Sécurité de vos cryptos : ces failles structurelles qui vous mettent en danger
Audio Summary
AI Summary
In a 2012 article, Vitalik Buterin, creator of Ethereum, discussed secure Bitcoin storage solutions. He mentioned "online wallets" like Coinbase, which integrate exchange platforms, but the focus here is on his other proposed solutions and modern alternatives.
Buterin also presented PC and mobile software wallets. At the time, PC software wallets were considered the most sophisticated and secure, primarily because hardware wallets didn't exist yet. Today, the landscape is vastly different. Decentralized finance (DeFi) has emerged, along with numerous mobile crypto wallets for Android and iOS. QR codes have simplified real-world payments, and crypto payment cards allow spending Bitcoin at merchants who don't directly accept it.
While convenient, storing all savings on a device protected only by a phone or computer raises security concerns. This video, in collaboration with Ledger, addresses private key security.
A fundamental aspect of risk management is that exposure to threats varies. The necessary precautions depend on individual circumstances. For example, someone with only €50 in crypto might not need extensive security measures, as basic phone security could suffice. The goal isn't to force a device change but to provide information for choosing the best fit.
Modern smartphones, despite two decades of refinement, remain vulnerable to viruses. While app stores and marketing have created an illusion of invulnerability, especially for Apple products, this isn't the reality. Once crypto is involved, understanding these vulnerabilities becomes crucial. Unlike traditional banking, a stolen Bitcoin transaction cannot be reversed by customer support.
This vulnerability stems from two main sources. Firstly, programming errors inevitably lead to critical flaws, regardless of the model or operating system. Secondly, some governments mandate manufacturers to include backdoors for espionage, a practice attributed to both Chinese and American authorities. While often aimed at high-profile targets, these flaws can theoretically affect anyone. The combination of accidental and intentional flaws means systems are less secure than they appear.
Recent examples include the "Coruna" and "Dark Sword" flaws affecting iPhones. These are extremely effective, requiring only a visit to a malicious website (no clicks or downloads needed) to instantly compromise a phone. Once compromised, viruses can drain crypto wallets, detect recovery phrases from notes or photos, and steal personal data. Such exploits can even occur through legitimate websites that have been briefly hacked. An iPhone user could lose everything by simply visiting a regularly used site at an unfortunate moment, despite the brand's reputation for invulnerability.
Android devices are similarly affected by comparable vulnerabilities. Ledger Donjon's team recently discovered a flaw in phones with MediaTek processors, allowing physical attackers to extract all important data in 45 seconds, even when the phone is off. While this specific vulnerability requires physical access, numerous remote attacks exist for Android. Google recently patched a vulnerability allowing remote arbitrary code execution without privileges, meaning an attacker could take full control over the internet without physical access.
Computers face similar security challenges. While they possess security elements comparable to those in crypto wallets, these are not entirely the same category. They are called Trusted Platform Modules (TPMs), not secure elements. While theoretically designed to store private keys and sign cryptographic messages, TPMs, especially software-based ones (fTPMs) common in most PCs, offer insufficient security for substantial crypto investments.
fTPMs, which simulate a TPM using the main processor and an isolated memory portion, are less secure than dedicated hardware TPMs. If the memory is shared with other applications, a flaw in memory segmentation could allow direct manipulation, making data stored in an fTPM vulnerable to computer viruses. While rare, vulnerabilities affecting TPM specifications can exist in both hardware and software TPMs, but these are usually correctable with updates.
A major structural problem with hardware TPMs in computers is their direct and total integration. Not designed for crypto, TPMs don't allow users to verify the messages they are signing. This is suitable for disk encryption but not for financial transactions. If a computer is infected, a virus could alter both the message sent to the TPM for signing and what is displayed on the screen. The user would then unknowingly authorize a fraudulent transaction. To prevent this, a TPM with an independent screen would be needed, but such a solution doesn't exist for PCs.
Therefore, independent devices with screens are the most secure solution for verifying transactions. A security ranking would place software TPMs (phones, most PCs) as the least secure, suitable only for small amounts. Hardware TPMs without screens, and dedicated devices without screens, are next, suffering from the inability to verify transactions independently. Finally, dedicated devices with screens offer the highest security, even for large sums.
However, this ranking applies to device types, not specific brands. Poor programming or design can compromise even theoretically secure products. Dedicated devices with screens are generally best. Within this category, Ledger products stand out due to their unique "secure screen," where the secure element directly transmits image information to the screen, making them more resistant to screen manipulation attempts. While not the most common threat, it exemplifies Ledger's commitment to maximum security.
Ledger offers products across various price points, with security features like proven secure elements available on all models. Differences mainly relate to user comfort, such as screen size, Bluetooth (absent on Nano S+), and the presence of Ledger Recover for phrase backup.
All Ledger devices come with the Ledger Live application (PC and mobile), which allows users to manage crypto securely within a protected ecosystem. Users can buy, sell, exchange, and stake assets. For more exotic DeFi applications, Ledger supports Wallet Connect and is rolling out its own more secure alternative, Ledger Button (currently on Chromium-based browsers).
Ledger devices offer both security and freedom of choice, allowing users to stay within the Ledger ecosystem or connect to external platforms. Users can also choose Ledger Recover or manage their recovery phrase independently.