en
Back to the list

Cybersecurity Firm Hacks Trezor Hardware Wallet Using Three-Year-Old Exploit

source-logo  beincrypto.com 25 May 2023 04:30, UTC

Cybersecurity firm Unciphered has posted a video in which it claims to have hacked a Trezor hardware wallet.

Cybersecurity startup Unciphered claims to have infiltrated the security of the popular Trezor T model hardware crypto wallet.

On May 24, the team posted a video of them extracting the wallet’s mnemonic seed phrase or private key.

The cryptocurrency recovery firm took the Trezor apart to remove the internal circuit board. It was connected to its lab equipment which enabled the extraction of the device’s firmware.

Trezor Vulnerability Revealed

It then used powerful GPUs (graphics processing units) to work on the extraction.

Unciphered co-founder Eric Michaud said:

“We uploaded the firmware we extracted onto our high-performance computing cracking clusters. We have about 10 GPUs … and it took a little while but we extracted the PIN.”

He also stated that the retrieval was made possible by an “exploit that we developed in-house.” The team also had to write custom code to achieve the hack, which he explained was “extremely hard.”

Screenshot from Unciphered Trezor hack video – YouTube

Michaud stated that the exploit was not fixable with firmware updates. “In order to fix this, Satoshi Labs would have to recall all of their products,” he said before adding, “which they’re likely not going to do.”

Trezor responded to the experiment by stating that its team didn’t have enough details about this specific hack. It added that it appeared to be an “RDP [Read Protection] downgrade attack,” which was publicly flagged as a risk in early 2020.

“The RDP Downgrade attack is a precise attack that targets the hardware vulnerability of STM32 microchips used in the Trezor One and Trezor Model T hardware wallets,” it stated at the time.

Furthermore, the attack requires physical theft of the device, “extremely sophisticated technological knowledge and advanced equipment.”

Hardware Wallet Security Scrutinized

The revelation comes just a week after rival firm Ledger was involved in another PR imbroglio. Crypto Twitter was awash with comments calling for the dumping of Ledger in favor of Trezor, but that trend has now been quashed.

Ledger was lambasted last week for launching a recovery service that gave it control over the storage of seed phrases. The former CEO admitted the device was not trustless, and the current CEO, Pascal Gauthier, apologized for the firm’s latest foul-up.

It appears that no hardware wallet is 100% safe, despite what the manufacturers’ marketing departments claim.

beincrypto.com