Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Hardware Wallets. Show all posts

Trezor Wallet: Not So Hack-Safe After All!









The hackers have found another way to penetrate the safety walls of the seemingly “quite safe” Trezor Wallet.


One of the inquisitive crypto-mining fans took to twitter, to shout out that the device which goes by the name of Trezor wallet has a vulnerability which lays bare  "un-password-protected" users.


This is not the first time such an attack has been possible on devices of the aforementioned kind and the researchers deem it as inevitable, given the poor fabrication of the devices.


At the Chaos Communication Congress, the theme was solidly elucidated and discussed upon, by specialists who talked about the hack-ability of crypt0-wallets.


The Congress spread across the different kinds of vulnerabilities, hardware, software and firmware could be affected by.


The gathered specialists expounded about recurring and systematic problems in wallets.


The team also worked upon creating a library of malicious attacks related with harvesting of funds from the hardware wallet.


The vulnerabilities these wallets possess, the ways to move around them and the available courses of action were discussed at the congress at length.


The team demonstrated how breaking the boot-loader protection and breaking web interfaces which are used to communicate with the wallets, is done.


Some physical attacks such as “Glitching”(an attempt at bypassing security of the micro-controllers of the wallet) were also a part of the CCC team’s drill.


The vulnerabilities uncovered by the team, have detailed implications which could only be solved via a firmware update or even a new hardware revision.


There is hope as to companies deliberating on the severity of the situation and that they will put forth some improvements.


With an extreme rise in the trend if hardware wallets, there has also been an extreme rise in the users, given these devices hoard a consequent number of crypto-currency.


There exist crypto-traders who work essentially and daily over and on these famous wallets.


Thousands and Millions of dollars’ worth crypto-currency is stored within the “walls” of these hardware wallets, rendering the reason behind all these attacks on them, apparent.


As to what the recently found attack did? It majorly concerned and focused upon breaking the interfaces that aid the communication with the wallet.

  
The Trezor wallet was attached to various devices which included a socket with an FPGA. Then supposedly a code was run to give the hackers access to the seed and pin.
But the hack would only go through if the wallet wasn’t password protected.


The engineer who is in charge of Trezor, Pavol Rusnak, took to twitter to let the public know that they weren’t previously privy to the situation.


But, now that they are, by the end of January a new firmware update will see its way through to the wallet.


He also cited that the issue is currently being investigated and that it soon is expected to be patched.