Hello!
I was wondering… How secure is this device against physical attacks i.e. suppose authorities confiscate the device at a US border crossing and decide to perform forensics. What information will they be able to obtain (assuming I’m using all features offered by Nitrokey Storage)? Which data can be compromised by gaining physical access to the device, if any?
Also, how can someone reliably verify the nitrokey storage firmware, if for example an adversary gains physical access and flashes a malicious version of the firmware? While trying to read the flash memory, the malicious firmware can simply be programmed to lie about the contents by reading and returning the original firmware data that resides somewhere on the internal SD flash storage. But there’s no way to remove that SD card without opening the case first. I haven’t tried opening it yet, not sure if its a good idea… glue anyone?
Best regards!