Tech 3 January 2019Erik Gibbs
Vulnerabilities found in crypto hardware wallets
A group of security specialists have discovered that several popular cryptocurrency hardware wallets are vulnerable to compromise. The wallets have inherent weaknesses that could allow them to be attacked. The specialists have published their findings, but the manufacturers insist that there are no issues with the wallets.
The vulnerabilities, which could allow side-channel, supply-chain, microcontroller or firmware attacks, were identified by three researchers— Thomas Roth, Josh Datko and Dmitry Nedospasov. The researchers have designated the weaknesses as “wallet.fail” and assert that they are found in a number of hardware wallets, including the Trezor One, the Ledger Blue and the Ledger Nano S.
The trio demonstrated a proof of concept attack at the 35c3 conference held last month in Leipzig, Germany. They showed that the attacks can target firmware, software or hardware, as well as physical and architectural design flaws. According to the researchers, some vulnerabilities can only be countered by changing hardware or microcontrollers.
By installing a hardware implant that was combined with spyware into a device, the researchers will able to steal the PIN of the wallets. They were also able to load custom firmware, allowing them to create malicious transactions to send digital assets and to display fake transactions. Additionally, the researchers were able to steal PINs by intercepting radio signals and then flashing a separate device with special firmware that allowed them to gain access to the wallet’s private keys.
As is to be expected, the manufacturers have scoffed at the testing procedures used by the researchers, asserting that they weren’t very scientific. For its part, Ledger stated, “They did not succeed to extract any seed nor PIN on a stolen device. Every sensitive assets stored on the Secure Element remain secure. Don’t worry, your crypto assets are still secure on your Ledger device.”
Whether or not the testing was scientific, any possibility of a wallet being compromised should be seen as a threat and needs to be addressed appropriately. As with any device used to protect financial resources, hardware and software crypto wallets need to be tightly secured and users must ensure that they take all possible precautions to ensure that the wallets cannot fall into the wrong hands.
Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.
Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.
Tech 24 May 2019
Google Play warns customers of fake cryptocurrency apps
Google has caught two apps that were pretending to be popular crypto wallets, one of which was trying to steal user funds.
Tech 24 May 2019
Rabobank opts to close cryptocurrency account plans
Rabobank have decided not to offer crypto wallets, citing regulatory uncertainty and skepticism from their customers.
Tech 24 May 2019
Proxicoin to allow anyone to become a movie producer
A big investment in Proxicoin promises that it will offer new investment opportunities to film, TV and music fans.