BC Vault hardware crypto wallet ecosystem is made of two components (as most of the hardware crypto wallets):
- Desktop Application
- Firmware running on the device
Both components are incredibly important in regard to the security. This is why we choose not to publish the source code as a malicious actor could simply take the existing code, insert malicious functions and try to trick the user into using that malicious application or firmware. This shortcut for malicious actor is not acceptable and has been proven to be exploited in cases of other products in the past.
It is much harder for anyone to even try to build a malicious application (or to re-create a look-alike application) and firmware without the access to the source code.
We also implemented other security measures for both, the application and the firmware. For example:
- Application is digitally signed by our developer certificate that is recognised by both MS Windows and MacOS, so you will not get any warnings as "Unknown developer/application".
- Firmware is digitally signed by our developer certificate and device will only accept such firmware and no other.
- The communication running between the device and the application is also encrypted and data is double checked. This means that when the application sends a request to the device (such as sign send crypto message), the device will first display all important information on the display for your security. A rouge application might display something on the monitor, but then request something else to be signed by the device. Once the device will sign the message the application will recheck the received data to see if the signed data is exactly the same as the original request.
We love open source and are thankful for every single author sharing their work out there, but it is a double-edged sword and you always have to consider both sides (the good and the bad).
Many hardware crypto wallet vendors claim to be open source, where in reality, they are not. They maybe publish the source code of a plugin/module/application, but not the most important part - the actual code responsible for keeping your crypto wallets (private keys) secure - the firmware.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article