Hardware wallets (Ledger, Trezor) the supply chain and VeChain
Hardware wallets
The general consensus in the crypto community is that hardware wallets are probably the best way to manage your crypto assets. (unless of course you are a l33t Bitcoin hacker [a] or think you can do better with a self created air gapped iPhone/computer [b]). For most of us, hardware wallets are user friendly and facilitate storing and using your crypto in a straight forward, easy to manage and secure manner.
The two oldest and most popular companies in the space are Ledger and Trezor. Both have been rigorously tested and put through the paces, both have known strengths and weaknesses. (In a nutshell Ledger contains a “secure element”, maintaining some secrecy, and Trezor is an entirely open sourced model)
Interestingly enough both and seemingly “all” hardware wallet manufacturers share a vulnerability. As pointed out by Trezor in their response to several accusatory security findings “Out-of-scope, affects all hardware in transport, no 100% solution, all companies have different methods to mitigate this”
Supply Chain Attack
The length of time in which the device has left the manufacturer and is not in your possession is time the device could be intercepted and tampered with, replaced, hacked, substituted, altered, etc.
Ironically, there is blockchain technology specifically designed to mitigate this threat and provide assurance of device authenticity. VeChain.
What is VeChain?
“VeChain is a blockchain-based platform that records the truth of what happens at every stage of the supply chain.” [1]
Specifically from VeChain white paper:
Use Cases
5.3 Anti-counterfeiting and digitization for high value products
VeChain’s solution allows brands to digitize products on the blockchain by establishing the linkage between the physical product and unique blockchain identity using smart NFC tags. With the unique digital identity, the solution provides the traceability over the life-cycle of products from the manufacturing, logistics and supply chain, retail and wholesale, after service, and even consumer engagement on the blockchain. [2]
Questions/Concerns
Q1: How do you prevent tampering with chips/codes? [3]
A1: There are three key pillars in securely digitizing physical products:
1. Tamper proof digital tags
2. Tags and products cannot be separated
3. Registration of the Tag IDs on the blockchain
Q2: How much of an issue is the cost of your IoT sensors?
A2: VeChain has designed and manufactured a wide variety of sensors … The chips used in these sensors are sourced from the world’s best manufacturers, … They are in mass production and available for commercial use.
Regarding implementation details
As far as a practical how to implantation, I’m still not totally clear on what company would need to do to implement this and interface with VeChain. It looks like VeChain is rolling out a sort of self service toolchain environment [4]. I am very curious how much a company would have to adjust or update their manufacturing and or supply process to implement the VeChain sensor technology, perhaps that is a current bottleneck to more “quick and easy” mass adoption for many companies.
I realize this probably reads like an advertisement for VeChain, however I am not affiliated with any of the companies mentioned, I am just another crypto enthusiast who sees this as an ideal use case of blockchain technology. Who better to implement a blockchain solution and mitigate their biggest (currently unsolved) security issue than crypto hardware wallet manufacturers.
[a] https://robertspigler.wixsite.com/blog/in-defense-of-my-attack-on-hardware
[1] https://decrypt.co/resources/vechain
[2] https://www.vechain.org/whitepaper/#bit_zxhvz
[3] https://vechainofficial.medium.com/vechain-technical-ama-hardware-questions-part-1-ce7a5f19c3e1
