Stop Doing Tamper Evident Security Seals Wrong!

Disclosures:  Digital Bitbox sent me two devices to take a look at.  I sent them no money in return.  I am going to destroy one and keep the other.  Nobody reviews my content before I post it, and my posts are my own opinions.



A pair of Digital Bitboxes just arrived at HQ, and I've got to address this straight away -- even before a Teardown/First Impressions post.  After removing the box from a sealed anti-static bag, I saw this:

A tamper-evident seal!

Branded even!  The shiny hologram has 'security' repeated in the background.

Seal completely intact, and the product easily skips out of the 'secure' packaging.

Seal intact, both the bitbox and sd card easily removed.  This is 100% of the contents of the box. (I broke the seal and opened the box later to confirm this.)

Stop half-assing security measures.

I thought we all learned this exact lesson from the Mycelium Entropy's shameful showing

The purpose of a tamper-evident seal is to make it clear that something has been opened or tampered with upon inspection.  These seals can be a deterrent against some adversaries who do not have the tools or skills to bypass them.  In this case, the bypass was slightly squeezing the box and letting the product slide out the side.

This is security theater.  This seal serves no purpose but to communicate that either:

  1. The manufacturer thinks that their customers are idiots and will be fooled into thinking that this shiny piece of tape adds any amount of security.  or:
  2. The manufacturer does not understand how to implement security features and wants to make that clear upon first impressions.

Either case is pretty lousy.  I guess they aren't mutually exclusive.  From the first moments of experiencing their product, my level of confidence in Digital Bitbox to not screw up other security details is not high.

Hardware Bitcoin wallets are not toys.  They are financial products that you are asking your users to trust with their money.  This is important.  Get the details right.  If you are going to include a security feature, make sure it works.

In this case, it would be cheaper and more effective to not include a seal at all.  You would not have had to spend the money in procuring a custom seal, and the time in applying them to the box -- and you would not be implying that part of the security model of your device is a strip of shiny tape poorly applied.


Teardown and second impressions coming soon.