactions.
Last, if you don't mind me dropping a link to my article, I think that physical security is extremely overlooked; and no encryption is going to fix that.
source: https://www.xkcd.com/538/, licensed under Creative Commons 2.5
Security is a pain, isn't it...
'I don't think that's possible since the transaction would need to be resigned by the hardware wallet (and that should be a huge red flag to any user).'
Unfortunately, this is possible as I stated in my article and I believe is it just a matter of time when we hear more about this kind of crimes.
Thank you for reading and commenting