Hardware Hacking: How To Secure Your Trezor Wallet With Passphrase

Hardware Hacking: How To Secure Your Trezor Wallet With Passphrase

A group called wallet.fail gave a presentation on how to hack cryptocurrency hardware wallets at the 35th Chaos Communication Congress. While all attack vectors required physical access, worryingly, the groupdemonstratedscraping the seed and PIN from Trezor RAM. So is there any way to truly protect your lovely bitcoin?


Lines Of Attack

The group found ways of hacking hardware wallets via four different methods; supply chain attack, firmware vulnerability, side-chain attack, and chip-level vulnerability. All techniques required access to the actual device, so if your wallet has never left your possessionthen you could still be at risk from a supply chain attack.

Holographic security stickers apparently mean nothing, as they are easy to remove and replicate.But lets assume your device is tamper-free.


Still Not Safe

The Ledger Blue outputs a slight RF signal when entering the PIN. Connect a USB cable and you have an antenna to transmit this across the room. You then become vulnerable to the $5 Wrench Attack.


Even worse news for Trezor users. An attacker getting hold of the device (e.g. with a $5 wrench) can scrape your seed and PIN from RAM, unless you activated passphrase protection.


Trezor Passphrase Protection

(Disclaimer: Trezor recommendsusing the passphrase for advanced users only)
If you forget the passphrase, the funds protected by it are lost forever.)

Each passphrase creates a new unique wallet, acting as a 25th seed word. It can be any sequence of up to 50 ASCII characters which means both numbers and letters can be used.

You must manually enable passphrase in the Advanced settings of the Trezor Wallet browser interface after each recovery process.To access the original wallet (without passphrase protection), leave the passphrase space empty.

By keeping a spoof wallet with negligible funds, you can even protect against $5 wrenches. Dont be tempted to disable PIN protection too though, as a passphrase could be susceptible to a keylogger attack. Doh!

A full description of how to enable Passphrase Encryption is explained in this YoutTube video.


Do you use a passphrase? What other security best-practices do you recommend? Share below!

Images courtesy ofRandall Munroe xkcd.com. Used under the terms of the Creative Commons Attribution license, Shutterstock

The post Hardware Hacking: How To Secure Your Trezor Wallet With Passphrase appeared first on Bitcoinist.com.

28.12.2018 / 15:15 45
These Developers Claim They Can Crack Any Hardware Wallet These Developers Claim They Can Crack
On Dec. 27 at the 35th Annual Chaos Communication Congress (35C3) event, three individuals from a startup called Wallet Fail allegedly hacked the
Trezor Model T Now Supports 10 More Cryptos Including Monero, Ripple Trezor Model T Now Supports 10 More
Popular cryptocurrency hardware wallet Trezor has introduced two firmware updates on both of its models Trezor Model T and Trezor One. The move comes
Which Cryptocurrency Hardware Wallet is Best for You? Which Cryptocurrency Hardware Wallet is
The number of hardware wallets has proliferated with the number of cryptocurrencies in recent years. Today, consumers enjoy an unprecedented choice
Binance User Loses 2 BTC After Hacker Steals Password, How to Prevent Theft Binance User Loses 2 BTC After Hacker
Amidst the brutal market conditions, a Reddit user, BeanThe5th, has somehow managed to get in more trouble than the market is currently in,
British Teenager Exposes Vulnerability in Ledgers Nano S Cryptocurrency Wallet British Teenager Exposes Vulnerability
According to his blog, British teenager Saleem Rashid has written code that gives him back door access to the Ledger Nano S, a $100 cryptocurrency
15-Year-Old Security Researcher Shares Ledger Wallet Exploit 15-Year-Old Security Researcher Shares
Hardware wallet manufacturer Ledger has published a firmware update to remedy several security flaws. The exploits were independently found by a trio
Comments (0)
Add a comment
Comment on