SafePal – A low-cost, SE based, Air-gapped Hardware Wallet

david

While discussing hardware wallets, Trezor and Ledger are the two popular names that usually come to the mind. But there are, in fact, other players in this particular market that are slowly getting the spotlight.

SafePal - A low-cost, SE based, Air-gapped Hardware Wallet

In a previous article, we explored a secure Bitcoin hardware wallet with an air-gapped solution. Today, we’re looking into yet another air-gapped wallet, called SafePal.

What makes SafePal different?

The S1 is the first hardware wallet released by SafePal, which takes an interesting approach to secure your crypto assets. Let’s explore what SafePal brings to the table, and how it stacks against its competitors.

Bank-grade SE with Air Gap (Closed-source)

The SafePal uses a bank-grade EAL 5+ certified Secure Element, which protects the wallet’s secret from most of the attack vectors. The private keys are generated inside the SE and are never exposed to the outside world. In this regard, SafePal is similar to the Ledger Nano S and Nano X. SafePal is also a closed-source wallet, as are the two Ledger variants.

However, one particular fact that could tip the scale in favor of SafePal, is that it provides an air-gapped solution for sending and receiving funds. The SafePal is 100% offline, with no WiFi, Bluetooth or NFC connectivity available for performing transactions. A USB interface is present but it works in restricted mode, which is meant to perform firmware updates only.

In comparison, the Ledger Nano S needs a USB connection to confirm and sign transactions, while the more recent Nano X operates over Bluetooth in addition to USB.

Note: As with Ledger, you’d need to have a certain level of trust on SafePal, because of the bank-grade SE and the closed-source nature of the project. We’re not going to compare the SafePal wallet on the security aspect, with open-source competitors such as Trezor or ColdCard, as they follow a different ideology.

Low Cost

At just $39.99, SafePal S1 is one of the cheapest (if not the cheapest) hardware wallet out there. In comparison, even the ColdCard, which tries to keep the costs low, is priced around $109.

Multi-layered security schemes

According to SafePal, the S1 implements various security mechanisms to detect different attack vectors and invoke automatic self-destruct or key-erasing mechanisms depending on the situation. Thus, the device is rendered useless before the attacker can finish performing the attack.

Additionally, the use of a bank-grade SE ensures that the secret is protected against both physical as well as remote attacks.

Mobile-first wallet

SafePal S1 uses its companion app for Android and iOS to do most of the UI heavy lifting. That being said, the SafePal has a decent-sized colored display itself and has quite a bit of navigation options. Seed generation and retrieval both happen directly on the wallet and not on the mobile app.

Note: Though SafePal is primarily mobile-focused, it can also be used with desktop-based DApps that support the WalletConnect protocol.

Coin Support

While SafePal’s coin support is less than that of Ledger, it’s still better than many of the other competitors. SafePal supports Bitcoin (BTC), Ethereum (ETH), Binance Coin (BNB), Litecoin (LTC), Bitcoin Cash (BCH), DASH, XRP, DOGE, ONE, along with extensive support for ERC20 and BEP2 tokens.

Support for additional coins is planned to be added soon.

Backed by Binance with Binance DEX support

SafePal is the first hardware wallet that is invested and backed by Binance. Apart from Binance, the project is also backed by other well-known brands, such as Bit Temple, Injective Protocol, Torus, Decore, Path and more.

SafePal offers full DEX support, enabling all SafePal users to trade on Binance DEX directly using the wallet. More information on this can be found in this blog post.

SafePal Look & Feel

The SafePal S1 comes in the size of a credit card and contains a 1.3-inch high-resolution display, along with navigation keys to move around the wallet interface, an OK button for confirming transactions and a dedicated power button to turn the device on or off.

SafePal Look & Feel

There’s a micro USB port, which is used exclusively for charging and for firmware updates. Currently, SafePal doesn’t allow you to perform transactions over a wired connection.

The wallet has a built-in battery, so you don’t have to keep the device plugged into a power socket while using it (although you can do that too). It also has a camera at the back (more on that below).

How does SafePal’s air gap mode work

As mentioned before, SafePal implements an EAL 5+ CC certified SE to store and protect the secret, just like the Ledger wallets. But it also operates fully in air-gapped mode (apart from firmware updates), which is not currently supported by Ledger.

