It was too good to be true. A fingerprint sensor will be the authentication method of choice for Block’s hardware wallet. The company revealed new details in the March update of their newsletter, and some of them were not well received by the community. Apart from the fingerprint sensor, the lack of a screen was also a cause for concern.
A few weeks ago, Bitcoinist Was Excited About Block’s Bitcoin Hardware Wallet project. In this article, we said:
“According to the Block/Square team mailing list, ‘our goal is to bring simple self-guarding to a global audience.’ Simple words for a hugely ambitious goal. However, Nick Slaney seems confident that the business will succeed.” If we do our job the way I think we will, explaining key phrases to your father will be a thing of the past.”
And it all sounded so good. Until the company reveals what the authentication method would be.
What do we know about the fingerprint sensor?
The company’s reasoning seems sound: “we want our customers to be able to unlock their wallet securely, yet easily.” They are trying to create a product for the common man, and the key phrases and the risk they carry seem like too much for the general population.
“We think PINs, passwords and seed phrases are confusing and often insecure given the workarounds normal people have to create given all the friction. It gets worse when the need for these passwords is rarer.
Ok, that sounds good. But then they drop the bomb:
“To achieve seamless authentication in practice, we plan to embed a fingerprint sensor into the hardware of the wallet. Every authentication technology comes with trade-offs. We are excited about security against theft or misuse this will provide, the peace of mind that will come from not having to remember another PIN, and the ease of placing a finger on the sensor rather than fiddling with tiny, failure-prone buttons on a hard-to-read screen.
.@jack what the fuck are you really thinking? https://t.co/CXiCvqVDHN
– Remove LND, use C-Lightning (@brian_trollz) March 11, 2022
Wow, did they have to throw screens under the bus? These serve a crucial purpose in Bitcoin hardware wallets, but more on that later. Let’s focus on the fingerprint sensor for now. Is it a safe and proven security method? Aren’t there serious known drawbacks to biometric authentication? They talk about trade-offs, but aren’t there too many risks associated with the fingerprint sensor method?
BTC price chart for 03/12/2022 on Coinbase | Source: BTC/USD on TradingView.com
Sensitive data and other access methods
What about the honeypot of personal information that the fingerprint database will create? Well, luckily we won’t have to worry about that because the data will never leave the device:
“As we build the product, we will evaluate additional access methods that customers might choose. And of course, fingerprint sensor data will never leave the hardware device. But don’t take our word for it – listen to the independent community who can inspect and verify our source code.
The “additional access methods customers could choose” is also a good sign. And remember, the main feature of this particular project is that they will take advice from the community. And when they revealed the fingerprint sensor, a lot of advice must have arrived.
We have just released our latest update on the bitcoin wallet we are building. We include a fingerprint sensor and do not plan to include a screen. Read more here and let us know what you think! https://t.co/DyUNg0bOup
— Max Guise (@max_guise) March 11, 2022
Known Disadvantages of the Fingerprint Sensor
Security experts IFSEC Global have identified four giant weaknesses in biometric authentication:
- “Biometric authentication details cannot be invalidated remotely in the event of a problem.”
- “The scourge of ‘MasterPrints’ is tricking popular smart devices.”
- “Biometrics is immutable.” (this means that if another person obtains a replica of your biometric data, you cannot do anything)
- “Software faults.”
It’s not just hackers who duplicate fingerprints. Law enforcement has been doing this for many years now. Consider this a friendly reminder to turn off biometric unlocks when traveling.https://t.co/rvKjR77C2n
— HONK HONK GG⚡🧡 (@dergigi) June 16, 2021
They also highlighted three known hacking vectors:
- “Create a fake fingerprint.”
- “Handling an iris scanner.”
- “Compromising the device and extracting biometric data.
For more details and explanation on each of these points, visit the original article.
What other details about the upcoming hardware wallet did Block reveal?
- “We recently opted to use a rechargeable lithium-polymer battery and a USB-C port to power the device.”
- “Focusing on the mobile app as the primary interface will provide a more accessible, safer and cheaper wallet.”
- “We plan to build the hardware without a display.”
The lack of a screen was also heavily criticized on Twitter. People believe that a way to double-check transaction details is crucial for final settlement transactions. Are they onto something? Or is Block’s approach the right one? Will the common man double check the details of the transaction? Can he afford not to?
In any case, this is what we know for the moment. Keep an eye on Bitcoinist for further developments of this new product.
Featured Image by Allef Vinicius on Unsplash | Charts by TradingView