Reports show that researchers were able to hack different hard wallets, including Ledger Blue, Ledger Nano S and Trezor One. News was broken at 35C3 Refreshing Memories. A video also showed proof of the hacks.
The name of the operation is “Wallet.fail”. It was a hacking project that included Dmitry Nedospasov, security researcher and hardware designer, Josh Datko, a former submarine officer and security researcher and Thomas Roth, software developer.
During the conference it was announced that private key was extracted from a Trezor One type hardware wallet. This was possible after flashing custom firmware that overwrote existing data. This is a strategy that was shown to work in the event that the user did not utilize a passphrase.
SatoshiLabs CTO, Pavol Rusnak, talked about it on Twitter and said that the company was made aware of the vulnerability before the proof was published. It was also mentioned that vulnerabilities are going to be solved with a firmware update that is going to be released in January 2019.
During the talk, the hacker researchers said that they also managed to install the firmware on the Ledger Nano S hardware wallet. The vulnerability was funnily used to play Snake on the wallet. A team member said:
We can send malicious transactions to the ST31 [the secure chip] and even confirm it ourselves [via software], or we can even go and show a different transaction [not the one that is actually being sent] on the screen.
Ledger Blue was also shown to have a vulnerability. We are talking about the most expensive of all the hardware wallets that were produced by the company, one that includes a color touchscreen. Signals are moved to the screen through a long motherboard trace, according to the researcher. This leaks signals as being radio waves.
Attaching a USB cable makes the leak signals so strong that they can be received from a distance of many meters. With the use of AI software that was deployed through cloud technology, the team managed to obtain device pin from a leaked radio signal dump as soon as the pin was entered.
In August it was reported that a teenage hacker compromised BitFi, which is considered to be the most secure hardware wallet on the market at the moment. News was denied through the mention that no crypto coin was extracted. At the same time, in the month of August, there were researchers that said they successfully managed to sign transactions with the use of BitFi wallets.
Image editorial credit: Anton Gvozdikov / Shutterstock.com