News
"Game of Thrones": Trezor developers responded to the Ledger vulnerability statement
The developers of the popular hardware wallets Trezor commented on the statement by competitor Ledger about a number of vulnerabilities in their products. In response to Ledger's presentation at #MITBitcoinExpo, we have mitigated the mentioned vulnerabilities. Read our official response at https://t.co/5IvMrMm9bQ pic.twitter.com/1rPovxsYjt – Trezor (@Trezor) March 12, 2019 So, in Trezor stressed that you can fake any device, commenting on the attack on […]
The developers of the popular hardware wallets Trezor commented on the statement by competitor Ledger about a number of vulnerabilities in their products.
In response to Ledger's presentation at #MITBitcoinExpo , we have mitigated the mentioned vulnerabilities. Read our official response at https://t.co/5IvMrMm9bQ pic.twitter.com/1rPovxsYjt
– Trezor (@Trezor) March 12, 2019
So, in Trezor stressed that you can forge any device, commenting on the attack on the supply chain.
“In this case, there is simply no solution that guarantees 100 percent security. Every company is struggling with this problem in its own way. ”
At the same time, the vulnerability that allowed potential attackers to carry out an attack on a third-party channel was resolved.
According to the developers, during the testing of the Trezor devices, the Ledger researchers discovered only two vulnerabilities that the attackers would still not be able to exploit. However, they were also eliminated.
It is noteworthy that an attack on a third-party channel with a scalar product cannot be used, since an attacker will have to enter a PIN code.
The fifth vulnerability, subject to the so-called sudden final attack, affects all hardware devices, added to Trezor, but is solved using a passphrase.
In addition, all of the above attacks require physical access to a hardware wallet and cannot be carried out remotely.
I would like to be aware of since designing @Trezor . Because we realize no HW is 100% safe, we introduced the passphrase; that besides plausible deniability eliminates many kinds of physical attacks, like this one. https://t.co/pFK0o6FpCu
– slush (@slushcz) March 12, 2019
“I would like to thank Ledger for showing off the attacks that we have known since the creation of Trezor. We are aware that hardware devices cannot be completely secure, so we entered a passphrase. In addition, the plausible denial makes most physical attacks irrelevant , ”said Marek" Slush "Palatinus, CEO of Satoshi Labs .
On March 13, it also became known that a PR firm representing the interests of Ledger was trying to agree on the publication of an article about vulnerabilities at Crypto Briefing. The latter refused, because they perceived it as a blatant attack on a competitor.
2 / We refused to run the story. When it comes to #crypto #security we don't take sides.
– Crypto Briefing (@crypto_briefing) March 12, 2019
The day before, Twitter’s founder Jack Dorsey had probably got his first Trezor.
Thanks @Trezor pic.twitter.com/w6YHCRckZe
– jack (@jack) March 12, 2019
More information about Ledger research can be found here.
Subscribe to BlockchainJournal on Facebook !
BlockchainJournal.news
BlockchainJournal.news
