Tech 3 January 2019

Erik Gibbs

Vulnerabilities found in crypto hardware wallets

A group of security specialists have discovered that several popular cryptocurrency hardware wallets are vulnerable to compromise. The wallets have inherent weaknesses that could allow them to be attacked. The specialists have published their findings, but the manufacturers insist that there are no issues with the wallets.

The vulnerabilities, which could allow side-channel, supply-chain, microcontroller or firmware attacks, were identified by three researchers— Thomas Roth, Josh Datko and Dmitry Nedospasov. The researchers have designated the weaknesses as “wallet.fail” and assert that they are found in a number of hardware wallets, including the Trezor One, the Ledger Blue and the Ledger Nano S.

The trio demonstrated a proof of concept attack at the 35c3 conference held last month in Leipzig, Germany. They showed that the attacks can target firmware, software or hardware, as well as physical and architectural design flaws. According to the researchers, some vulnerabilities can only be countered by changing hardware or microcontrollers.

By installing a hardware implant that was combined with spyware into a device, the researchers will able to steal the PIN of the wallets. They were also able to load custom firmware, allowing them to create malicious transactions to send digital assets and to display fake transactions. Additionally, the researchers were able to steal PINs by intercepting radio signals and then flashing a separate device with special firmware that allowed them to gain access to the wallet’s private keys.

As is to be expected, the manufacturers have scoffed at the testing procedures used by the researchers, asserting that they weren’t very scientific. For its part, Ledger stated, “They did not succeed to extract any seed nor PIN on a stolen device. Every sensitive assets stored on the Secure Element remain secure. Don’t worry, your crypto assets are still secure on your Ledger device.”

Whether or not the testing was scientific, any possibility of a wallet being compromised should be seen as a threat and needs to be addressed appropriately. As with any device used to protect financial resources, hardware and software crypto wallets need to be tightly secured and users must ensure that they take all possible precautions to ensure that the wallets cannot fall into the wrong hands.

Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.

Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.

COMMENT

latest news

Blockchain analyst CipherBlade criticizes WSJ journalism, or lack thereof

Tech 22 March 2019

Blockchain analyst CipherBlade criticizes WSJ journalism, or lack thereof

CipherBlade, a blockchain investigation firm, has concluded that the Wall Street Journal (WSJ) has overstated its previous claims about the cryptocurrency exchange ShapeShift.

Read More
Unwriter announces Bottle, a Bitcoin browser

Tech 22 March 2019

Unwriter announces Bottle, a Bitcoin browser

Looking to find a way out of the world wide web, Unwriter has released Bottle, a new browser exclusively for the Bitcoin SV network.

Read More
Money Button CEO: How to upload large files to Bitcoin SV blockchain

Tech 22 March 2019

Money Button CEO: How to upload large files to Bitcoin SV blockchain

OP_Return has a 100KB upload limit, but Ryan X Charles will show you how you can upload much larger files with a new tool from Money Button.

Read More