BeInNews Academy Ltd © Street: Suite 1701 – 02A, 17/F, 625 King’s Road, North Point. Hong Kong.
Donjon, a security research team at cryptocurrency firm Ledger, has publicly disclosed its attempts to evaluate the physical risks associated with products sold by its competitors. The hardware wallet manufacturer is specifically testing the Trezor One, Trezor Model T, and all other Trezor clones for potential vulnerabilities.
This evaluation was undertaken as part of a research project that aims to analyse the general Once you have the freedom of being the sole owner of your money, it's now your responsibility to ensure the... More of hardware cryptocurrency wallets.
Trezor devices were chosen to be evaluated specifically because the company pairs open source firmware with closed source chips that include low-level functions hidden in the flash. Even though hardware wallets are universally regarded to be low risk, Donjon carried out the study to understand just how difficult breaching the security of a mainstream hardware wallets really is.
The research team said that once a Trezor When traders think about cryptocurrencies, they focus more on how they can profit from the price swings. But, what happens... More lands in the possession of a hypothetical attacker, they would be able to retrieve the master seed protected by the Unlike the physical wallet in your back pocket, a cryptocurrency wallet doesn’t actually store currency but the keys to a... More quite easily unless the user had the presence of mind to set a strong passphrase. The researchers also found that the vulnerability could not be eradicated without a complete hardware overhaul of the wallet.
When the research team notified Trezor about the potential of a physical attack on their wallet, Trezor said that the attack was too specialized, unrealistic, and hard to reproduce. Part of the company’s dismissal of the claim was that disruption of the hardware security of the wallet would require expensive equipment.
The research team then set out to learn whether or not the physical security of the hardware wallet could be compromised with only limited resources. To achieve this, they redesigned the attack with inexpensive tools that can be easily obtained. A compact electrical board worth around $100 was designed to extract the master seed from the wallet within five minutes. This board can be connected to any computer with a simple USB cable.
Unfixable Seed Extraction on Trezor: A practical and reliable attack
— Ledger Donjon (@DonjonLedger) July 3, 2019
The research team noted that users can prevent such attacks by adopting proper mitigation measures. This includes setting a long and complicated passphrase, making brute force attempts significantly more difficult for inexpensive homebrew hardware. The research team recommended users to set up a passphrase comprising of thirty-seven random characters to ensure complete security.
In response to the findings of the research team, Trezor added that its main focus was to protect users against remote security attacks. Trezor reaffirmed the need to set a strong passphrase to guarantee security against any physical attacks to the hardware wallet.
With the information provided by the research team at Ledger, do you think hardware wallet manufacturers should do more to protect users from physical attacks? Let us know your thoughts in the comments below.
Do you need trading guidance during this Coronavirus outbreak? BeInCrypto is here to help! Join our Telegram Trading Community for Market Updates, exclusive Trading Signals and a FREE Trading Course! Images courtesy of Shutterstock, Trading View and Twitter.