Wallet.fail, a Berlin-based security research team, has launched a series of successful physical attacks on popular hardware devices from Trezor and Ledger .
During the presentation at the 35th Chaos Communication Congress in Leipzig, Josh Datko, Dmitry Nedospasov and Thomas Roth successfully demonstrated a series of various attacks on popular hardware wallets Trezor and Ledger.
Vulnerabilities that have been presented range from those that can be fixed by updating the firmware, to errors that will require new equipment, reports Bitsonline .
compromising the bootloader to run snake ? pic.twitter.com/AUNzR0HGar
– Afri ?️ (@ 5chdn) December 27, 2018
In particular, some of the exploits demonstrated included the following:
- Getting a PIN and mnemonic phrase from Trezor RAM;
- Signing transactions remotely through compromised Ledger Nano S;
- Interception Ledger Blue PIN;
- Lacking load Ledger Nano S.
In addition, the researchers identified five separate genres of vulnerabilities that can be used during attacks on the hardware wallet, namely:
- Architectural;
- Firmware;
- Hardware;
- Physical;
- Software;
From here, in the industry of hardware cryptographs , there will most likely be a revaluation of values. The good news, of course, is that average users will probably never face such attacks, because attackers simply won't have physical access to devices in most cases.
With regards to # 35c3, we ’ve not been informed about the stage. We have to update you.
– stick⚡Pavol Rusnak @ 35c3 (@pavolrusnak) December 28, 2018
Commenting on the situation, the CTO in SatoshiLabs, the company responsible for Trezor, wrote on their twitter that they were not informed about the errors in advance, so they learned about them from the stage. He also added that troubleshooting will be done through a firmware update at the end of January.
Ledger gave detailed comments on the information about the vulnerability of their devices .
Share your opinion on this issue in the comments below.