That means the wallet doesn’t need any connection (wireless or wired) to send funds (hence the term “air gap”). SafePal uses encrypted QR codes and its onboard camera to communicate with the companion Android or iOS app.

Any transaction that you initiate on the SafePal mobile app generates a dynamic QR code, which you need to scan with the camera on the SafePal device. Once the code is scanned, the transaction information is transmitted to the device and can be verified on the SafePal display.

To confirm the transaction, you need to press on the OK button on the SafePal device, and then scan the encrypted QR code generated on its display using the camera on your smartphone to transmit the signed message back to the mobile app. After that, the transaction will be broadcasted to the particular blockchain network.

How to set up and use the SafePal wallet

Setting up the SafePal wallet is quite similar to setting up a Ledger. The one significant difference is the pairing process with the companion mobile app.

  1. Ensure your SafePal wallet is charged, and long press on the Power button to turn it on.
  2. Select your preferred language.
  3. Create or Recover your wallet. SafePal supports the BIP39 standard 12, 18 or 24-word seed phrase. Follow the on-screen instructions on the SafePal wallet to complete the setup process.
  4. Finally, set up your 6-12 digit PIN code that will serve as the first level of security against unauthorized access of the wallet.

You will need to download the SafePal smartphone app and pair it with the SafePal wallet as a part of the setup process. After the PIN setup Is completed, SafePal will prompt you to download the official SafePal app from the App Store or Google Play Store and display a QR code with a link for the same.

Pair SafePal wallet with Android / iOS app

  1. Download and install the official SafePal app from the App Store or Google Play Store.
  2. Launch the app on your smartphone and tap on the Add Wallet button. An encrypted QR code will be displayed on the mobile app.
  3. Log on to your SafePal device by entering the PIN and select the Scan option.
  4. Scan the QR code displayed the mobile app using the SafePal device’s camera.
  5. Click OK on the device to confirm pairing and enter the PIN code again.
  6. Next, the SafePal app will display a series of dynamic QR codes. Click on Next in the mobile app and scan the dynamic QR codes using your smartphone camera until all the codes are scanned.

Your SafePal wallet is now paired with the smartphone app, and you’ll now be able to access the wallet details (coins added, balances, transactions, etc.) inside the wallet app.

Firmware updates on SafePal

Firmware updates are important as they bring access to new features and fix possible security vulnerabilities as they are found. You can refer to SafePal’s official update guide to download and install new firmware updates as and when they become available.

Note: Depending on the update, you may need to pair the device with the SafePal app again, or recover your wallet seed post the firmware update.

SafePal v/s different attack vectors

SafePal implements various security features to protect itself from tampering and prevent forced exposure of the secret. Since SafePal’s code is closed-source, there’s no way to fully verify their implementation, but to take SafePal’s word for it.

Remote Attacks

SafePal wallet is protected against remote attacks of all sorts. First, the device uses an EAL 5+ CC certified bank-grade secure element for protecting the device secret.

On top of that, SafePal operates fully in air gap mode. The device resorts to using encrypted QR codes for all sorts of communications between itself and the SafePal app on your smartphone, keeping the wallet itself offline all the time.

Note: The only time that you’d need to connect SafePal to a computer is while installing a firmware update. At the time, the device has to be switched to a restricted USB mode, when it is mounted on the computer as a virtual disk drive.

Physical Attacks

SafePal employs several security mechanisms to prevent physical attacks of any kind, be it Theft, Supply Chain, Evil Maid or other Man In The Middle (MITM) attacks. Let’s explore the different security mechanisms available on the SafePal wallet.

Device Authentication Mechanism

All recent SafePal S1 devices carry the tamper-evident seal in the packaging. Additionally, they also include a software-driven device authentication mechanism using encrypted QR codes to verify the device authenticity during the setup process. To learn more about this authentication mechanism, you can refer to the official documentation on the SafePal website.

The tamper-evident seal and the device authentication mechanism together help towards the detection of possible Supply Chain attacks.

Note: The tamper-evident sealing and the device authentication mechanism was added since September 2019. The device authentication mechanism requires changes at the manufacturing process level (not just a firmware update). So, if you’ve purchased a SafePal device before September 2019, this feature might not be available to your device.

True Random Number Generator (TRNG)

TRNG in a hardware wallet is key to the generation of a truly random mnemonic seed. The TRNG used in SafePal is qualified with both the AIS31 standard from the Germany BSI and the FIPS PUB 140-2 standard from the U.S. government computer security standards.

