In a demonstration titled “Wallet.fail,” a team of security researchers hacked into the Trezor One, Ledger Blue and Ledger Nano S. Unfortunately, it appears as if their findings were first put on display at the 35th Chaos Communication Congress (35C3) in Leipzig, Germany, rather than through accepted Responsible Disclosure practices, which would have allowed the manufacturers to patch the vulnerabilities and protect their customers from any potential attack. Fortunately, the vulnerabilities appear to be very difficult for attackers to actually exploit.
The team of experts included security researchers Dmitry Nedospasov, Josh Datko and systems engineer Thomas Roth. Among the vulnerabilities revealed in the presentation were several that could have been fixed with a firmware upgrade on the hardware wallets in question.
SatoshiLabs, the manufacturers of Trezor wallets, through its Chief Technology Officer Pavol Rusnak, insisted that the company had not been notified about the vulnerabilities demonstrated at the event, going on to add that there's a "Responsible Disclosure program" that the researchers could have followed to give them a heads-up about the loopholes.
"With regards to #35c3 findings about @Trezor: we were not informed via our Responsible Disclosure program beforehand, so we learned about them from the stage. We need to take some time to fix these, and we'll be addressing them via a firmware update at the end of January."
Ledger took the same exception, claiming in a blog post to have been sidelined by the researchers, who could have notified them through a disclosure, which they claim would have given the firm the time needed "for the vulnerability to be patched as well as to mitigate risks for users."
As for the vulnerabilities themselves, it appears that they cannot (yet) be exploited remotely; most of them require that the intruder have physical access to the devices in question — and sometimes access to the owner’s computer as well.
At the presentation, the security experts claimed to have flashed a Trezor One hardware wallet, which allowed them to extract the mnemonic seed (and PIN) from the RAM, going on to add that the vulnerability can only be exploited against users who don't set a passphrase.
The team also claimed to have installed their firmware on the Ledger Nano S, allowing them to manipulate the wallet by signing transactions remotely. To do this, the intruder would have to physically access the Nano S and hack into the victim's PC, where malware is installed to steal the PIN once the victim loads Ledger's Bitcoin app.
Ledger claims that since this scenario requires an intruder to have physical access to the device, access to the victim's computer and the patience to wait for the victim to put in his PIN and launch the Bitcoin app on the PC, this type of attack is unlikely to pose much of a practical threat.
The security researchers also demonstrated a proof-of-concept, side-channel attack on Ledger's most expensive hardware wallet, the Ledger Blue. According to the team, Ledger Blue leaks signals sent to its touchscreen as radio waves, making them vulnerable. This is due to the animation of the PIN keyboard. The researchers claim the signal could get stronger when a USB cable is attached to the device, allowing them to sniff the PIN of the Ledger Blue remotely.