Back to the list

Trezor responds to the vulnerability findings by Ledger


www.chepicap.com 13 March 2019 08:50, UTC
Reading time: ~2 m

Crypto hardware wallet company Trezor has released a statement regarding the recent announcement from rival company Ledger about the vulnerabilities in the Trezor wallet. 

Over the course of the last week, Ledger had announced that it had found several vulnerabilities with two models of the Trezor hardware wallet. The company announced in publically.

Trezor have since responded to the Ledger press release.

Read more: Ledger discloses 5 vulnerabilities in 2 models of competitor Trezor

Trezor responded in a recent press release of their own. Trezor explains in brief detail that the five vulnerabilities are either patched, or require a users password. Trezor explain that none of the vulnerabilities mentioned by Ledger are exploitable remotely, "All of the demonstrated attack vectors require physical access to the device, specialized equipment, time, and technical expertise."

Trezor also explained that in a recent study, only 5.93% of respondents considered physical attacks as the biggest threat, while 66% considered remote attacks as more of a threat to the Trezor wallet. 

Read more: Ledger bugs may lose you your life savings, version update is crucial

Trezor goes into more depth about explaining the vulnerabilities mentioned by Trezor, with Satoshi Labs CEO Marek Palatinus stating "We would like to thank Ledger for practically demonstrating the attack that we have been aware of since designing Trezor. Because we realize no hardware is 100% safe, we introduced the concept of passphrase; that besides plausible deniability eliminates many kinds of physical attacks, like this one."

Trezor admits that it should better communicate with its clients regarding issues they already know, but that for the most part clients have nothing to worry about. 

Back to the list

Similar news
Suggest news