With firmware versions V1.2.0 (BTC-Only & Multi-coin), you can generate a recovery phrase by inputting the results of physical dice rolls as a way of easily achieving your own TRNG. Instructions on how to do that here.
We have now open sourced parts of the hardware wallet’s Android operating system layer. It joins the hardware wallet application layer, Secure Element firmware, and hardware design (circuit diagram device schematic and BOM) on our list of open source resources that can be found on our Github page.
We use an Android operating system because it provides a mature toolchain for integrating a camera (QR code data transmissions), touchscreen (usability and error prevention), and other aspects of a user-friendly experience. An Android-Secure Element structure is commonly found in many payment and banking terminals today. From our open source operating system layer code, you can see that we limit the Android attack surface by:
- Closing adb and removing the adb daemon
- Removing unrelated system processes and apps
- Preventing installation of third-party apps
- Patching Linux kernel vulnerabilities
This upgrade package is much bigger than usual and includes updates on the Android system layer.
Firmware Version V1.2.0 (BTC-Only & Multi-coin) have a number user interface improvements that help with your security. Targeting the recently disclosed threat of Fee Attacks, we introduced an automatic check of transaction history so that Cobo Vault can prevent you from signing risky transactions.
The bitcoin-only firmware will display change addresses and allow you to add new change addresses to the list. Side note: this feature will also allow you to verify change addresses on third-party wallet apps have not been swapped.
In response to suggestions from @maxtannahill and others in the community, we removed the highlight bar that appears at the top of the screen in Passphrase wallets, made it so Cobo Vault displays derivation paths, and added the digital fingerprint of upgrade packages to the website (credit to @btcdragonlord for this suggestion).
A couple of bugs have been fixed in this upgrade, including the keyboard bug (credit to @btcdragonlord).
Firmware upgrade V1.2.0 (BTC-Only) adds single signature PSBT compatibility with Wasabi Wallet, BlueWallet, and BTCPay Server. Native SegWit Bech32 addresses (credit to @evankaloudis for the suggestion) will be an option for these three wallets. However, these compatibilities are still dependent on software updates from these wallets, which we believe will happen in their next releases. Credit to @evankaloudis and others for the suggestions and input that helped us achieve these improvements.
You may have noticed this upgrade mainly focuses on the Bitcoin-only firmware version, which is our top priority in terms of improving the product. Going forward, BTC-Only firmware upgrades will come in two versions:
- One if you are upgrading from a multicoin version
- One if you are upgrading from a previous BTC-Only version
Please note that if you upgrade to BTC-Only firmware, you will not be able to switch back to a multicoin version.
The next firmware upgrade V1.3.0 will introduce PSBT multisignature (multisig verification included) and Bitcoin Testnet support! Stay tuned for the release.