Supply Chain Attack

A supply chain attack in crypto hardware refers to a type of cyber attack where a malicious actor attempts to compromise a cryptocurrency hardware wallet or other hardware device used for storing or trading cryptocurrencies by tampering with its supply chain.

With hardware wallets, the need to have a secure supply chain system applies both to software and hardware. In reference to software, the risk factors consist of the ability of the user to verify the authenticity of the software that they are using - especially when it comes to any malware that may exist on software that is downloaded from unofficial websites. Hardware security pertains to the integrity of the chips used with the product, and the firmware that the hardware is operating on.

Cypherock has taken measures to protect users from any potential supply chain related issues. Cypherock's cySync app can be downloaded from Cypherock's website and can also be viewed on Cypherock's github. Additionally, Cypherock uses a secure provisioning method that is used to detect any malicious changes in the hardware or firmware of the X1 Vault. Lastly, before the product can be used, both the X1 Vault and the X1 card authenticate each other to establish an end-to-end encrypted session. This will also fail in case any one of the devices or cards is not an authenticated product from Cypherock.

Before shipment, each device is provisioned with a unique set of private-public keys for device authentication and NFC card pairing. Authentication is performed by verification of signatures generated by the private key in the device. Signature verification is performed by the server using the corresponding public key.