Three developers from different parts of the world have begun to discover vulnerabilities in the security of the most popular hardware portfolios: Trezor and Ledger.
Hardware wallets are increasingly popular and are used to store a significant percentage of the global cryptocurrency. Many merchants, hedge funds, ICO and blockchain projects store all of their cryptocurrency in one or very few portfolios. This means that users of hardware portfolios store tens of millions of euros of cryptocurrency in small USB peripherals that cost only a few euros to manufacture. In addition, many users who trade and speculate in cryptocurrency interact, update and generate transactions using their hardware wallets on a daily basis.
The following video shows how to break the most popular cryptocurrency hardware portfolios:
It shows the vulnerabilities of architecture, physics, hardware, software and firmware that we found, including problems that could allow a malicious attacker to gain access to wallet funds. The attacks we carry out against the hardware portfolios range from breaking the patented protection of the boot manager, to breaking the web interfaces used to interact with portfolios, to physical attacks that include failures to avoid the security implemented in the IC of the portfolio.
The vulnerabilities presented range from vulnerabilities that can be solved with a firmware update, to errors that will require a new hardware revision, to attacks on the microcontrollers themselves, which require a new silicon solution.
Our broad look in several portfolios demonstrates systemic and recurrent problems. We provide information on what needs to change to create stronger hardware portfolios.
Despite this example of how to maliciously access the hardware portfolios, it is quite limited if you do not have access to them (physical theft) or simply do not leave them connected to a computer.
The difficult thing is not to learn, the difficult thing is to know how to teach.
Editor and coordinator of the free book “La era de las BLOCK punto COM”
CEO of bitcoiner.today