On searching “blockstream jade can someone get my bitcoin with my PIN plus the device” in Google the AI says “No, someone cannot get your Bitcoin on a Blockstream Jade with just the PIN and the device.”, and it says “In essence, even with physical access to the device and the PIN, an attacker would also need to compromise the companion app’s secure channel or have access to the blind oracle, making it extremely difficult to steal your Bitcoin.”
However what is to stop an intruder with your PIN and your Blockstream Jade device from simply installing a companion app (eg. Blockstream Green) on their own PC and connecting your Blockstream Jade device to it, and then using your PIN to steal your Bitcoin?
If all you needed to spend your Bitcoin was your PIN and your Blockstream Jade device (and assuming the 12 word seed phrase has been previously entered into that device and is still there) then how come an intruder with that same information is supposedly not able to steal your Bitcoin? The above AI response does not seem to make sense. What is “secure” about a companion app that anyone can download and run on their own PC?
