A fingerprint sensor? Regarding Block’s Hardware Wallet Details Revealed

0

It was too good to be true. A fingerprint sensor will be the authentication method of choice for Block’s hardware wallet. The company revealed new details in the March update of their newsletter, and some of them were not well received by the community. Apart from the fingerprint sensor, the lack of a screen was also a cause for concern.

A few weeks ago, Bitcoinist Was Excited About Block’s Bitcoin Hardware Wallet project. In this article, we said:

“According to the Block/Square team mailing list, ‘our goal is to bring simple self-guarding to a global audience.’ Simple words for a hugely ambitious goal. However, Nick Slaney seems confident that the business will succeed.” If we do our job the way I think we will, explaining key phrases to your father will be a thing of the past.”

And it all sounded so good. Until the company reveals what the authentication method would be.

What do we know about the fingerprint sensor?

The company’s reasoning seems sound: “we want our customers to be able to unlock their wallet securely, yet easily.” They are trying to create a product for the common man, and the key phrases and the risk they carry seem like too much for the general population.

“We think PINs, passwords and seed phrases are confusing and often insecure given the workarounds normal people have to create given all the friction. It gets worse when the need for these passwords is rarer.

Ok, that sounds good. But then they drop the bomb:

“To achieve seamless authentication in practice, we plan to embed a fingerprint sensor into the hardware of the wallet. Every authentication technology comes with trade-offs. We are excited about security against theft or misuse this will provide, the peace of mind that will come from not having to remember another PIN, and the ease of placing a finger on the sensor rather than fiddling with tiny, failure-prone buttons on a hard-to-read screen.

Wow, did they have to throw screens under the bus? These serve a crucial purpose in Bitcoin hardware wallets, but more on that later. Let’s focus on the fingerprint sensor for now. Is it a safe and proven security method? Aren’t there serious known drawbacks to biometric authentication? They talk about trade-offs, but aren’t there too many risks associated with the fingerprint sensor method?

BTC price chart for 03/12/2022 on Coinbase | Source: BTC/USD on TradingView.com

Sensitive data and other access methods

What about the honeypot of personal information that the fingerprint database will create? Well, luckily we won’t have to worry about that because the data will never leave the device:

“As we build the product, we will evaluate additional access methods that customers might choose. And of course, fingerprint sensor data will never leave the hardware device. But don’t take our word for it – listen to the independent community who can inspect and verify our source code.

The “additional access methods customers could choose” is also a good sign. And remember, the main feature of this particular project is that they will take advice from the community. And when they revealed the fingerprint sensor, a lot of advice must have arrived.

Known Disadvantages of the Fingerprint Sensor

Security experts IFSEC Global have identified four giant weaknesses in biometric authentication:

  • “Biometric authentication details cannot be invalidated remotely in the event of a problem.”
  • “The scourge of ‘MasterPrints’ is tricking popular smart devices.”
  • “Biometrics is immutable.” (this means that if another person obtains a replica of your biometric data, you cannot do anything)
  • “Software faults.”

They also highlighted three known hacking vectors:

  • “Create a fake fingerprint.”
  • “Handling an iris scanner.”
  • “Compromising the device and extracting biometric data.

For more details and explanation on each of these points, visit the original article.

What other details about the upcoming hardware wallet did Block reveal?

  • “We recently opted to use a rechargeable lithium-polymer battery and a USB-C port to power the device.”
  • “Focusing on the mobile app as the primary interface will provide a more accessible, safer and cheaper wallet.”
  • “We plan to build the hardware without a display.”

The lack of a screen was also heavily criticized on Twitter. People believe that a way to double-check transaction details is crucial for final settlement transactions. Are they onto something? Or is Block’s approach the right one? Will the common man double check the details of the transaction? Can he afford not to?

In any case, this is what we know for the moment. Keep an eye on Bitcoinist for further developments of this new product.

Featured Image by Allef Vinicius on Unsplash  | Charts by TradingView

Share.

Comments are closed.