New Product Announcement – ProtectingCoin Case/Skin for the Trezor Model T

We have started our new designs for the ProtectingCoin Case/Skin for the Trezor Model T Hardware Wallet.  The new design will feature full coverage for the body, USB cutout and microSD cutouts.  We have begun design/modeling for prototyping and will be completing molds shortly.  Plans are to launch in Q2 of 2018.  The Model T case will be offered in five unique colors.

Subscribe on https://protectingcoin.com for the latest updates on this exciting new release.

Design Mock-up (actual colors may vary in final product)

PCC_CASE_MODELT2

Trezor Model T – LIBUSB_ERROR_NOT_SUPPORTED

We have been using the newly released Trezor Model T Hardware Wallet for a few days now and wanted to provide a quick update on an error we came across during initial setup.

After unboxing the new Model T (excellent new packaging with the magnetic mount), we took some time to remove all of the Security seal adhesive.  The tamper security seal has been moved to the Trezor Model T body and goes over the USB C connection on the wallet.  (The original Trezor One had two tamper seals on the packaging but none on the wallet).  The adhesive does take some work to get off but rubs off with a little work.  Some have reported using different chemicals to remove the adhesive but we don’t believe that is really needed and some chemicals could react with the plastic body so use caution with chemicals when removing the adhesive.

After the Model T was all cleanup up, we connected to a Windows 10 PC with the provided USB-C cable (approx 12 inch USB-C cable).  Following the 3 simple steps to begin setup we went to trezor.io/start and had the option of setting up a Trezor One or Trezor Model T.trezor_start

Selected the Trezor Model T and the next step was to install the Trezor Bridge.  The Bridge software is used to communicate with the Trezor Wallet and is available for Windows, Linux and Mac.  The Bridge is a small install file and only took a few seconds to download and install.

After the bridge was loaded we were able to install the firmware.  All new devices come without a firmware and this is loaded on initial setup (this is very easy/automated and no technical skills are needed to install the firmware) (current firmware version of of 03/12/18 is 2.0.1)

The next step is where we ran into some issues and received an error in the portal of “Action was interrupted – Error Details: LIBUSB_ERROR_NOT_SUPPORTED”.

Model_T_error2

Started with typical troubleshooting steps of disconnecting and reconnecting the wallet, closed all browser windows and reopened and rebooted PC to make sure no issues with initial install, browser or connection.  All these steps resulted in the same error of LIBUSB_ERROR_NOT_SUPPORTED.  Next, we uninstalled and reinstalled the new bridge software, only to receive the same error.  Spent a little time reviewing error logs and was able to see the step it was failing on but not why.model_t_erro1

At, this point, it was time to hit up the forums and see if anyone else had come across the same error when setting up the new Trezor Model T.  At this point there was only around 1000 or so shipped worldwide so the install base was pretty small at that point.  The forums did point to an email from Trezor support with the same error reported and a note that a box (around 100 units) did make it out of manufacturing with an older version of the bootloader installed and this error is related to the older bootloader and some incompatible issue with some USB ports.  The impacted bootloader was version 2.0.0 and the correct version (without the issue) was 2.0.1.  This issue could impact batch numbers labeled with 08-2018 and 09-2018 (*note, just because you have this batch number it does not mean you will have the older 2.0.0 bootloader as only around 100 units from that batch slipped through shipping).  To confirm your version of the bootloader and firmware, swipe across the Trezor Model T screen right as you connect.

20180309_2320311.jpg

The test confirmed the Model T was already on the most recent version of the bootloader (2.0.1) but there were a few comments in the forums that reinstalling the bootloader resolved the error even when they already  had the latest.

To reinstall the bootloader you will need a microSD card.  Of course in the middle of the night, when you really need one, they will be impossible to find, regardless of how many you have seen in a drawer the week before.  After a quick trip out to buy a $9.88 microSD card with SD card adapter we were ready to go with updating the bootloader.  The process to update the bootloader is relatively simple and only takes a few minutes.

  1. Download the latest bootloader file (2.0.1)
  2. Download and install the free software “Etcher” (this will be used to prepare your microSD card)
  3. Insert the microSD card (you may need to use a card reader or SD card adapter depending on what card slots you have on your PC).
  4. Open Etcher and click “Select Image”etcher.JPG
  5. Locate the bootloader-2.0.1.bin file you downloaded and click open.
  6. You may get a message that it is not a bootable image, just click “Continue”bootable_image
  7. Next you will need to click “Select Drive” and select your microSD card.  (*At this point we had an issue with our brand new $9.88 microSD card where it always said it was write protected no matter the position of the write-protected tab on the card…a little scotch tape took care of this write protection…most would not have that problem but it was just that kind of day and of course we picked up a bad microSD card).
  8. Click finish and this will complete prep of your microSD card.
  9. Disconnect your Trezor Model T and insert the microSD card.  It will only insert in one direction and will fully insert in the Model T.
  10. Reconnect the Model T and the bootloader will begin updating, this takes around 10 seconds.
  11. After the install is completed, disconnect the Model T and eject the microSD card. (the microSD card is spring loaded in the port so push in lightly and it should pop out).
  12. Now you are ready to reconnect your Model T with a fresh install of the bootloader!!!

