Cameron Robertson I see. That is still concerning the way it is described. It's an area that I think the docs should address more clearly. Does it get stored temporarily in burner os? You are in a position to be able to copy and transfer that data with an update to the Web app (even targeting specific addresses if desired). I'm assuming it requires the pin be used but it looks like my pin defaulted to 7 days without requiring the pin be re-entered. Is that for any and all operations? Wouldn't be too hard to duplicate if the device sees any use by the owner and you have a semi-aware attacker. I'm a little doubtful of how the duplication can be done safely so the more detailed the explanation of what's happening here to make it clear why this can't just be cloned with a custom Flipper Zero app or something similar the better.

I also noticed that the packaging doesn't prevent reading the NFC, so people could go through and claim them prior to purchasing (just non-ideal for customer) but also could duplicate. Unsuspecting victim doesn't know what the setup process should be so an already configured one might not alarm them.

Like the direction of the product so far though, might go through and grab some more.

> Does it get stored temporarily in burner os? You are in a position to be able to copy and transfer that data with an update to the Web app (even targeting specific addresses if desired).

The key material is fully encrypted between the two Burners; BurnerOS never has access to unencrypted key material.

> I'm assuming it requires the pin be used but it looks like my pin defaulted to 7 days without requiring the pin be re-entered. Is that for any and all operations?

The PIN is usable for 7 days on your phone. So an attacker would need both your phone and your Burner to then subsequently duplicate a card. But that is a good point, I believe that requiring a PIN on the Card Duplicator option regardless would be prudent.

> I'm a little doubtful of how the duplication can be done safely so the more detailed the explanation of what's happening here to make it clear why this can't just be cloned with a custom Flipper Zero app or something similar the better.

The way in which Burner represents as an NFC device is very different that what a Flipper Zero can manipulate. Effectively the "NFC" layer of Burner that a phone or Flipper sees is only an interface for the secure element. This means you can do all sorts of things via a Flipper: request reads/writes, but without a PIN code and the correct command set they won't be able to "hack" the device.

For Card Duplicator Burners effectively establish a secure handshake similar to TLS in a browser with a server. The two Burners establish that they are genuine Burners, generate a shared key, encrypt private key material with that key, share it and then verify the duplication process worked.

> I also noticed that the packaging doesn't prevent reading the NFC, so people could go through and claim them prior to purchasing (just non-ideal for customer) but also could duplicate. Unsuspecting victim doesn't know what the setup process should be so an already configured one might not alarm them.

Burner's aren't available in retail today and we don't accept returns. More importantly, we can establish whether or not a Burner has been duplicated (or is a duplicate) and will surface this through the Burner UI. If/when we sell in retail we will probably consider a foil that blocks NFC, we specifically chose not to do that for directly shipped Burners so users can gift them sealed.

Cameron Robertson All awesome stuff to hear! Great work! I feel a lot more comfortable recommending them for others

I do still think it would be useful to update the documentation to clarify some of these points