Unciphered Highlights Vulnerability In Trezor T Hardware Wallet
Cybersecurity firm Unciphered has claimed that it managed to hack the hugely popular Trezor T hardware wallet manufactured by Satoshi Labs. The Trezor T hardware wallet is one of the most popular wallets in the market today. A Potential Hardware Vulnerability? Unciphered showcased the hack in a YouTube demonstration, claiming it could extract the hardware
Cybersecurity firm Unciphered has claimed that it managed to hack the hugely popular Trezor T hardware wallet manufactured by Satoshi Labs.
The Trezor T hardware wallet is one of the most popular wallets in the market today.
A Potential Hardware Vulnerability?
Unciphered showcased the hack in a YouTube demonstration, claiming it could extract the hardware wallet’s mnemonic seed phrase by exploiting a hardware vulnerability. In the video, Unciphered is able to dismantle the hardware before extracting the seed phrase or private key. However, the hack requires the physical possession of the wallet, along with specialized equipment. Furthermore, the cybersecurity firm also claimed that there is no way to fix the vulnerability that facilitates the hack without initiating a complete recall of all Trezor T wallets.
In the video, the team at Unciphered claimed they developed an “in-house exploit” that enabled them to extract the wallet’s firmware. Co-founder of Unciphered, Eric Michaud, stated that by leveraging specialized GPU chips, the team was able to crack the Trezor T hardware wallet’s pin seed phrase. Michaud explains in the video,
“We uploaded the firmware we extracted onto our high-performance computing cracking clusters. We have about 10 GPUs, and after some time, we extracted the keys.”
Hardware wallets are used to store private keys offline in an air-gapped environment. Because these wallets keep the private keys offline, they are generally considered highly secure. However, Unciphered has stated that the hardware security mechanisms put in place in the Trezor T wallet could theoretically be bypassed if any hacker or malicious individual gained possession of a Trezor T wallet.
An Old Vulnerability?
Unciphered’s demonstration of the vulnerability in Trezor T hardware wallets resulted in speculation that it had rediscovered an old vulnerability known for years. However, Unciphered denied this, stating that the old vulnerability in question had been patched in 2019. According to the firm, the vulnerability and the method to exploit it were developed in-house.
This is not the first time Unciphered has successfully retrieved seed phrases from a hardware wallet. In February, the cybersecurity company demonstrated a similar hack of a popular hardware wallet, OneKey. In the video related to OneKey, Unciphered showed how it exploited the lack of encryption between the hardware wallet’s CPU and the secure element through a field programmable gate array. This was able to intercept all communications between the secure element and the processor.
“The FPGA is a high-speed processor also known as a field programmable gate array, allowing us to iterate through different algorithms, bypass the wallet’s security and extract the mnemonics.”
Trezor responded to Unciphered’s demonstration of the exploit and stated that it had quite a few similarities with the Read Protection Downgrade (RDP) vulnerability. This vulnerability was discovered by researchers from Kraken Security Labs and impacted both Trezor One and Trezor Model T. In short, this implied that Trezor was aware of the vulnerability. Chief technology officer at Trezor, Tomáš Sušánka, stated,
“This appears to be a vulnerability called an RDP downgrade attack, and as communicated on our blog in early 2020, RDP downgrade attacks require the physical theft of a device and extremely sophisticated technological knowledge and advanced equipment. Even with the above, Trezors can be protected by a strong passphrase, which adds another layer of security that renders an RDP downgrade useless.”
The company further added that it had taken steps to resolve the issue and had developed a new secure element for hardware wallets in collaboration with its sister firm, Tropic Square.
Hardware Wallets Not As Safe As They Claim To Be?
With their promise of keeping seed phrases and access codes offline and safe from the prying eyes of hackers, hardware wallets have long been considered the pinnacle of safety when it comes to storing digital assets. Their popularity grew even further with the collapse of major centralized exchanges such as FTX, with investors and users opting for self-custody of their assets.
However, recent events have put a considerable dent in the reputation of hardware wallets. One of the primary events that led to the confidence crisis in hardware wallets was the announcement of Ledger Recover. Ledger’s Recover feature set the cat among the pigeons as it sparked concerns that third parties could gain access to private keys, allowing them access to the crypto held in the wallets. Ledger’s response did little to calm frayed nerves and led to considerable backlash for Ledger. Eventually, Ledger was forced to postpone the feature’s release and open-source the code for transparency.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.