Can you really call it an air-gap if you're using a BLE radio? I mean, yes, technically the information is transferred over the air rather than through a wire, but you wouldn't call a cell-phone an air-gapped device because it has half a zillion radios inside, many of which you can't even reliably turn off.<p>Looking at the recent Broadcom wifi vulnerability -- just having a phone sitting there with the radio on is enough to let an attacker gain root on some devices.<p>I've generally seen the term "air-gap" used to mean "as isolated as possible" -- i.e. take apart a laptop and remove all networking hardware, microphones, speakers, fill all the ports with epoxy, and connect it to an isolated battery / power supply.<p>If an attacker can poke at your device by sending it custom BLE packets without your knowledge, I'd argue that it doesn't qualify.<p>From the video:<p><i>The firefly is receive only, so it cannot be remotely hacked.</i><p>Bullshit.
I wonder why use a screen/QR code to send back the signed transaction. What could an attacker do with a signed transaction you wouldn't want him to do ? It would be more user friendly to send back the transaction to the phone using the customs BLE packets
The firefly certainly can transmit it has a display. I imagine an attacker could get the firefly to display enough information to extract the ether from the wallet.
Thank you so much for showing me what I am supposed to do with my ETH credits! (Edit: Apparently I came off as astroturfing or something, I don't know why, I wanted to draw attention to the amazing ethers.io thing that is two links deep inside of this post...) This was honestly the first time I saw a great demo of what Ether can do and how it should be used, all within a browser, and also thanks to Coinbase supporting Ethereum, without even reaching for my wallet.<p>Edit: And the Devcon2 video behind the ethers link! This is the link that keeps on giving!<p>That was the easiest anyone on the internet ever took my $20. And I feel like you just showed me So Much in so few steps.<p>I have no idea what I just bought, or if I need to do something so that I can receive a kit? Hope your crowdfunding is successful? It says teaser, so I'm assuming that what I bought was just the ENS name, and the incredible exchange that was absolutely frictionless. I see that I have my own vanity address in there now, and I'm thinking that this is all somehow built on Ethereum ecosystem. In about 60 seconds you just completely restored my confidence that the whole Ethereum thing is absolutely incredible, and gonna take over the world.<p>(Not to mention I like the looks of your product/DIY thing!)<p>Man I feel like I'm really far behind the curve on this Ethereum thing, I learned all about Bitcoin but I never took any time to learn about Ethereum, and I feel like that was such a huge mistake. I know that it's contracts, and smart contracts, and by default accounts can't even tell you about transactions at all, until you write more something or other in a contract; and contracts are somehow JavaScript, and that's about as far as my knowledge extends about it.<p>I really just figured out that I needed to get some when it was worth about $90. But only just now, seeing how slick this Javascript wallet thing is that you just showed me, that you made me figure out how to keep, only now do I feel like I Really Get how much power there is in Ethereum that you don't just get "Batteries Included" like this on Bitcoin.