ShapeShift Addresses Recent Vulnerability on KeepKey Wallet
ShapeShift, a crypto hardware wallet company has recently talked about the vulnerabilities that were found on its KeepKey wallets. According to the company, someone recently submitted a report that a vulnerability was found in the system.
This issue could be used to read the screen of the wallet and to do a side-channel attack. Basically, people could use it in order to discover sensitive information by looking at the screen remotely.
However, in order to be able to use this vulnerability, the hacker would need to engage in a very complex process. For instance, in order to see the information on the screen, the energy consumption of the victim’s device would need to be monitored with an oscillometer.
This would require considerable physical access, so there are ways that are much more easy to get information. What does this mean? The vulnerability does exist, but it is highly impractical.
It would be simply easier to use other strategies such as simply looking at the screen, as you have to be in near physical space to exploit this vulnerability.
According to ShapeShift, it would be highly difficult to successfully interpret the data even in the case that the device was actually hacked via this complicated process. Because of this, the company claimed that it was unlikely that people would use this method to steal money or information.
Also, many recovery phrases are shown at the same time on the screen, so it is hard to tell which words are the right ones using this new method.