A well-implemented TRNG helps to generate unique mnemonic seeds, which is resistant against known brute force attacks of seed extraction.

You can learn more about SafePal’s TRNG and its importance on their website.

Multi-sensor-based Secure Element

Apart from qualifying the EAL 5+ CC certification, SafePal’s chip architecture is also equipped with multiple sensors to detect possible attempts of hardware tampering.

  • High and low voltage detection module: To confront with fault injection attacks such as voltage attack or extreme temperature attack
  • High and low-frequency detection module: To confront with frequency and electromagnetic attack
  • Filter: To shield and filter abnormal frequency
  • Light sensor: To detect light conditions when the chip is opened up
  • Pulse sensor: To detect abnormal pulse signal caused by physical attacks
  • Temperature sensor: To detect abnormal temperature caused by electronic attack
  • Metallic shield: To detect electromagnetic disturbance when the attacker tries to open up and probe the chip

In case of detection of a possible physical attack, the SafePal device will automatically execute self-destruction of key-erasure mechanism, so that the attacker can never get their hands on the wallet secret. Such security measures tend to protect the SafePal wallet from potential evil maid attacks.

To learn more about SafePal’s threat detection sensors and other security schemes, you can refer to the official documentation.

Software Security

Apart from the security provided at the hardware level, SafePal implements several security schemes at the software level as well. These security measures also help prevent supply chain, evil maid and other MITM attacks.

PIN code & App password: Unauthorized access to the SafePal wallet is prevented by the use of PIN code authentication that is required every time you use the SafePal wallet. Similarly, knowledge of the App password or biometric authentication (if available) is required to access the SafePal mobile app.

Automatic private key deletion: In case the wrong device PIN is entered multiple times consecutively, the private key stored in the SE would be automatically erased. If that happens, you’d need to recover your wallet using the 12, 18 or 24-word mnemonic seed.

Security Suffix: A Security Suffix is a combination of 3 alphanumeric characters generated inside the SafePal wallet based on the device information and the mnemonic phrase. It is unique for each device-mnemonic phrase combination and can be used to identify an “acquaintance” attack when any person other than the device owner attempts to reset the wallet without the knowledge of the owner. In this case, if the wallet is reset and a new mnemonic phrase is generated by the TRNG, the Security Suffix will change, and thus the owner can be aware that the device information has been changed. The security suffix is added as a suffix to the wallet name provided during the setup process and can be viewed on both the wallet and the app.

Secure Firmware Upgrade: The firmware verification program inside SafePal verifies the genuineness of the firmware before running it on the device. The device only runs official firmware released through the official SafePal website. If any altered firmware update is loaded on the device, SafePal will display warnings before running it.

Tamper-proof: SafePal authenticates the installed firmware through a multi-verification system. If the verification fails, a normal start-up is prevented.

Areas of potential improvement

SafePal is the most affordable secure hardware wallet available. That being said, here are a couple of areas where SafePal could improve.

-Despite all the security measures, SafePal doesn’t provide an option to bail out of a duress (gunpoint!) situation. Support for BIP39 passphrase is an important feature that’s missing at the moment.

-Even though SafePal supports a large number of ERC20 tokens, currently it doesn’t have the option to add custom ERC20 tokens and you can only add the ones that are available on the pre-defined list of supported tokens.

-Since SafePal is closed-source, there’s no way to verify whether its hardware wallet uses a TRNG to generate the mnemonic phrase. Getting some random input from the user (e.g., taking multiple images using the on-device camera) would introduce an external entropy factor which would be unique for all users. Thus, the trust factor could be reduced.

However, these features are easy to add to any SafePal wallet through a firmware upgrade. The lack of these features is certainly not a deal-breaker.

Is SafePal wallet for you?

If you’re someone who’s looking for an affordable hardware wallet without compromising on the design & security and doesn’t mind having to trust the device manufacturer rather than keeping it open & verifiable, SafePal is a good bet.

In terms of security and affordability, SafePal may arguably be a better hardware wallet compared to Ledger, because of its air gap implementation and low cost.

And even though SafePal’s code is closed-source at the moment, the company is open to making part or all of its code publicly available in the future.

The team is also quite reachable and friendly. It’s pretty easy to get in touch with them for support or clarifications.

Get SafePal

Share your thoughts