Tech 12 March 2019Erik Gibbs
2 Trezor wallets have serious vulnerability issues
Earlier this year, security specialists uncovered vulnerabilities in several hardware cryptocurrency wallets, including two Ledger models and one Trezor model. Now, Ledger has stepped up, stating that it has found additionally flaws in Trezor devices and has published its findings on its website.
Through its Attack Lab at the company’s headquarters in Paris, France, Ledger states that it has found five vulnerabilities in the Trezor products that it was willing to disclose, as well as a sixth that, because it cannot be patched, was not published. It adds that it informed Trezor of the issues four months ago, giving them ample time to address them. However, the company never responded to Ledger’s warnings.
Ledger explains, “The analysis encompassed both of Trezor’s hardware wallets (Trezor One, Trezor T), focusing on the Trezor One. It also applies to clones of Trezor wallets. We responsibly disclosed these vulnerabilities to the vendor, allowing them to take appropriate measures for protecting their users. Now that the responsible disclosure period, including the two extensions, has expired, we wanted to share details … in the spirit of full awareness and transparency.”
The Attack Lab was able to show that Trezor devices can easily be imitated. It was able to make exact replicas of the hardware wallets, including the “same hardware architecture” and the “same look and feel.” It was even able to re-seal the tamper-proof sticker that is designed to prevent unauthorized access to the devices.
Ledger also states that the PIN associated with a device can be broken using a Side Channel Attack (SCA). This type of attack includes the use of a random PIN and measuring the power consumption of the wallet when the random PIN is compared to the actual PIN. The measurement can allow a hacker to gain access with only a few tries and Ledger indicates that it was able to enter the device in less than five tries. The company acknowledges that Trezor has already fixed this vulnerability through firmware update 1.8.0.
Another SCA is possible when the device is physically controlled by someone other than the asset holder. The secret key can be extracted through an SCA when the key is used by Scalar Multiplication. Scalar Multiplication, a primary routine in the cryptographic controls for cryptocurrencies that is associated with signing transactions, was compromised by Ledger using nothing more than an oscilloscope and a few measurements, allowing the Attack Lab to extract the key. However, the vulnerability is only possible if the PIN is ascertained.
Two other vulnerabilities are tied to the confidentiality of data stored inside the devices. Ledger was reportedly able to extract all the data stored in flash memory, which could allow the accounts to have their assets stripped. Ledger explains, “In our view, this vulnerability cannot be patched, it can only be circumvented by overhauling the design of the Trezor One/Trezor T, and replacing one of its core components to incorporate a Secure Element chip, as opposed to the general purpose chip currently used. This vulnerability cannot be patched – for this reason, we have elected not to disclose its technical details. It could also be mitigated by users adding a strong passphrase to their device.”
Ledger reports that there are a total of three critical vulnerabilities, of which Trezor has reportedly only patched one. Trezor has yet to formally respond to the report, but has previously asserted that most vulnerabilities were a non-issue, since the wallet would have to be stolen for it to be hacked. That’s not exactly a response that instills a great deal of confidence.
Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.
Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.
Tech 22 March 2019
Blockchain analyst CipherBlade criticizes WSJ journalism, or lack thereof
CipherBlade, a blockchain investigation firm, has concluded that the Wall Street Journal (WSJ) has overstated its previous claims about the cryptocurrency exchange ShapeShift.
Tech 22 March 2019
Unwriter announces Bottle, a Bitcoin browser
Looking to find a way out of the world wide web, Unwriter has released Bottle, a new browser exclusively for the Bitcoin SV network.
Tech 22 March 2019
Money Button CEO: How to upload large files to Bitcoin SV blockchain
OP_Return has a 100KB upload limit, but Ryan X Charles will show you how you can upload much larger files with a new tool from Money Button.