Cybersecurity company Unciphered has argued that it managed to hack the hugely trending Trezor T hardware wallet manufactured by Satoshi Labs.
The Trezor T hardware wallet is one of the most trending wallets in the market today.
A Potential Hardware Vulnerability?
Unciphered showcased the hack in a YouTube demonstration, claiming it can potentially extract the hardware wallet’s mnemonic seed phrase by exploiting a hardware vulnerability. In the video, Unciphered is able to dismantle the hardware before extracting the seed phrase or private key. Nonetheless, the hack requires the physical possession of the wallet, along with specialized equipment. Furthermore, the cybersecurity company likewise argued that there is no way to resolve the vulnerability that eases the hack without initiating a complete recall of all Trezor T wallets.
In the video, the team at Unciphered claimed they developed an “in-house exploit” that enabled them to extract the wallet’s firmware. Co- founder of Unciphered, Eric Michaud, indicated that by leveraging specialized GPU chips, the team was able to crack the Trezor T hardware wallet’s pin seed phrase. Michaud describes in the video,
“We uploaded the firmware we extracted onto our high-performance computing cracking clusters. We have about 10 GPUs, and after some time, we extracted the keys.”
Hardware wallets are used to store private keys offline in an air-gapped environment. Because these wallets keep the private keys offline, they are traditionally considered highly secure. Nonetheless, Unciphered has indicated that the hardware security mechanisms put in place in the Trezor T wallet could theoretically be bypassed if any hacker or malicious individual gained possession of a Trezor T wallet.
An Old Vulnerability?
Unciphered’s demonstration of the vulnerability in Trezor T hardware wallets resulted in speculation that it had rediscovered an old vulnerability known for years. Nonetheless, Unciphered rejected this, stating that the old vulnerability in question had been patched in 2019. Reports by the company, the vulnerability and the method to exploit it were developed in-house.
This is not the 1st time Unciphered has successfully retrieved seed phrases from a hardware wallet. In February, the cybersecurity company demonstrated a similar hack of a trending hardware wallet, OneKey. In the video related to OneKey, Unciphered showed how it exploited the lack of encryption betwixt the hardware wallet’s CPU and the secure element through a field programmable gate array. This was able to intercept all communications betwixt the secure element and the processor.
“The FPGA is a high-speed processor likewise known as a field programmable gate array, allowing us to iterate through different algorithms, bypass the wallet’s security and extract the mnemonics.”
Trezor responded to Unciphered’s demonstration of the exploit and indicated that it had quite several similarities with the Read Protection Downgrade (RDP) vulnerability. This vulnerability was realized by researchers from Kraken Security Labs and impacted both Trezor 1 and Trezor Model T. In short, this implied that Trezor was aware of the vulnerability. Chief technology officer at Trezor, Tomáš Sušánka, stated,
“This seems to be a vulnerability was known an RDP downgrade attack, and as communicated on our blog in early 2020, RDP downgrade attacks require the physical theft of a device and incredibly sophisticated technological knowledge and advanced equipment. Even with the over, Trezors can be protected by a strong passphrase, which adds another layer of safety that renders an RDP downgrade useless.”
Hardware Wallets Not As Safe As They Claim To Be?
With their promise of keeping seed phrases and access codes offline and safe from the prying eyes of attackers, hardware wallets have long been considered the pinnacle of security in the case of storing digital assets. Their popularity grew even further with the collapse of major centralized exchanges such as FTX Trading Ltd, with investors and users opting for self-custody of their assets.
Nonetheless, recent events have put a considerable dent in the reputation of hardware wallets. 1 of the primary events that led to the confidence crisis in hardware wallets was the notice of Ledger Recover. Ledger’s Recover feature set the cat among the pigeons as it sparked concerns that third parties could gain access to private keys, allowing them access to the cryptocurrency held in the wallets. Ledger’s response did little to calm frayed nerves and led to considerable backlash for Ledger. Sooner or thereafter, Ledger was forced to postpone the feature’s release and open-source the code for transparency.