--d : --h : --m : --s
Get tickets

Security Researchers Reveal Wallet Vulnerabilities On Stage at 35C3


        Security Researchers Reveal Wallet Vulnerabilities on Stage at 35C3
Security Researchers Reveal Wallet Vulnerabilities on Stage at 35C3

In a demonstration titled “Wallet.fail,” a team of security researchers hacked into the Trezor One, Ledger Blue and Ledger Nano S. Unfortunately, it appears as if their findings were first put on display at the 35th Chaos Communication Congress (35C3) in Leipzig, Germany, rather than through accepted Responsible Disclosure practices, which would have allowed the manufacturers to patch the vulnerabilities and protect their customers from any potential attack. Fortunately, the vulnerabilities appear to be very difficult for attackers to actually exploit.

The team of experts included security researchers Dmitry Nedospasov, Josh Datko and systems engineer Thomas Roth. Among the vulnerabilities revealed in the presentation were several that could have been fixed with a firmware upgrade on the hardware wallets in question.

SatoshiLabs, the manufacturers of Trezor wallets, through its Chief Technology Officer Pavol Rusnak, insisted that the company had not been notified about the vulnerabilities demonstrated at the event, going on to add that there's a "Responsible Disclosure program" that the researchers could have followed to give them a heads-up about the loopholes.

"With regards to #35c3 findings about @Trezor: we were not informed via our Responsible Disclosure program beforehand, so we learned about them from the stage. We need to take some time to fix these, and we'll be addressing them via a firmware update at the end of January."

Ledger took the same exception, claiming in a blog post to have been sidelined by the researchers, who could have notified them through a disclosure, which they claim would have given the firm the time needed "for the vulnerability to be patched as well as to mitigate risks for users."

The Vulnerabilities

As for the vulnerabilities themselves, it appears that they cannot (yet) be exploited remotely; most of them require that the intruder have physical access to the devices in question — and sometimes access to the owner’s computer as well.

At the presentation, the security experts claimed to have flashed a Trezor One hardware wallet, which allowed them to extract the mnemonic seed (and PIN) from the RAM, going on to add that the vulnerability can only be exploited against users who don't set a passphrase.

The team also claimed to have installed their firmware on the Ledger Nano S, allowing them to manipulate the wallet by signing transactions remotely. To do this, the intruder would have to physically access the Nano S and hack into the victim's PC, where malware is installed to steal the PIN once the victim loads Ledger's Bitcoin app.

Ledger claims that since this scenario requires an intruder to have physical access to the device, access to the victim's computer and the patience to wait for the victim to put in his PIN and launch the Bitcoin app on the PC, this type of attack is unlikely to pose much of a practical threat.

The security researchers also demonstrated a proof-of-concept, side-channel attack on Ledger's most expensive hardware wallet, the Ledger Blue. According to the team, Ledger Blue leaks signals sent to its touchscreen as radio waves, making them vulnerable. This is due to the animation of the PIN keyboard. The researchers claim the signal could get stronger when a USB cable is attached to the device, allowing them to sniff the PIN of the Ledger Blue remotely.


Binance Hacked for $40M, CEO Backpedals on Recoup Via Block Reorganization

Chinese crypto exchange Binance suffered a major hack on Tuesday, which the company’s CEO responded to by proposing a rollback of the Bitcoin blockchain to rectify — a suggestion that riled up the community.

Landon Manning

Crypto Hacks Are on Track to Eclipse $1 Billion in Lost Funds This Year

Crypto security and intelligence firm CipherTrace has published its Q1 2019 Cryptocurrency Anti-Money Laundering Report, revealing that exchange platforms all over the world have lost nearly $400 million as a result of hacks and thefts.

Jimmy Aki

Percentage of CoinJoin Bitcoin Transactions Triples Over Past Year

According to a study released by Longhash, the relative usage of CoinJoin out of all bitcoin transactions has tripled in one year, currently sitting at 4.09 percent.

Landon Manning

New Cryptojacking Campaign Infects Asia Using More Profitable Tactics

According to a report by cybersecurity analytics firm Symantec, cryptojacking incidents have plummeted but the method of delivery, the execution and the targeting schemes have grown more sophisticated.

Colin Harper