coingabbar.com
Hardware Wallets Remain Vulnerable to Cyberattacks Despite Security Measures
Cybersecurity startup Unciphered has recently claimed that it successfully hacked the popular Trezor T model hardware crypto wallet. In a video posted on May 24, the team demonstrated their ability to extract the wallet's mnemonic seed phrase or private key. To achieve this, they disassembled the Trezor device and connected its internal circuit board to their lab equipment, allowing them to extract the device's firmware.
The extraction process involved utilizing powerful graphics processing units (GPUs) to crack the encryption. Eric Michaud, co-founder of Unciphered, explained that they uploaded the extracted firmware onto their high-performance computing cracking clusters, powered by approximately 10 GPUs, and eventually succeeded in obtaining the PIN. He noted that the hack relied on an in-house developed exploit and required writing custom code, emphasizing its complexity.
Michaud further mentioned that the exploit was not fixable through firmware updates, suggesting that a product recall would be necessary to address the vulnerability—an action he believed Satoshi Labs, the company behind Trezor, is unlikely to take.
Trezor responded to Unciphered's claims by stating that they lacked sufficient details about the specific hack. They referred to it as an "RDP Downgrade attack," which had been recognized as a risk publicly in early 2020. Trezor clarified that this attack targeted a hardware vulnerability in STM32 microchips used in the Trezor One and Trezor Model T hardware wallets. They emphasized that the attack required physical theft of the device, along with sophisticated technological knowledge and advanced equipment.
This revelation raises concerns about the security of hardware wallets in general. It comes shortly after rival firm Ledger faced criticism for launching a recovery service that compromised the trustlessness of its devices. The incident led to a wave of comments on social media favoring Trezor over Ledger. However, the recent hack claims have highlighted that no hardware wallet can be considered 100% secure, despite manufacturers' marketing claims.
In summary, Unciphered's purported hack of the Trezor T model hardware wallet has brought attention to potential vulnerabilities in hardware wallet security. The industry faces ongoing challenges in maintaining robust protection for users' cryptocurrency holdings.