This update includes an important security patch in the firmware, as well as new features in the BitBoxApp and BitBox02. We recommend that you update to the latest desktop app and firmware before you next use your BitBox02.
Security first
The BitBox hardware wallet is a security device. This is why we encourage independent audits and are upfront with issues found and fixed.
What happened?
On 5 March 2020, Saleem Rashid responsibly disclosed through a bug bounty program a vulnerability that allows an attacker to trick users into paying excessive fees when sending bitcoins. A malicious software wallet would need to trick the user into signing a Bitcoin or Litecoin SegWit transaction twice, for example by faking an error after the first signing and asking the user to try again. By collaborating with a miner, the attacker could potentially gain access to these fees.
This issue affects all hardware wallets that support SegWit transactions, and a joint release date has been coordinated for today, 3 June 2020. This update patches this vulnerability, and we strongly encourage all users to update to the latest BitBoxApp, which will update the BitBox02 firmware. We have no reports of lost funds and have found no evidence that the vulnerability was exploited. We would like to thank Saleem Rashid for his support in improving the security of our products.
Am I at risk?
If you signed a Bitcoin or Litecoin SegWit transaction on your BitBox02 and confirmed it on the device in the past, but then you received an error message of some kind on your computer and then signed the same transaction again, an attacker might have created a transaction with excessive fees. Read below to find out how to check whether or not this occurred for any given questionable transaction.
The BitBox01 is not affected by this vulnerability.
What should I do to stay safe?
Be sure to always use the latest desktop app and firmware. Prior to updating, verify your backups by following our BitBox Backup Verification Guide.
You can download the latest BitBoxApp (version 4.19.0) at https://shiftcrypto.ch/start. We strongly recommend to verify the release as explained on the GitHub releases page.
The BitBoxApp has the latest firmware embedded inside. It will guide you through the process of updating the BitBox02. If you think you might have been tricked into signing a transaction twice, there are two scenarios in which you need to take action:
- You were not able to send the signed transaction at all
Move your funds to one or multiple new addresses in the Bitcoin or Litecoin account as soon as possible. There is no need to reset your device or create a new wallet. - You were able to broadcast the transaction and send the funds to the intended recipient
Check your transaction in the updated BitBoxApp (be sure to verify the release as explained above) or an online block explorer. If the details of your transaction are shown as expected, everything’s fine. If you see unexpected transaction information, like excessive fees or the sent amount is too high, please reach out to our support team.
The update released today fixes this issue and eliminates this potential attack scenario completely. Please contact us at [email protected] if you have any questions.
What’s new: BitBoxApp 4.19
Feature: Buy & sell with recommended exchanges
One of our goals is to guide our users through all the different stages of buying, holding and securing their own funds. The question where to buy Bitcoin and other cryptocurrencies is a regular one. The new “Buy & sell” feature in the BitBoxApp allows you to quickly find the right exchange for your needs.
When deciding which exchanges to list we don’t favor the ones using affiliate programs (although we’ve applied to some), and this is why we also list peer-to-peer exchanges like Bisq or Hodlhodl. Therefore, we can give a full overview of good options available.
Feature: Allow Tor connections to Electrs without TLS
The BitBoxApp allows you to connect directly to your own Electrs server or Electrum Personal Server. This significantly improves privacy and reduces the trust you need to put in us. The Tor network is a convenient and secure way to access your own server from anywhere, even outside of your own network, without any router configuration. Up until now, the BitBoxApp enforced the usage of TLS to encrypt the communication and make sure you are connected to the right server, with no man-in-the-middle. But traffic over the Tor network is already encrypted and authenticated.
This update allows you to connect to your own Electrum Tor hidden service without using an additional TLS endpoint.
Improvement: Add checkpoints for SPV header verification
The BitBoxApp receives blockchain data from a remote Bitcoin full node over the Electrum protocol, either run by a third party or yourself. The app verifies all blockchain headers for added security, making sure that all shown transactions have actually been mined and are included in these blocks. But like all other simple payment verification (SPV) wallets, if isolated from all other data sources, it could potentially be fed a fake blockchain, starting with a fake genesis block.
Hardcoded checkpoints for known historical blocks prevent that. While the btcd library that we use already contains some old checkpoints, these are not visible in our own open-source code. For transparency, we added more recent checkpoints (as of 2020/05/07) directly in our own codebase, which are now easier to verify, and enforce them during SPV header verification.
Improvement: Support HiDPI scaling on Windows
Some Windows users found it hard to use the BitBoxApp on very high-resolution displays. This is why we enabled support for HiDPI scaling that allows you to dynamically adjust the scale of applications to your preferred size.
To enlarge your BitBoxApp in Windows 10, go to Settings
> System
> Display
and set the preferred scale in percent. Restart the BitBoxApp to use the new setting.
What’s new: BitBox02 firmware 8.0
Improvement: Additional known U2F websites
When using the BitBox02 as a U2F second-factor device, most websites are differentiated by hashing their URI (e.g. sha256('https://gitlab.com')
). The result is compared against a whitelist of the hashes of known sites and — if found — the site name is displayed. If the hash is not found in the list, the hash value itself is shown for user confirmation.
We’d like to thank the anonymous contributor jengo9332 for extending this list significantly. Of course, every single entry has been double checked by multiple engineers at Shift. And with the beauty of open source software, you’re free to do so as well.
Improvement: Warning on multiple change outputs
Following our responsible disclosure of A theft attack on Trezor Model T, we applied some learnings to our own code, based on the principle of “security in depth”. One measure worth highlighting is the new warning on multiple change outputs.
The standard behaviour of most Bitcoin wallets is to create a single change output per transaction. If a transaction contains more than one change output, the user is warned. While the BitBox02 is able to verify that all change outputs belong to itself, a malicious wallet could potentially create numerous small change outputs, costing more fees to consolidate in the future, or even generating dust outputs. The BitBox02 now warns you if a transaction has multiple change outputs.
Improvement: Bigger font
The OLED screen of the BitBox02 is able to display a lot of content. We used quite a small font initially and got feedback from users to make it bigger.
Thanks for reaching out, we think this new bigger font improves readability for all of us.
Improvement: Using Rust
Rust is a memory-safe programming language. That means the compiler can reason about memory usage and impose heavy restrictions on how device memory can be accessed by the program securely, significantly minimizing memory safety issues (Microsoft claims that about 70% of all security vulnerabilities are memory safety issues).
Rust is 100% interoperable with the C programming language that we currently use, and which is still the defacto standard for writing low-level firmware. This allows us to gradually replace parts of the current software with Rust, without the need to rewrite everything from scratch.
In this release, to name just a few examples, we were able to leverage Rust for asynchronous workflows, replace the noise protocol in a more rigid implementation and even save ~60 KB in the firmware size in the process.
How can I stay up-to-date?
We encourage you to sign up to the BitBox news to stay up to date with our latest news, including release notes and bug fixes.
As always, please do not hesitate to contact us at [email protected] if you have any questions.
Thank you for your continued support.
Shift Team
Shift Crypto is a privately held company based in Zurich, Switzerland. Our international team of specialists across engineering, cryptosecurity and Bitcoin core development build the BitBox products and provide consulting services. The BitBox02, a second generation hardware wallet, equips individuals to easily store, protect, and transact cryptocurrencies. Its companion, the BitBoxApp, provides an all-in-one solution to securely manage your digital assets with ease.