Cybersecurity company Unciphered has arguedย that it managed to hack the hugely trending Trezor T hardware wallet manufactured by Satoshi Labs.ย
The Trezor T hardware wallet is one of the most trending wallets in the market today.ย
A Potential Hardware Vulnerability?ย
Unciphered showcased the hack in a YouTube demonstration, claiming itย canย potentially extract the hardware walletโs mnemonic seed phrase by exploiting a hardware vulnerability. In the video, Unciphered is able to dismantle the hardware before extracting the seed phrase or private key. Nonetheless, the hack requires the physical possession of the wallet, along with specialized equipment. Furthermore, the cybersecurity company likewise arguedย that thereย is no way toย resolve the vulnerability that easesย the hack without initiating a complete recall of all Trezor T wallets.ย
In the video, the team at Unciphered claimed they developed an โin-house exploitโ that enabled them to extract the walletโs firmware. Co- founder of Unciphered, Eric Michaud, indicatedย that by leveraging specialized GPU chips, the team was able to crack the Trezor T hardware walletโs pin seed phrase. Michaud describes in the video,ย
โWe uploaded the firmware we extracted onto our high-performance computing cracking clusters. We have about 10 GPUs, and after some time, we extracted the keys.โ
Hardware wallets are used to store private keys offline in an air-gapped environment. Because these wallets keep the private keys offline, they are traditionally considered highly secure. Nonetheless, Unciphered has indicatedย that the hardware security mechanisms put in place in the Trezor T wallet could theoretically be bypassed if any hacker or malicious individual gained possession of a Trezor T wallet.ย
An Old Vulnerability?ย
Uncipheredโs demonstration of the vulnerability in Trezor T hardware wallets resulted in speculation that it had rediscovered an old vulnerability known for years. Nonetheless, Unciphered rejected this, stating that the old vulnerability in question had been patched in 2019. Reportsย by the company, the vulnerability and the method to exploit it were developed in-house.ย
This is not the 1st time Unciphered has successfully retrieved seed phrases from a hardware wallet. In February, the cybersecurity company demonstrated a similar hack of a trending hardware wallet, OneKey. In the video related to OneKey, Unciphered showed how it exploited the lack of encryption betwixt the hardware walletโs CPU and the secure element through a field programmable gate array. This was able to intercept all communications betwixt the secure element and the processor.ย
โThe FPGA is a high-speed processor likewise known as a field programmable gate array, allowing us to iterate through different algorithms, bypass the walletโs security and extract the mnemonics.โ
Trezor Respondsย
Trezor responded to Uncipheredโs demonstration of the exploit and indicatedย that it had quite severalย similarities with the Read Protection Downgrade (RDP) vulnerability. This vulnerability was realizedย by researchers from Kraken Security Labs and impacted both Trezor 1 and Trezor Model T. In short, this implied that Trezor was aware of the vulnerability. Chief technology officer at Trezor, Tomรกลก Suลกรกnka, stated,ย
โThis seemsย to be a vulnerability wasย known an RDP downgrade attack, and as communicated on our blog in early 2020, RDP downgrade attacks require the physical theft of a device and incredibly sophisticated technological knowledge and advanced equipment. Even with the over, Trezors can be protected by a strong passphrase, which adds another layer ofย safety that renders an RDP downgrade useless.โ
Hardware Wallets Not As Safe As They Claim To Be?ย
With their promise of keeping seed phrases and access codes offline and safe from the prying eyes of attackers, hardware wallets have long been considered the pinnacle ofย security inย theย caseย of storing digital assets. Their popularity grew even further with the collapse of major centralized exchanges such as FTXย Tradingย Ltd, with investors and users opting for self-custody of their assets.ย
Nonetheless, recent events have put a considerable dent in the reputation of hardware wallets. 1 of the primary events that led to the confidence crisis in hardware wallets was the notice of Ledger Recover. Ledgerโs Recover feature set the cat amongย the pigeons as it sparked concerns that third parties could gain access to private keys, allowing them access to the cryptocurrency held in the wallets. Ledgerโs response did little to calm frayed nerves and led to considerable backlash for Ledger. Soonerย orย thereafter, Ledger was forced to postpone the featureโs release and open-source the code for transparency.
