Hidden risk of updating the firmware

Bitcoin

Published on:

Opinion: Igor Zemtsov, technology director at TBCC

Security Crypto is a ticking clock bomb. The reported software can simply be matched, which illuminate the fuse.

The hardware wallets have become a saint grail of certainty, the final protection against hackers, fraudsters and even the superiority of the government. However, there is an uncomfortable truth that most people ignore: updates of firmware are not only safety patches.

They are potential backdoors, waiting for someone – whether they are a hacker, a dishonest programmer, or a suspicious third page – open them wide.

Every time the hardware portfolio manufacturer pushes the update, users are forced to choose. Press this update button and I hope for the best or refuse to update and risk using obsolete software with unknown gaps. Anyway, it’s gambling.

In Crypto, bad gambling can mean waking up to an empty wallet.

Systemic software updates are not always your friend

The firmware update sounds like common sense. More safety! Less mistakes! Better user impressions!

This is the thing: each update is also an opportunity not only for the portfolio provider, but for anyone who has power or motivation, to manipulate the process.

Hackers dream of software gaps. A hurried or poorly controlled update can introduce petite, almost imperceptible flaws – those that sit in the background, waiting for the right moment to drain the funds. And the best part? Users will never know what hit them.

Then there is a more disturbing possibility: deliberate backdors.

Last: HArdware Wallet Ledger helps the competitor Trezor to solve the lock in security

Technology companies were previously forced to take into account the supervision tools designated by the government. What makes someone think that hardware wallets manufacturers are released? If the regulatory agency – or worse, a criminal organization – wants to access private keys, system software updates are an ideal attack vector. One hidden function. One hidden code line.

That’s all you need. Do you still think that software updates are harmless?

Systemic software deals are already used

This is not a far -reaching scenario for destruction. It has already happened.

Ledger, one of the biggest names in the field of cryptographic safety, had a solemn security crisis in 2018, when Saleem Rashid safety researcher revealed a gap that allowed the attacker to replace the Ledger Nano firmware and kidnap private keys. Almost a million devices were threatened before the amendment was introduced. A terrifying part? Users could not know if their devices were already threatened.

In 2023, ONEKEY suffered a similar nightmare. White Hat hackers have shown that his software can be broken in just a second. No crypto was lost – this time. But what if the real attackers first found a defect?

Then “Dark Skippy” appeared, which transfers software -based attacks to a completely novel level. Thanks to only two signed transactions, hackers can extract the whole phrase of the user’s seeds – without setting one alarm. If the firmware updates can be easily manipulated, how can anyone be sure that their resources are unthreatening?

Hidden price of updated firmware

To be straightforward, not all system software updates are security disasters. Ledger uses a reserved operating system and unthreatening elements for additional protection. Trezor adopts the Open Source approach, enabling the community to study the firmware. Coldcard and Bitbox02 give users manual control over updates, reducing – but not eliminating – risk.

This is the real question: can users be 100% sure that the update will not introduce a deadly defect?

Some wallets have decided to completely eliminate the risk. Tang sends with constant, uninterrupted firmware, which means that its code can never be changed when the device leaves the factory. No update. No patches.

Of course, this approach has compromises. If susceptibility is discovered, there is no way to fix it. But predictability is essential in security.

True cryptographic security means downloading control

The cryptographic market has been worth $ 2.79 from March 2025. With so much money on the table, cyber criminals, dishonest initiated and superior governments are always looking for delicate points. The creators of hardware wallets should be focused on laser in the field of safety.

Choosing a hardware portfolio should not feel like gambling with private keys. This should not be associated with blind trust in the corporation ability to move responsible updates. Users deserve more than unclear complements. They deserve security models that impose control where it belongs – with them.

Safety does not apply to convenience. It’s about control. Each system that requires the trust of unknown programmers, cloudy update processes or firmware that can be changed in Wola? This is not a control. This is responsibility.

The only real way to ensure the safety of the hardware portfolio? Remove guessing. Remove blind trust. Always study the origin of programmers, check their achievements in the case of safety incidents and see how they coped with susceptibility in the past. Stick to verifiable facts – security should never be based on assumptions.

Opinion: Igor Zemtsov, technology director at TBCC.

This article is used for general information purposes and should not be and should not be treated as legal or investment advice. The views, thoughts and opinions expressed here are themselves and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Related

Leave a Reply

Please enter your comment!
Please enter your name here

theblockchainbeat.com
theblockchainbeat.comhttp://theblockchainbeat.com

© Copyright 2024. All Right Reserved By The Blockchain Beat