35C3 Refreshing Memories Researchers Show Trezor One And Ledger Nano S Crypto Wallet Vulnerabilities
After Research Team Demonstrates The Vulnerabilities Of Hard Wallets, Trezor Promises Firmware Updates
Back when hardware wallets started to be sold, everybody thought that they were the future in terms of security. This was not a lie but it turns out that, like any other piece of technology, they also had their own set of vulnerabilities that could be easily explored by bad actors.
For instance, researchers have recently shown how to hack Trezor One, Ledger Nano S and Ledger Blue wallets. This was shown during a hacking event called the 35C3 Refreshing Memories. The team, which called themselves Wallet.fail, was made up of three people: Dmity Nedospasov (security researcher and hardware designer), Josh Datko (security researcher) and Thomas Roth (software developer).
Basically, the developers were able to extract the private keys of the devices after using a custom firmware. They pointed out that the breach can only be used if the user did not set a passphrase, though, so people who are really careful would not be affected by the issue.
The CTO of SatoshiLabs, Pavol Rusnak, complained that the trio did not notify the company before the conference. SatoshiLabs is responsible for the Trezor wallet and has promised a firmware update for the end of January that will address all the vulnerabilities of the system.
The Ledger Nano S hardware wallet was also hacked by the group. According to them, they could install the Snake game on the device and even confirm transactions while showing a different one in the device.
Ledger Blue was the last product that was breached by the group. This is the most expensive piece of hardware created by Ledger and it should be the safest one but it was also breached, anyway. When the trio used a USB device to hack the device, some “leaked” signals were strong and could be intercepted.
This happened because the company uses an unusually long trace to send signals to the motherboard and some of these signals end up leaking to the outside.
The trio ended up by taking a jab at BitFi, the “unhackable” crypto wallet promoted by John McAfee. The team said that they only wanted to talk about the wallets are that were at least somewhat secure and that they did not wanted to use a Chinese phone at the talk.
Some people claim to have hacked a BitFi wallet, but none of the claims was verified until now, so this one remains to be cracked yet.