In an ongoing effort to ensure the best overall security for the trusted KeepKey hardware wallet, we have issued a new firmware update, which includes new features, bug fixes, and proactively addresses potential (unexploited) security concerns for defense-in-depth security. ShapeShift recommends all KeepKey users apply the update in a timely manner. Read more below for details.

New Features

  • Message signing for Sablier token streams
  • Message signing for 0x ERC-20 Transformations
  • Message signing for three additional Tendermint-based chains: Terra, Kava, and Secret

Security Improvements

This release contains a mitigation for a potential electrical glitching attack disclosed to us by security researcher Christian Reitter. The potential impact of this attack is relatively low (it has never been seen in the wild), but we do recommend that you update in a timely manner.

Glitching attacks like this one start with your KeepKey in someone else's hands. All hardware wallets are vulnerable to sophisticated attackers tampering with their electronics while in physical possession of the device. The primary security offered by any hardware wallet is against software attacks, not physical ones; this is the standard nature of cold storage device security (they are designed to be kept physically secure).

The impact of this particular issue is that an attacker who pries open or drills into the KeepKey's case can attach a specially programmed glitching device that prevents validly signed firmware from entering a low-privilege mode on boot. This low-privilege mode is a defense-in-depth measure that prevents compromised firmware from also compromising the bootloader; as such, this attack is only of use to turn some other exploit that would already result in the loss of your keys and funds into one that can also undetectably backdoor your KeepKey.

We have no evidence that this attack has been performed outside of a laboratory setting. While KeepKey's case is not rated as "tamper resistant," we've found that opening it is quite difficult to do without causing visible damage. We recommend examining the case of your device for damage (including pry marks, bent or broken sections, or holes, which may have been drilled on the rear surface of the device and later filled in) if you're concerned that yours may have been tampered with.

If you have any further questions, please reach out to our support team.