Live Demostration (1 hour)
"At the 35th Chaos Communication Congress we will take a look at how to break the most popular cryptocurrency hardware wallets. We will uncover architectural, physical, hardware, software and firmware vulnerabilities we found including issues that could allow a malicious attacker to gain access to the funds of the wallet. The attacks that we perform against the hardware wallets range from breaking the proprietary bootloader protection, to breaking the web interfaces used to interact with wallets, up to physical attacks including glitching to bypass the security implemented in the microcontrollers of the wallet. Our broad look into several wallets demonstrates systemic and recurring issues. At the end, we provide some insight into what needs to change to build more resilient hardware wallets."
If someone has physical access to your Trezor, it is possible to extract the seed words from the device and ultimately get the private keys to your wallets.
By exploiting the STM32 chip on the Trezor-1, they were able to dump the ram to get the seed words via privilege escalation. At this time, the Trezor Model T is not vulnerable to this attack but likely would be if targetted.
Trezor is working on a fix but in the meantime, the only way to protect your Trezor is to use the passphrase functionality. When initializing your Trezor you select 24 seed words which are encrypted against the pin you select for your device. In this attack, both the seed words and pin can be extracted by brute force. A passphrase allows you to add an additional word or phrase to the encryption process that is not stored on the device.
By using an additional passphrase, you will prevent this type of attack now and in the foreseeable future.
The good news, the attack took 90 days to complete. In that time you could easily move your funds on a backup Trezor, Ledger, or even a software wallet using your seed words.
You will need to re-initialize your device to use passphrase security and you will create new empty wallets. You will need to transfer your funds to this new wallet.
If you are a large holder of crypto, I recommend resetting your hardware wallet to factory condition until a proper solution is found or until you enable passphrase functionality. Use an encrypted solution like a Password Manager Secure Notes functionality to save your seed words in encrypted form. Once a solution is found you can then re-initialize your Trezor.
Ultimately I highly recommend moving towards passphrase functionality, this would prevent most if not all future attacks as all the information required to decrypt your private keys are not stored on the device. This will require you to move all your tokens to the new empty wallets created in the process.
Response from Satoshi Labs (Aka Trezor)
"Per my latest information (I am not present at the conference), we were not informed about this vulnerability via our Responsible Disclosure process, and therefore we are working with the information as it arrives.
We will address this vulnerability as soon as possible, though we will need some time. Until then, you can mitigate it by using a passphrase (make sure to learn how it works first, as in case of passphrase-loss your funds are irrecoverable), or by making sure you do not lose physical access to your device. To exploit the vulnerability, the attacker needs to have physical access to your device — directly to its board."
During the update process, seed and pin are copied from the NVRAM to the RAM, and the NVRAM is erased and reflashed with the new firmware. The motivation was that if the device loses power during the update process, possibly due to attack attempts, RAM would be erased and thus all the sensitive information. It also prevents unsigned/custom firmware from accessing the sensitive data, as upon a failed signature check the data would be erased from RAM as well. Only with a genuine fw update, the data would be copied back to NVRAM from RAM.
Unfortunately, the vulnerability published today unveils an attack vector to steal data from the RAM, exactly during the update process."
Why you should vote me as witness
Witness
Active, Present, Passionate
My recent popular posts
STEEM, STEEM Power, Vests, and Steem Dollars. wtf is this shit?
The truth and lies about 25% curation, why what you know is FAKE NEWS
WTF is a hardware wallet, and why should you have one?
GINABOT - The Secret to your Sanity on Steemit
How to calculate post rewards
Use SSH all the time? Time for a big boy SSH Client
How to change your recovery account
How curation rewards work and how to be a kick ass curator
Markdown 101 - How to make kick ass posts on Steemit
Work ON your business, not in your business! - How to succeed as a small business
You are not entitled to an audience, you need to earn it!
How to properly setup SSH Key Authentication - If you are logging into your server with root, you are doing it wrong!
Building a Portable Game Console
for every obstacle, there is a solution ... unfortunately
but every solution there is an obstacle.
Killing Ponzi & Scammers on Steemit @gapantiponzi
Maybe similar exploit on ledger dongles??
img credz: pixabay.com
Nice, you got an awesome upgoat, thanks to @ipromote
BuildTeam wishes everyone a great Christmas and bullish Holidays
Want a boost? Minnowbooster's got your back!
:O
@themarkymark
Slightly irritating to read, but good thing the problem is being addressed...
Cheers!
/FF
Hi @themarkymark!
Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your UA account score is currently 8.048 which ranks you at #27 across all Steem accounts.
Your rank has dropped 1 places in the last three days (old rank 26).
In our last Algorithmic Curation Round, consisting of 200 contributions, your post is ranked at #1. Congratulations!
Evaluation of your UA score:
Feel free to join our @steem-ua Discord server