Use a mobile phone as a large screen for securely verifying transactions and receiving addresses created by the BitBox. This avoids man-in-the-middle attacks on computers that have been fully compromised (i.e. rooted). Optionally in addition, enable the mobile phone as a second-factor authentication (2FA) device using the desktop app's 'Options' tab.
Technically, a private and encrypted communication channel between the mobile phone and the BitBox is created using a hashed Elliptic Curve Diffie–Hellman (ECDH) key exchange in combination with off-channel information from a blink code, using the BitBox's LED. All you need to do is count a few blinks and enter them in the mobile phone. See how below.
Choose your platform to get the free mobile app.
sha256sum - dbbc41907269605b2e1ec0af79b77af9c034e255f3f8d7b43fe3f11251f6df81
To begin, your mobile phone and computer need to be connected to the internet. First, connect the mobile app to the desktop app. Then, pair the mobile app with the BitBox as described below.
Use the mobile app to scan the QR code presented by the desktop app.
Pairing only needs to be done once and can be redone at anytime.
Information received by the BitBox displays automatically in the mobile when connected to the internet. Otherwise, get the information by scanning QR codes presented by the desktop app.
When full 2FA is enabled, possession of the mobile phone is required in order to spend coins. Full 2FA is enabled using the 'Settings' tab in the desktop app. Under the hood, an encrypted single-use PIN is sent to the mobile app, decrypted there, and returned to the BitBox when pressing the Accept button.
BE CAREFUL! Be sure to backup your wallet and pair the mobile app before enabling 2FA. Once enabled, the micro SD slot, necessary for backups, and mobile app pairing is disabled. These are re-enabled only after ERASING the BitBox.