We connected our Model T, went to the portal and …same error!  A reflash of the bootloader again resulted in the same error.

Taking another look at the logs we started to expect something with the bridge or something conflicting with USB connections.  Reviewing what was installed we discovered two versions of the bridge software was still installed.  Both the new bridge and the older version 1.x bridge software that was used for our Trezor One Wallets.  We uninstalled both version of the bridge and started over with connecting and installing the latest bridge.  IT WORKED!  The whole issue turned out to be an issue with having two versions of the bridge software.  Surprised that installing the new bridge software did not uninstall or overwrite the old version.

The end fix ended up only taking a minute and was not difficult after getting on the right path.  We look at the experience as a positive one (silver lining) though as it presented a learning opportunity to learn how to flash the bootloader using the new microSD slot that has been included with the Model T.  Hopefully this post can help you out if you just received your Model T and encounter an issue with your old bridge software causing a conflict.

Post any questions you may have on the new Model T in the comments and any experiences you may have with the new wallet.

Ledger releases Firmware update 1.4.1 for the Ledger Nano S (Important update)

UPDATE 03/20/2018 – FULL REPORT HAS BEEN RELEASED.  Some of the initial speculation regarding the exploit was correct and some was less so.  If you have not updated to the latest firmware, go ahead and do so now.

Full report: https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/

Ledger released a new Firmware version (1.4.1) for the Ledger Nano S.  “Firmware” is the embedded software on a device that works as the operating instruction for the device.  ledger-nano-s-cable-medium

The Firmware update makes some changes to the user interface, adds support for 18 Cryptocurrency interfaces being installed on the device at one time; this was a big complaint on the previous firmware as it only allowed 4 or 5 at any one time to be installed.   The new Firmware also adds some new methods to lock the device with a 3 second push of both buttons, a method to force users to confirm their recovery seed backup during the setup phase (a good thing) and some optimizations to the speed of the device.

Those are all positives updates but the security update included in the firmware, that you are most likely to hear about, is the resolution of an exploit related to exposing the Private Key on the device.  You should take action to install the new Firmware ASAP, the chance of you being impacted by the exploit is unknown with the information currently released.  Here is a quote from the Ledger update,

Important note: there are some claims on Reddit and Twitter about a critical security issue being found on the Nano S. This is incorrect. The issues found are serious (that’s why we highly recommend the update), but NOT critical. Funds have not been at risk, and there was no demonstration of any real life attack on our devices. We will disclose all technical details after March 20th.

From the information we have reviewed (full reports will not be released until late March as this allows people to patch before releasing full details), the hack to expose a devices private key would require physical access to the device before the seed was created, a 3rd party installing a specific firmware or application, and access to the computer you are using for the Ledger to install specific software and perform specific transaction processes (again, this is early information and some may be speculation at this point as Ledger and the security researcher that discovered the bug have not released a full report.  Ledger has confirmed that there are no cases of this bug being reported in the real world and has only been reproduced in a lab.

More detailed information of new features included in this update:

New features to significantly improve user experience…
  • The number of apps which can be loaded onto the Nano S at the same time can be raised to up to 18 (depending on the cryptocurrencies see FAQ), thanks to some refactoring on the BOLOS app management. As a reminder, deleting an app does not impact your cryptocurrency holdings: when the app is reinstalled, the original balance is retrieved.
  • The screen lock management has been slightly modified. A long press (3 seconds) on both buttons of your Nano S when it is in use (whether in the dashboard or while using apps) will enable you to lock the screen.
  • To ensure that the user has backed up correctly the 24 words, all of them must now be confirmed during the onboarding.
  • Several other optimizations have been implemented in order to improve the user experience. For instance, the device is now faster using some cache optimizations.

We do recommend you update as soon as possible to correct this potential bug and also for the new features. While we understand the wide spread concern of such bugs it is important to realize that with each bug  and resulting patch/update, the systems and devices become stronger and more secure.

*Note, heavy load on the Ledger servers to pull down the Firmware update may cause some delays in downloading the update.  If you are not able to update right away, wait a little while and retry.

Link to the Ledger Firmware update information page: https://www.ledger.fr/2018/03/06/new-firmware-update-1-4-1-available-for-the-nano-s/

Link to the Firmware Update instructions: https://support.ledgerwallet.com/hc/en-us/articles/360001340473

 

Andreas Antonopoulos talks Hardware Wallets and security

Andreas Antonopoulos is a well respected speaker in the Cryptocurrency industry and many consider him the public face of the growing Cryptocurrency community.  He has published 3 books (Mastering Bitcoin, The Internet of Money V1, The Internet of Money V2) and is currently working on his fourth book (Mastering Ethereum).

Check out his most recent YouTube post where Andreas talks Hardware Wallets and levels for securing Cryptocurrency.  The one addition we would make to his advice is to replace the paper that is used to write your backup recovery seed with a form of metal engraving or punched metal letters (CryptoSteel) on Steel or Titanium.  This allows permanency of your recovery seed and protects from water, fire, wind, accidental damage and/or the degradation of ink and paper over time.

