More

    Trezor Hardware Fixes the ‘Critical Flaw' Found by Kraken Security Labs

    • Kraken Security Labs had been able to extract seeds from both Trezor One and Trezor Model T
    • Kraken discloses the vulnerability to Trezor in Oct. 2019 and as the hardware wallet team had found the fix, Kraken made the flaw public

    In shocking news, cryptocurrency exchange Kraken’s Security Labs announced that they were able to find a “critical flaw” in Trezor hardware wallets.

    Kraken Security Labs announced on Friday that they have devised a way to extract seeds from both crypto hardware wallets of Trezor One and Trezor Model T.

    The attack relies on voltage glitching to extract an encrypted seed that required several hundred dollars of equipment but could be mass-produced at $75. This encrypted seed which is protected by a 1-9 digit PIN, was then cracked which is “trivia to brute force.”

    The team reveals that the attack took advantage of inherent flaws within the microcontroller used in Trezor wallets, meaning it is difficult for the Trezor team to do anything about this vulnerability at least without a hardware redesign.

    Fix released by the Trezor team

    A couple of weeks back, Kraken co-founder and CEO Jesse Powell advised that people shouldn’t store their coins on any cryptocurrency exchange even on Kraken, rather they should use Ledger or Trezor.

    And now the Kraken Security Labs has found a vulnerability that means even hardware wallets aren’t safe either.

    But there is a solution. Do not allow anyone physical access to your Trezor wallet or you could permanently lose your crypto.

    Well, Trezor has found the fix and released it because as Kraken states, they “disclosed the full details of this attack to the Trezor team on October 30, 2019.” It continued,

    “We are going public with this vulnerability disclosure now so that the crypto community can protect themselves before a fix is released by the Trezor team.”

    Do hardware wallets remain the best option?

    The user must enable the BIP39 Passphrase with the Trezor Client because it is not stored on the device, this can prevent the attack.

    Passphrase feature is an “exceptionally” secure layer of active protection against physical attacks, said Trezor in its response to the attack.

    It is not stored anywhere on the device and is used only temporarily whenever you enter it. The passphrase is case sensitive and it belongs with recovery seed.

    However, Crypto Twitter was aghast to hear the news but Trezor tried to calm everyone and clarified,

    “Trezor is an open-source hardware wallet: we indeed don't use a secure element to let anyone verify our code, but that is also why the Passphrase feature exists – to fully mitigate the physical attacks, which are a case for 6-9% of people according to our research.”

    While assuage any concerns of having such vulnerability itself, Trezor competitor Ledger stated, “Not to worry: we're not affected by this as we use a Secure Element.”

    Ledger also emphasized that despite this, “Hardware wallets remain the best option for keeping your crypto safe.”

    Get Free Email Updates!

    *Action* Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

    I will never give away, trade or sell your email address. You can unsubscribe at any time.

    AnTy
    AnTy
    AnTy has been involved in the crypto space full-time for over a year now. Before his blockchain beginnings, he worked with the NGO, Doctor Without Borders as a fundraiser and since then exploring, reading, and creating for different industry segments.

    [Alert] Use the author's self-conducted information at your own risk, do you own research, never invest more than you are willing to lose.

    [Disclosure] The published news and content on BitcoinExchangeGuide should never be used or taken as financial investment advice. Understand trading cryptocurrencies is a very high-risk activity which can result in significant losses. Editorial Policy \\ Investment Disclaimer

    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here

    3,284FansLike
    2,759FollowersFollow
    4,130FollowersFollow

    Live Bitcoin Price & Latest BTC Charts

    Today's Latest Crypto News

    Indian State Telangana Govt Launches Blockchain Accelerator With Tech Mahindra

    The IT arm of Mahindra Group and the Telangana government have closed a partnership and aims to launch a blockchain accelerator that will be...

    Ripple Co-Founder' Claims His XRP Sell-Off Doesn't Impact The Market Is ‘Simply Preposterous'

    XRP Whale and former Ripple CTO argues his huge sell offs Not possible to sell off over 2% of the total supply without...

    Ripple (XRP) Price Analysis (February 19)

    Key Highlights The US dollar has now forced the XRP price value into a range trading condition. The XRP/USD price now hovers around $0.30...

    Microsoft Azure Integrates Lition’s Blockchain Tech to Scale Commercial Operations

    Microsoft is one of the fast-moving IT giants in blockchain research for leverage with their existing services. The firm recently integrated Lition blockchain which...

    European Space Agency to Use Blockchain-Powered Satellite Data For Mining Transparency

    Blockchain tech is fast on the track of providing solutions from space despite a skeptical approach towards its major use as per now ‘cryptocurrencies’....

    BitcoinExchangeGuide is a hyper-active daily crypto news portal with care in cultivating the cryptocurrency culture with community contributors who help rewrite the bold future of blockchain finance. Subscribe on Google News, see the mission, authors, editorial links policy, investment disclaimer, privacy policy. Got News? Contact us, we are human too. Note: nothing here is financial advice, do your own research thoroughly.