Trezor Crypto Wallet Devices Have Several Vulnerabilities, Discovered By Competitor Ledger Wallet
Trezor Devices Have Several Vulnerabilities, Discovered By Competing Wallets Manufacturer
The Ledger company manufactures hardware wallets for the cryptocurrency industry, but they have recently published a report regarding security. The report starts off by pointing out their priorities in security, and how other companies may not provide the same opportunity. The Attack Lab, located in Ledger’s Paris-based headquarters, decided to evaluate the security vulnerabilities of both Ledger and their competitors recently. This investigation led the lab to find multiple vulnerabilities in Trezor’s devices.
An earlier investigation four months ago was revealed to Trezor at that time, describing the five vulnerabilities they found by hacking themselves and other companies. Trezor was given plenty of time to work on the vulnerabilities, which impacted the Trezor One and Trezor T hardware wallets, along with clones of the wallets. Now that the disclosure period has passed for Trezor to make changes, Ledger decided to make these vulnerabilities known to the public.
There were several findings, starting with the fact that the hardware wallets are easy to replicate to create a fake version of the device, and that it could be tampered with before a sale. With this lack of protection of authenticity, a hacker could pre-seed the wallet, install malware to send crypto elsewhere, install other flaws to gain access, and backdoor it with seed extraction software.
The next issue that Ledger discussed was the secure PIN protection, which is supposed to give the user 15 tries before locking down and should be entirely tampered resistant. However, Ledger found that a Side Channel Attack would easily decipher the PIN, which means the attacker would have full access to the wallet and the funds inside, were it to be lost or stolen. However, this vulnerability has already been addressed by Trezor with a firmware update.
The third and fourth vulnerabilities are in the confidentiality of the data that is held by both wallets. In Ledger’s discovery process, the extraction of all data inside the wallets was possible with physical access. Ledger believes that there is no way to really patch this issue, and the infiltration of the wallets could only be prevented by redesigning the physical structure of both Trezor One and Trezor T.
Within the fifth and final vulnerability, Ledger examined the Trezor One crypto library implementation. The library does not have any protection from Hardware Attacks, except in the event of Scalar Multiplication function. This function is what allows a critical operation to run and is linked with secret keys. However, anyone with physical access could still get the secret key, if it is used by the Scalar Multiplication. Though this issue could realistically be patched, it does not really have an effect on the security model, because the device’s PIN needs to already be known.
Based on these findings, Ledger provided the following table as a status update on these vulnerabilities.
Trezor, a direct competitor of Ledger, has yet to comment on these findings so far. However, users can watch CSO Charles Guillemet of Ledger present these vulnerabilities by watching the video at this link: https://youtu.be/c0iEg42aAhk.