$0 USD

OCTOBER 2019

GLOBAL

TREZOR

DESCRIPTION OF EVENTS

"Trezor is known for not taking criticism lying down. After the Ledger Donjon’s disclosure in March 2019 of several vulnerabilities in the Trezor models, Trezor responded with a strong-worded response, countering with arguments like the “$5 wrench attack” fallacy, stating that it didn’t matter how secure your device was, it only mattered how well you protected your private key and seed passphrase against intruders."

 

"Trezor doesn’t use a Secure Element and therefore their devices are vulnerable to physical hacking attacks where the device is opened and then tampered with.

 

According to a report by Kaspersky Labs, Trezor only uses a single STM32 chip, a general-purpose microcontroller based on ARM architecture, where they store the private key in its non-volatile flash memory."

 

"In short, here’s how the security firm did it:

 

They used the equipment to build a “glitching device” to extract the hardware wallet’s encrypted seed by attacking the STM32 microchip. They then used brute force to crack the encrypted seed (protected by a 1-9 digit PIN) within a few minutes to gain access to the device."

 

"This attack relies on voltage glitching to extract an encrypted seed. This initial research required some know-how and several hundred dollars of equipment, but we estimate that we (or criminals) could mass produce a consumer-friendly glitching device that could be sold for about $75."

 

"Kraken Security Labs say the weakness is in the microcontroller of the Trezor wallets, therefore it will require a complete overhaul of the cold storage device’s design. Trezor is aware of this weakness but hasn’t made any changes yet."

 

"This time, Trezor acknowledged the security attack and the importance of ethical hacking by third parties to help improve the overall security of the crypto industry."

 

"Kraken suggested in the meantime, Trezor users activate their BIP39 passphrase with a Trezor client in order to protect the wallet, as it’s not stored on the actual hardware wallet."

Trezor doesn't use a Secure Element, leaving their devices susceptible to physical hacking attacks involving opening and tampering. Kaspersky Labs reported that Trezor uses a single STM32 chip, storing the private key in its non-volatile flash memory. Kraken Security Labs demonstrated how they exploited this vulnerability using a "glitching device" to extract an encrypted seed, then used brute force to crack the seed's PIN. They estimated that a consumer-friendly glitching device could be mass-produced for $75. Trezor acknowledged the attack and the significance of ethical hacking, suggesting users activate the BIP39 passphrase for protection until a hardware redesign is implemented.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.