[azurelogic]

I'm just critiquing the air gap design/claim. Getting a malicious QR code in front of the camera would either require the attacker to gain physical access to the device, at which point it is game over for any device, or they would have to compromise the app presenting the first QR code. This would be a problem regardless of the air gap design for something like this, even if you had to enter the data by hand into the device.

[DiThi]

If I understood correctly, the wireless transmission is one way. So the attacker would ask the wallet to sign a transaction, then the confirm button would be mistakingly pressed... and you have to scan the screen to be able to send that transaction.

Possible problem: The attacker sends a transaction at the same time (or just before) a legit one is sent.

Not a big deal: The user is asked to send a specific quantity to a specific address on the screen. If somehow the user didn't check or the attacker fooled him with the same quantity etc, the picture still has to be taken and check it is the same transaction. Additionally, the wireless communication can have a second authentication factor.