Skip to content

Physical Security Notes

Defence in Depth#

Defence in Depth means multi-layer security, many layers and many types of protection. We mention defence in depth and physical security frequently because it is as important to us as it is to you.

You're probably aware of COLDCARD®'s layers like encryption, air gapping, and verifiable software (if not, please browse our documentation). In this section, we focus on COLDCARD's physical security features:

Security is in the Bag#

The first line of defence is the tamper-evident bag with its colourful and detailed printing, bar code, and water damage indicator. Our Quickstart Guide covers the bag-opening process for new customers.

Bag Number#

One of the most important features is the bag number. The factory records this number in a secure location within the COLDCARD's flash memory. So, there is an actual link between a COLDCARD and its bag.

The bag number appears three times: ① in the blue border at the top of the bag, ② with a bar code under the orange Coinkite® text, and ③ inside the bag on a torn-off tab. All three instances of the bag number match.

COLDCARD Q Bag Number Locations

Tear-Off Tab#

The tear-off tab inside is another way to confirm factory freshness. The numbered tab gets removed from the top of the bag and sealed inside before shipping. Put the two together and inspect them. You should see the tear-off tab matches the top of the bag.

Mk3 COLDCARD Tear-Off Tab Matched with Bag

VOID Seal#

Pulling apart the bag reveals the VOID seal. If you open the bag and don't see the words VOID and OPEN (for example, you cut the bag instead of pulling it apart), you can still make sure the VOID seal is present and genuine by locating the layers and pulling them apart.

Mk3 Bag V2 VOID Seal

Mk3 Bag V2 VOID Seal Layers

NOTE: Tweezers for demonstration purposes only. Tweezers won't pull the layers apart very well.

Water Damage Indicator#

If the bag has been compromised and exposed to water, the thin white stripe below the VOID seal will wash away, releasing a pale blue dye.

Compromised Mk3 Bag V2 Dipped in Water

The left side shows where the water has reached; the right side shows the white stripe intact:

Compromised Mk3 Bag V2 Water Damage Indicated

A Clear Case for Security#

Malicious hardware has nowhere to hide. COLDCARDs have see-through cases making physical attempts to alter the hardware glaringly obvious. The case material is tough, impact-resistant plastic. Even if you accidentally drop your COLDCARD, you're still hodling tight and worry-free.

COLDCARD Front View

COLDCARD Back View

GENUINE and CAUTION LEDs#

Attackers discouraged from implanting hardware may consider the firmware route to compromise a COLDCARD. Unfortunately for them, the factory signs every firmware release, and the device looks for this signature on startup.

COLDCARD Caution LED Glowing Red

Each time a COLDCARD connects to power, it verifies the firmware signature and checks all data stored in its flash memory. The red CAUTION LED is lit during this process while the screen displays the verification notification message. Once the signature and the flash memory are verified, the green GENUINE LED indicates it is safe to enter your PIN. If the firmware is not factory-signed, the red CAUTION LED stays lit as a warning not to enter your PIN.

COLDCARD Q Caution LED Glowing Red

These LEDs also have a role in the firmware upgrade process, which you can read about here.

One Tough Chip: The Secure Element#

You might not think of physical security as part of a chip's job, but the Secure Element has its contributions.

Secure Element defence highlights:

  • Provides dedicated, purpose-built secure storage for your seed words, physically separated from the MCU
  • Controls the LEDs so malicious software can't change their behaviour
  • Removes the possibility of resetting the device due to its heavy involvement in COLDCARD operations

It's even willing to take a bullet to protect your secrets. We've marked where to aim - just in case.

Multiple Vendors for Security Chips#

The COLDCARD Q and Mk4 now come with two secure elements, from different vendors, to protect your Bitcoin. Specifically, they use Microchip's ATECC608C and Maxim's DS28C36B to store the critical master secret: the seed phrase for your wallet. Alongside the dual secure elements, the devices are powered by an STM32 MCU from STMicroelectronics.

By employing secure chips from three different manufacturers, COLDCARD significantly mitigates the risk associated with potential vulnerabilities inherent in any single vendor’s technology. Each vendor has its own set of security protocols and engineering practices, which means that the likelihood of all three chips having the same critical flaw is considerably reduced. This layered approach creates a more resilient security architecture because even if a vulnerability were discovered in one chip, the additional two would still offer robust protection, ensuring that the overall integrity of the stored secrets remains intact.

This strategy enhances the overall robustness of the device against targeted attacks. Attackers aiming to breach a COLDCARD would need to circumvent the security mechanisms of all three chips, which increases the complexity and difficulty of any potential breach. This diversification not only complicates the attacker's job but also aligns with industry best practices of employing multiple layers of security to safeguard critical information. By distributing the risk across different technologies, COLDCARD exemplifies a forward-thinking approach to security that prioritizes the protection of your Bitcoin assets from a range of potential threats.

To learn more about secure elements, checkout our substack article: Understanding Mk4 Security Model

Tamper-Evidence Security Bag#

Our white tamper-evident security bag (sold seperately) is designed to keep your ColdCard device and other items safe during storage or transportation. While the bag itself can't physically deter someone from tampering with the contents, it's shows clearly whether the contents have been exposed or not due to the VOID watermark. Once the bag is opened, there's no way to reseal it.

Bag Image 1

How To Use:#

  • Gather up all the items you want to keep safe and proceed to put them inside the bag.
  • Rip the perforated tab at the top of the bag. Keep the tab with you in a safe and seperate location from the bag or put it in the bag for future refference. When opening the bag in the future, make sure to compare the number on the bag with the number on the tab same confirm they're identical.
  • Now it's time to seal the bag; pull the front flap down and peel the white plastic behind the blue tab to expose the adheasive. Push the blue tab to the back of the flap to seal the bag.

Bag Image 2

Opening The Bag:#

  • Tear the bag open where the top blue strip is to expose the VOID watermark. You now know someone has tampered with your bag and it is unsealed.
  • Confirm the bag number is the same as the number written on the perforated tab.
  • If you want to reseal your items once more, make sure to use a new tamper-evident security bag.

Checkout our Tamper-Evident Security Bag Youtube tutorial here: Coinkite Security Bag Guide

Mk4 Update “Update 2023-12-29: Extensive research and field feedback over several years have led us to conclude that the use of epoxy is no longer needed for the current hardware security design, specifically for the Mk4 architecture. Given this context, adversaries capable of exploiting chip decapping (i.e. LFT) techniques are also likely to possess the necessary skills to remove the epoxy without causing damage to the sample.”