Ledger Reveals Physical Exploits Against Trezor Hardware Wallets

Ledger Reveals Physical Exploits Against Trezor Hardware Wallets

The battle of the hardware wallets is heating up. At this weekends MIT Bitcoin Expo in Boston, Charles Guillmet, Chief Security Officer of Ledger, presented a number of physical attacks that could be executed against Trezor hardware wallets. He also outlined an attack on their rivals device that Ledger has refrained from making public because it is not patchable.


Ledger CSO Runs a Train on Trezor

Like any self-respecting hardware wallet (HW) manufacturer, Ledger rigorously pen tests its own devices in search of potential vulnerabilities. The French firms Paris hacking lab, known as the Ledger Donjon, doesnt just dissect its own wares: it also thoroughly attacks those of its fiercest rival, Trezor. While identifying and disclosing a competitors vulnerabilities might seem counterintuitive, it yields a brace of benefits, highlighting potential weaknesses in the opposition and emphasizing Ledgers offensive prowess.

Within hours of Ledger CSO Charles Guillmet presenting at MIT Bitcoin Expo 2019, where he described the Trezor One, Trezor T, Keepkey, and B Wallet as completely broken, insisting there was no way to fix their security flaws, his employer published Our Shared Security: Responsibly Disclosing Competitor Vulnerabilities. The article explains how about four months ago we contacted Trezor to share five vulnerabilities our Attack Lab uncovered. As always, we gave Trezor a responsible disclosure period to work on these vulnerabilities, even granting them two extensions.

With the disclosure period having now expired, Ledger proceeds to gleefully reveal what it found upon pen testing its rivals devices.


4 Vulnerabilities Fully Disclosed

In total, Ledger claims to have found four major vulnerabilities in Trezors flagship wallets. The first of these concerns the genuineness of the device. Trezor HWs have previously been shown to be susceptible to cloning, prompting the company to improve its tamper-proof stickers and to provide guidelines on how to detect ersatz devices. Trezors response to this vulnerability was to point out that users will not be exposed to this risk provided they purchase devices directly from the Trezor website.

Fake Trezor on the left, authentic Trezor on the right

The second attack identified involved a weakness in the PIN number used to secure Trezor HWs. Ledger explained: On a found or stolen device, it is possible to guess the value of the PIN using a Side Channel Attack. This entails entering a random PIN and then measuring the power consumption of the device when it compares this code with the actual value of the PIN. This measurement allows an attacker to retrieve the correct value of the PIN within only a few tries (less than 5 in our case), reported Ledger. We found that the PIN does not protect the funds against an attacker with physical access to the device.

The final two vulns involve the confidentiality of the data stored within the devices, primarily the private key and the seed. This exploit, involving the flash memory, was deemed the most serious since it can only be circumvented by overhauling the design of the Trezor One / Trezor T, and replacing one of its core components to incorporate a Secure Element chip, as opposed to the general purpose chip currently used. Ledger continued:

This vulnerability can not be patched for this reason, we have elected not to disclose its technical details. It could also be mitigated by users adding a strong passphrase to their device.

A fifth, less serious, vulnerability was also disclosed. Trezor released firmware security updates last week, which it acknowledged to have been discovered by Charles Guillemet and the Ledger Donjon team. It stressed that exploiting the vulnerabilities required physical access to the device, adding that there is no evidence to suggest any of these vulnerabilities have ever been exploited outside of the lab to extract any data. Last week, Twitter and Square CEO Jack Dorsey revealed that he had purchased a Trezor hardware wallet.


The post Ledger Reveals Physical Exploits Against Trezor Hardware Wallets appeared first on Bitcoin News.

11.03.2019 / 19:40 26
Hardware Bitcoin Wallets Hacked: The Importance Of Responsible Disclosure Hardware Bitcoin Wallets Hacked: The
Following yesterdays article regarding vulnerabilities uncovered in hardware wallets, both Trezor and Ledger have called foul play over
Trezor and Ledger Respond to Claims Security Claims Trezor and Ledger Respond to Claims
TweetShare Three researchers and engineers have published a presentation from the 35th Chaos Communication Congress revealing claimed vulnerabilities
Hardware Hacking: How To Secure Your Trezor Wallet With Passphrase Hardware Hacking: How To Secure Your
A group called wallet.fail gave a presentation on how to hack cryptocurrency hardware wallets at the 35th Chaos Communication Congress. While all
These Developers Claim They Can Crack Any Hardware Wallet These Developers Claim They Can Crack
On Dec. 27 at the 35th Annual Chaos Communication Congress (35C3) event, three individuals from a startup called Wallet Fail allegedly hacked the
Crypto Wallet Maker Ledger Partners with Neufund to Create Security Token Platform Crypto Wallet Maker Ledger Partners
European crypto startups Neufund and Ledger have announced that they will work together to bring ERC20 tokens issued through Neufund to Ledgers
Yes, You Need a Bitcoin Hardware Wallet: Ledger Reveals 1.3 Million Units Sold Yes, You Need a Bitcoin Hardware
Cryptocurrency hardware wallet manufacturer Ledger has sold over 1.3 million units as of this month, the company revealed in a blog post October 10.
Comments (0)
Add a comment
Comment on