Trusted

Ledger Researchers Uncover Seed Extraction Exploit on Trezor Wallets

2 mins
Updated by Adam James
Join our Trading Community on Telegram
Donjon, a security research team at cryptocurrency firm Ledger, has publicly disclosed its attempts to evaluate the physical risks associated with products sold by its competitors. The hardware wallet manufacturer is specifically testing the Trezor One, Trezor Model T, and all other Trezor clones for potential vulnerabilities.
This evaluation was undertaken as part of a research project that aims to analyse the general security of hardware cryptocurrency wallets. Trezor devices were chosen to be evaluated specifically because the company pairs open source firmware with closed source chips that include low-level functions hidden in the flash. Even though hardware wallets are universally regarded to be low risk, Donjon carried out the study to understand just how difficult breaching the security of a mainstream hardware wallets really is. fake trezor

Attacking Hardware Wallets: An Inexpensive Affair?

The research team said that once a Trezor hardware wallet lands in the possession of a hypothetical attacker, they would be able to retrieve the master seed protected by the wallet quite easily unless the user had the presence of mind to set a strong passphrase. The researchers also found that the vulnerability could not be eradicated without a complete hardware overhaul of the wallet. When the research team notified Trezor about the potential of a physical attack on their wallet, Trezor said that the attack was too specialized, unrealistic, and hard to reproduce. Part of the company’s dismissal of the claim was that disruption of the hardware security of the wallet would require expensive equipment. The research team then set out to learn whether or not the physical security of the hardware wallet could be compromised with only limited resources. To achieve this, they redesigned the attack with inexpensive tools that can be easily obtained. A compact electrical board worth around $100 was designed to extract the master seed from the wallet within five minutes. This board can be connected to any computer with a simple USB cable.

Remedy Against Physical Attacks

The research team noted that users can prevent such attacks by adopting proper mitigation measures. This includes setting a long and complicated passphrase, making brute force attempts significantly more difficult for inexpensive homebrew hardware. The research team recommended users to set up a passphrase comprising of thirty-seven random characters to ensure complete security. In response to the findings of the research team, Trezor added that its main focus was to protect users against remote security attacks. Trezor reaffirmed the need to set a strong passphrase to guarantee security against any physical attacks to the hardware wallet. With the information provided by the research team at Ledger, do you think hardware wallet manufacturers should do more to protect users from physical attacks? Let us know your thoughts in the comments below. 
Top crypto projects in the US | November 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Rahul-Nambiampurath.jpg
Rahul Nambiampurath
Rahul Nambiampurath's cryptocurrency journey first began in 2014 when he stumbled upon Satoshi's Bitcoin whitepaper. With a bachelor's degree in Commerce and an MBA in Finance from Sikkim Manipal University, he was among the few that first recognized the sheer untapped potential of decentralized technologies. Since then, he has helped DeFi platforms like Balancer and Sidus Heroes — a web3 metaverse — as well as CEXs like Bitso (Mexico's biggest) and Overbit to reach new heights with his...
READ FULL BIO
Sponsored
Sponsored