Security Researchers Reveal Wallet Vulnerabilities On Stage at 35C3


        Security Researchers Reveal Wallet Vulnerabilities on Stage at 35C3
Security Researchers Reveal Wallet Vulnerabilities on Stage at 35C3

In a demonstration titled “Wallet.fail,” a team of security researchers hacked into the Trezor One, Ledger Blue and Ledger Nano S. Unfortunately, it appears as if their findings were first put on display at the 35th Chaos Communication Congress (35C3) in Leipzig, Germany, rather than through accepted Responsible Disclosure practices, which would have allowed the manufacturers to patch the vulnerabilities and protect their customers from any potential attack. Fortunately, the vulnerabilities appear to be very difficult for attackers to actually exploit.

The team of experts included security researchers Dmitry Nedospasov, Josh Datko and systems engineer Thomas Roth. Among the vulnerabilities revealed in the presentation were several that could have been fixed with a firmware upgrade on the hardware wallets in question.

SatoshiLabs, the manufacturers of Trezor wallets, through its Chief Technology Officer Pavol Rusnak, insisted that the company had not been notified about the vulnerabilities demonstrated at the event, going on to add that there's a "Responsible Disclosure program" that the researchers could have followed to give them a heads-up about the loopholes.

"With regards to #35c3 findings about @Trezor: we were not informed via our Responsible Disclosure program beforehand, so we learned about them from the stage. We need to take some time to fix these, and we'll be addressing them via a firmware update at the end of January."

Ledger took the same exception, claiming in a blog post to have been sidelined by the researchers, who could have notified them through a disclosure, which they claim would have given the firm the time needed "for the vulnerability to be patched as well as to mitigate risks for users."

The Vulnerabilities

As for the vulnerabilities themselves, it appears that they cannot (yet) be exploited remotely; most of them require that the intruder have physical access to the devices in question — and sometimes access to the owner’s computer as well.

At the presentation, the security experts claimed to have flashed a Trezor One hardware wallet, which allowed them to extract the mnemonic seed (and PIN) from the RAM, going on to add that the vulnerability can only be exploited against users who don't set a passphrase.

The team also claimed to have installed their firmware on the Ledger Nano S, allowing them to manipulate the wallet by signing transactions remotely. To do this, the intruder would have to physically access the Nano S and hack into the victim's PC, where malware is installed to steal the PIN once the victim loads Ledger's Bitcoin app.

Ledger claims that since this scenario requires an intruder to have physical access to the device, access to the victim's computer and the patience to wait for the victim to put in his PIN and launch the Bitcoin app on the PC, this type of attack is unlikely to pose much of a practical threat.

The security researchers also demonstrated a proof-of-concept, side-channel attack on Ledger's most expensive hardware wallet, the Ledger Blue. According to the team, Ledger Blue leaks signals sent to its touchscreen as radio waves, making them vulnerable. This is due to the animation of the PIN keyboard. The researchers claim the signal could get stronger when a USB cable is attached to the device, allowing them to sniff the PIN of the Ledger Blue remotely.


Coinbase Bought Neutrino Because Its Old Analysis Providers Sold User Data

Coinbase’s Director of Institutional Sales, Christine Sandler, said in an interview last week that, in part, the exchange acquired controversial software firm Neutrino because its prior blockchain analysis providers were selling customer data.

Colin Harper

Grim Stories of Ethical, Privacy Abuses Emerge About Coinbase’s New Partners

Among other issues, Reporters Without Borders labeled Hacking Team (the team behind Neutrino) as one of five “Enemies of the Internet” in 2013 for its role in humanitarian abuses against journalists.

Colin Harper

Cryptopia Calculates That 9.4 Percent of Assets Stolen in January Hack

The New Zealand-based crypto asset exchange Cryptopia has made their assessment of a January hack, claiming that up to 9.4 percent of all their assets were stolen.

Landon Manning

“Clear and Robust Strategy” Nets 0.023% Recovery of Bitfinex’s Hacked Funds (So Far)

Bitfinex said that U.S. federal law enforcement informed them in November of last year that it had obtained access to some of the cryptocurrency funds stolen when the exchange was hacked.

Jimmy Aki