*Extra bonus tip – You can use many Hardware Wallets as a cold storage option through your smartphone application with an extra cable.  This allows you to use Cryptocurrency from your phone while still utilizing the extra security advantages of a hardware wallet.

 

How my Cryptocurrency Exchange account was hacked

This is a true story from a new ProtectingCoin customer who recently had their Cryptocurrency Exchange account hacked and lost funds. The customer has now moved to using a hardware wallet for storing currency. This story is shared not to scare but as an educational and cautionary tale. *Note – this user is not new to technology and is technically savvy. **This hack that was used is also not unique to Cryptocurrency and impacts email accounts, online banking and any other account you access online. ***Names and small details have been altered to protect privacy

lock_BTC2

It was late 2017 and Cryptocurrency’s monumental rise was all the talk on social media, around the water cooler and had even become a recurring topic on the evening news. Many currencies such as Bitcoin, Litecoin and Ethereum had experienced increases of 1,000% or more within 12 months and more money was flowing in daily pushing the total market capitalization (value of all cryptocurrency coins) to over 600 Billion dollars.

Robert, a savvy user of technology, makes his living from technology and fiance and is very well versed in the use of technology. While working with a colleague one evening they utilized a very popular desktop sharing program (many of you may have this program or a similar program installed right now). Robert uninstalled the program after they had finished the remote desktop sharing program but the program had left a part of the program still installed. A hacker was able to remotely access Robert’s computer and install additional remote viewing and key logger utilities. A key logger records each and every key stroke that you type on your keyboard and logs it in a nice little package that is then sent to the hacker (passwords, usernames, pins, email addresses, email messages and instant messages are all recorded for later use by the hacker).

Robert, did we mention he was much more technically inclined than your average user on the internet, noticed some red flags that the hacker left behind and he took immediate action to update passwords, alert his banking institutions and freeze his credit. The hacker immediately responded by enlisting the assistance of more skilled hackers and launched a second attack on Robert’s digital assets. The hacking team was then able to take control of Robert’s goggle accounts and eventually his phone. For many, our entire lives from banking to family pictures are stored on our phones so this can be especially devastating.

Robert had no choice but to wipe devices and has spent weeks working to clear up issues with exchange accounts, banks, credit, social media accounts and as a result has lost many contacts, family photos and many hours of work into files that can not be recovered. This is on top of the financial impact of lost funds.

With quick actions, Robert was able to slow down some of the damage but the average user may not have been so lucky and recovering from this type of attack can spread over years as you work to repair damaged credit and accounts. Remember, with so much of our lives online now that this can happen to anyone and at any time.

Here are a few Security practices that we all can add to our daily routines:

  • Create complex passwords (do not use birthdays, names of childen/pets, or other easy to find information)
  • Do not use the same password for numerous sites (your forum for daily cat videos may have more security holes than your mega bank ((and those mega banks still get hacked)).
  • Do not write passwords down in text files where anyone can read them.
  • Be cautious of opening links and attachments in emails. If you were not expecting it, call to confirm it was sent and delete if you can not confirm.
  • Be cautious when installing new programs as many apps can be fake. There are numerous reports of fake/malware apps even making it on the mobile App stores.
  • Be cautious when using public computers as you have no idea what may be installed on these computers.
  • If storing Cryptocurrency, use a hardware wallet such as a Trezor, Ledger or Keepkey and don’t store your seed words online.
  • Use 2 Factor Authentication when offered on websites. *Note – text message (SMS) 2 Factor is better than nothing but can be hacked by a novice hacker. 2 Factor applications are the next step up and hardware based 2FA is the most secure option.
  • Never provide credit card or other personal information when receiving unsolicited calls. If you believe the call is valid, hang up and call the company back with the phone number published on the back of the card. **Note – even if the number they called you from, when checking caller ID, appears to match, it still should not be trusted as caller ID can be faked. Only trust it if you call them.

Did we leave off any security tips. Comment and add them to help everyone be more protected.

Many Cryptocurrency markets drop 15% or more in 24 hours

Many Cryptocurrency Markets, including Bitcoin, Bitcoin Cash, Litecoin, Ethereum, Ripple and others have dropped 15% or more in the past 24 hours.  Some seeing a dip of more than 20% today.  While this level of volatility may be extreme it is important to remember these markets are very new and have grown at a tremendous rate.  The Cryptocurrency market cap one year ago was approximately 16 Billion.  Today, after the dip, it sit over 500 Billion.  This dip was spurred by mounting years that the South Korean government may issue bans or tighten regulation on Cryptocurrencies.  This reaction is very similar to when China stopped Initial Coin Offerings and limited Exchanges in September 2017.  The cost per 1 Bitcoin, on September 1, 2017 was $4,700 and  dropped by 25% after the actions from China.  Within 3 months from this event, Bitcoin reached a new high that exceeded $19,000 per Bitcoin.  This represents a growth of more than 500%, post China ICO ban / Exchange regulation.

Do you view the dip as something to fear or a buying opportunity?

*Note – We are not financial advisors and do not provide financial consultation.  Please seek out professional financial advisors and complete your own research when making investment decisions.

bitcoin_chart