Kapersky new hardware wallets : Not a good idea.

in #crypto7 years ago

After writing a post describing the the Ledger Wallet Nano S, I came across two new products manufactured by Kapersky Labs, the well-known antivirus editor: Ballet and Securator.

kapersky.png

Before going further, if you want to understand why and how to use an hardware wallet, and why it is absolutely necessary to have one to secure its cryptos, please read my article on the ledger.

The devices

As we can see on the picture above, both devices look like old USB keys. The Ballet is the simplest one and costs $25. The Securator costs four times this price ($99), is slightly larger, with a screen and a lightning (iPhone) plug.

The design presented here is perhaps not the final one, but we can see that:

  • Both are designed with an old-school soldered USB socket (as on old USB keys). You will need an extra adapter to use it on recent machines equipped with USB-C;
  • There is no physical hole, so you cannot use a necklace/cord (very useful to secure and find your device in a bag)
  • Microcontroller looks classic, and equivalent to ST31/STM32. If they had something better (as the CC EAL5+ certification of the Ledger) they would have specified it here.
  • They have planned (but not developed yet as we can see on the the poor screenshots) to provide an iOS application to use the device with an iPhone (and surely Android too) by NFC wireless communication or direct lightning connector (with Securator). As Apple Core NFC is not very open yet, I don't think that Kapersky will be able to use wireless connection with Apple phones. Which would mean that only the 'luxury' version of devices would be compatible with an iPhone.
  • There is no mention of Mac, Linux or Windows application, or compatibility with MyCrypto. Do we need to use a Kapersky proprietary instance to perform transactions? I'm afraid we do.

The Kapersky support very few coins compared to the ledger, but the main ones are here: Bitcoin, Bitcoin Cash, Ethereum, Classic Ethereum, Litecoin, Dash, Zcash and Ripple. They plan to add Bitcoin Gold, Monero and Dogecoin.

Hain.png

Finally, there is an optional proposition to subscribe to "blockvault", a premium service (billed $30 per year) to make an "offline" copy of the device. There are few details on this option, but if it means to copy the private key (the famous 24 words passphrase) at Kapersky facilities, it's a very bad idea from a security point of view . The best (only) way to secure this seed is to write it in a sheet of paper and store it in a physical safe (maybe this is why we still need banks after all) or use exotic things such as steganography. Never trust any third party player to store your key for you!

My opinion

Like french Archos device, Kapersky use its brand to sell a new product and surf on the cryptocurrencies buzz: They say that they offer the first device created by professionals in cybersecurity, but Ledger or Trezor teams worked exclusively on this topic for several years, so I consider them as professionals too.

Kapersky labs has been the subject of many controversies in recent months and accused of spying for the Russian government. Their products have been banned by law within the US government, and although they have very good engineers, this company has lost the trust of many users.
Their BlockVault proposal seems dangerous to me and does not provide enough information to prove anything good in term of security.

After long years of calm, security flaws have been found on Ledger devices last week, but the team has an excellent and very transparent communication and they published a fix very quickly. They also have a very aggressive bug bounty policy.


All this gives us an important guarantee of trust for the Ledger, and it is clear that today this is still the best choice to protect your Cryptos. Nothing justifies, at this stage, to use a Kapersky device.

Sort:  

I just saw that Trezor updated their firmware, integrating Saleem Rashid exploit correction. If you uses one, just do it !

t.png

For your information, there is another steemit article by @ipromote.

We disagreed on several points but we both don't have enough information yet in order to completely analyse those devices.

We will see after getting some in our hands !