Kraken Security Labs has come up with a strategy to extract seeds from two crypto hardware wallets offered by Trezor. They include the Trezor One and Trezor Model T. These attacks need 15 minutes of physical access to the device.
Digital assets exchange Kraken explained how to launch these attacks against the wallets here. The attack exploits the inherent flaws within the microcontroller that is used in the Trezor wallets. Hence, the Trezor team cannot solve this vulnerability without a hardware redesign.
Until the redesign is made available, users are advised to take precautions to protect themselves against the attacks. They are advised not to allow anyone physical access to their Trezor Wallet and should enable their BIP39 Passphrase with the Trezor Client.
The latest attack is similar to the one against the KeepKey wallet since the Wallet is a derivative. All devices rely on the same family of chips. Trezor has always known about these flaws since it designed these wallets.
The chips are not designed to store any secrets. Thus, vendors like KeepKey and Trezor should not rely on just them to secure cryptocurrencies. Pavol Rusnak, CTO of SatoshiLabs, commented:
“We are happy that Kraken Security Labs are investing their resources in improving the security of the whole Bitcoin ecosystem. We cherish this kind of responsible disclosure and cooperation.”
Kraken Security Labs disclosed the full details of the attack to the Trezor team on October 30, 2019. The vulnerability was made public to enable the crypto community to protect themselves as the Trezor team continues to search for a viable solution.
Extracting the seeds from Trezor wallets is not new territory. Trezor has previously implemented much mitigation against different hardware attacks. It has even implemented successful mitigations against the glitching attacks made public during the Wallet.Fail talk at the 35th Chaos Communication Congress.
The latest attack builds upon the research to bypass the mitigations. Cybersecurity is quite essential, especially in this digital revolution. Thus, efforts like Kraken’s are highly welcomed to ensure that hackers’ efforts are thwarted even before they are launched.
Cryptocurrency News Aggregator Cryptocontrol.io contributed to this story.