Well, here we are again.
The topic of Bitfi has reared it’s ugly head. I’ve written about Bitfi several times before, but they are still banging on about how their device doesn’t “store” your keys. If it doesn’t store your keys, there is nothing to steal.
This is bullshit.
There are two options here:
- It does not store the keys
- It does store the keys
Let’s threat model these two.
Situation: Bitfi does not store the keys
Imagine there is a means by which the device, genuinely, does not store keys in any form, for any length of time.
This would stop all attacks that aim to steal they keys, because they do not exist on the device. This would include:
- Cold boot attacks that recover the key after the device has been used.
- Evil maid attacks where the firmware is modified to recover the key before it is used.
- Side channel attacks where the device leaks information about the key.
As these attacks would be impossible, there would be no need to use mitigations to make them more difficult to carry out.
Situation: Bitfi does store the keys
Now back to reality. Bitfi does store keys for a finite length of time in RAM.
This means that:
- Cold boot attacks are now possible as the keys did exist in RAM and may remain in some form.
- Evil maid attacks are now possible, as modified firmware can read the key and send it elsewhere.
- Side-channel attacks are now possible, as the device has to store the key
This, in turn, means that mitigations must be put in place to make these attacks harder (but not impossible) to carry out.
The efficacy of these mitigations is therefore key to the security of the device.
Bitfi has (some) of these mitigations in place. As far as I know they:
- Attempted to reduce the amount of time the keys exist in memory.
- Attempted to obfuscate the contents of memory.
- Have prevented USB data access to the device.
Conclusion
If Bitfi didn’t store keys, there would be no need to mitigate against attacks that steal the keys. They do have these mitigations in place.
It’s dishonest to keep on claiming that it doesn’t store keys when it does.
How effective are these mitigations? Well, we have no idea. I doubt Bitfi do either though.