Earlier this year, security specialists uncovered vulnerabilities in several hardware cryptocurrency wallets, including two Ledger models and one Trezor model. Now, Ledger has stepped up, stating that it has found additionally flaws in Trezor devices and has published its findings on its website.
Through its Attack Lab at the company’s headquarters in Paris, France, Ledger states that it has found five vulnerabilities in the Trezor products that it was willing to disclose, as well as a sixth that, because it cannot be patched, was not published. It adds that it informed Trezor of the issues four months ago, giving them ample time to address them. However, the company never responded to Ledger’s warnings.
Ledger explains, “The analysis encompassed both of Trezor’s hardware wallets (Trezor One, Trezor T), focusing on the Trezor One. It also applies to clones of Trezor wallets. We responsibly disclosed these vulnerabilities to the vendor, allowing them to take appropriate measures for protecting their users. Now that the responsible disclosure period, including the two extensions, has expired, we wanted to share details … in the spirit of full awareness and transparency.”
The Attack Lab was able to show that Trezor devices can easily be imitated. It was able to make exact replicas of the hardware wallets, including the “same hardware architecture” and the “same look and feel.” It was even able to re-seal the tamper-proof sticker that is designed to prevent unauthorized access to the devices.
Ledger also states that the PIN associated with a device can be broken using a Side Channel Attack (SCA). This type of attack includes the use of a random PIN and measuring the power consumption of the wallet when the random PIN is compared to the actual PIN. The measurement can allow a hacker to gain access with only a few tries and Ledger indicates that it was able to enter the device in less than five tries. The company acknowledges that Trezor has already fixed this vulnerability through firmware update 1.8.0.
Another SCA is possible when the device is physically controlled by someone other than the asset holder. The secret key can be extracted through an SCA when the key is used by Scalar Multiplication. Scalar Multiplication, a primary routine in the cryptographic controls for cryptocurrencies that is associated with signing transactions, was compromised by Ledger using nothing more than an oscilloscope and a few measurements, allowing the Attack Lab to extract the key. However, the vulnerability is only possible if the PIN is ascertained.
Two other vulnerabilities are tied to the confidentiality of data stored inside the devices. Ledger was reportedly able to extract all the data stored in flash memory, which could allow the accounts to have their assets stripped. Ledger explains, “In our view, this vulnerability cannot be patched, it can only be circumvented by overhauling the design of the Trezor One/Trezor T, and replacing one of its core components to incorporate a Secure Element chip, as opposed to the general purpose chip currently used. This vulnerability cannot be patched – for this reason, we have elected not to disclose its technical details. It could also be mitigated by users adding a strong passphrase to their device.”
Ledger reports that there are a total of three critical vulnerabilities, of which Trezor has reportedly only patched one. Trezor has yet to formally respond to the report, but has previously asserted that most vulnerabilities were a non-issue, since the wallet would have to be stolen for it to be hacked. That’s not exactly a response that instills a great deal of confidence.
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.