193

Kraken Unearths Serious Blemish in Trezor Hardware Wallets

Jordan
Major
Updated: 13 Feb, 2020
2 mins read

Kraken Security Labs has come up with a strategy to extract seeds from two crypto hardware wallets offered by Trezor. They include the Trezor One and Trezor Model T. These attacks need 15 minutes of physical access to the device.

Digital assets exchange Kraken explained how to launch these attacks against the wallets here. The attack exploits the inherent flaws within the microcontroller that is used in the Trezor wallets. Hence, the Trezor team cannot solve this vulnerability without a hardware redesign.

Until the redesign is made available, users are advised to take precautions to protect themselves against the attacks. They are advised not to allow anyone physical access to their Trezor Wallet and should enable their BIP39 Passphrase with the Trezor Client.

The latest attack is similar to the one against the KeepKey wallet since the Wallet is a derivative. All devices rely on the same family of chips. Trezor has always known about these flaws since it designed these wallets.

Technical Details  

The chips are not designed to store any secrets. Thus, vendors like KeepKey and Trezor should not rely on just them to secure cryptocurrencies. Pavol Rusnak, CTO of SatoshiLabs, commented:

“We are happy that Kraken Security Labs are investing their resources in improving the security of the whole Bitcoin ecosystem. We cherish this kind of responsible disclosure and cooperation.”

Kraken Security Labs disclosed the full details of the attack to the Trezor team on October 30, 2019. The vulnerability was made public to enable the crypto community to protect themselves as the Trezor team continues to search for a viable solution.

Extracting the seeds from Trezor wallets is not new territory. Trezor has previously implemented much mitigation against different hardware attacks. It has even implemented successful mitigations against the glitching attacks made public during the Wallet.Fail talk at the 35th Chaos Communication Congress.

The latest attack builds upon the research to bypass the mitigations. Cybersecurity is quite essential, especially in this digital revolution. Thus, efforts like Kraken’s are highly welcomed to ensure that hackers’ efforts are thwarted even before they are launched.

Cryptocurrency News Aggregator Cryptocontrol.io contributed to this story.

Latest News

Join us on Twitter or Telegram

Or follow us on Flipboard Flipboard

Like the article? Vote up or share on your social media

Recommended content

Weekly Finance Digest

By subscribing you agree with Finbold T&C’s

Jordan Major
Author

Jordan is an investor and market analyst. He's passionate about stocks, ETFs, blockchain, and digital assets. At Finbold.com, he delves into the technicalities to obtain future trends for new market traders and gives insights into user-friendly platforms for beginners.

AD