
Why the PewDiePie Printer Hack Is a Warning for Crypto Investors - wglb
https://www.ccn.com/why-the-pewdiepie-printer-hack-is-a-warning-for-crypto-investors/
======
mimixco
Bitcoinpaperwallet.com let's you print a paper copy of your keys. You download
the JS and it checks to make sure you're offline first.

~~~
wglb
How do you know if the JS that is downloaded to your browser is the correct
untampered version?

What if, after printing, the printer that is disconnected when printing is
later exposed to the internet its memory of what was printed is exfiltrated?

~~~
mimixco
The JS has a checksum. Now, the printer's internal memory, that's a good
point. Is there even a UI for that? Perhaps a factory reset after printing the
keys, but what a pain in the ass.

~~~
wglb
Unless there is some sort of authenticated encryption associated with the
checksum, it can be faked just as easily with modified javascript.

