Search the Community
Showing results for tags 'cryptocurrency wallet'.
Cryptocurrency wallets Trezor and Ledger are vulnerable to a number of different type attacks, researchers say. LEIPZIG, GERMANY – Hardware based cryptocurrency wallets may not be as secure as promised. That’s the judgement of Dmitry Nedospasov, Thomas Roth and Josh Datko who together presented their research at a session here at the 35c3 conference called “wattet.fail.” In the talk the researchers demonstrate firmware, side-channel, microcontroller and supply-chain attacks that impact a range of wallets including Trezor One, Ledger Nano S, and Ledger Blue. Naturally, the manufacturers responded, claiming the research had holes and attacks were impractical and their hardware was safe to use. “The sad reality is there is just not a lot of security in cryptocurrency [development]. And that is painful to hear,” said Nedospasov, a hardware design and security engineer, during his talk. A cryptocurrency wallet is designed to store the public and private keys used to receive or spend a specific cryptocurrency. Wallets can be stored on a computer, but many use a dedicated cryptocurrency hardware-based wallets, considered a safer alternative. The vendor critiques are below, but first the research. Supply Chain Attack The supply chain attack carried out by researchers was simple. The goal was to simulate how someone could manipulate the device before it gets in the hands of the customer. To do this researchers were able to tamper with the packaging of a hardware-based cryptocurrency wallet. Using a hair drier they peeled back a holographic seal (or sticker) that indicated the wallet wasn’t counterfeit or hadn’t been tampered with. “Stickers don’t work,” said Datko, an embedded systems engineer. “But once the sticker is off you faced with opening the enclosure.” That, he said, was also simple for the Trezor One, Ledger Nano S, and Ledger Blue wallets. “From there the attack is, taking the microcontroller and reworking it,” he said. That entails replacing it with your own microcontroller that has its own bootloader. An open case also allows you to install your own hardware implant. In Datko scenario, he implanted an RF transmitter that allowed him to remotely (within close proximity) trigger a transaction. Bootloader Vulnerability Researchers said they found a vulnerability in the Ledger Nano S tied to the device’s use of the STM32 microcontroller. The bug allowed an attacker to flash the chips with a custom firmware. To prove the point researchers flashed the chip with a version of the game Snake (see below). The vulnerability is tied to a developer flaw which left an open programming port open and enabled on the Ledger Nano S circuit board. Using this to their advantage, researchers detailed a way to manipulate the microcontroller and compromise cryptocurrency transactions. The wallet did have built-in mitigations to prevent this type of attack, such as blacklisting an entire memory region so it would be impossible to flash over the firmware’s bootloader. Researchers found a bypass to the mitigations and were able to flash the microchip’s firmware with their own, giving them control over the wallet. The malicious firmware loads, compromising the device the moment it’s turned on. Side-channel Attacks For the side-channel proof-of-concept attack, researcher Roth demonstrated an attack against the Ledger Blue hardware that entailed using an antenna to sniff out PIN numbers of the user. After cracking the hardware open he noticed a long conductor that he discovered carries instructions from the screen to the hardware. He discovered that the signal was amplified when it was plugged in with a USB cable. Next, using software defined radio equipment he was able to capture the radio waves. Using artificial intelligence Roth then isolated the radio patterns of each number pressed to determine what PIN number was pressed. The technique was able to accurately determine the PIN password 90 percent of the time. The adversary, in his proof-of-concept attack, would have to be in close proximity to the device and use an antenna to pick up key pad signals as they traveled across the Ledger Blue’s conductor wire. Chip-level Vulnerability In 2017, the Trezor One was found vulnerable to a fault injection via a microcontroller used in the wallet. Trezor quickly patched the bug. But, researchers here say that using a different technique and focusing on a different microcontroller (STM32F2) a motivated attacker could steal the wallet’s private key and PIN from the device’s Random Access Memory (RAM). “Compromising the STM32 microcontroller means you can compromise the entire device,” Nedospasov said. Researchers observed the Trezor One backs private key data temporarily to the device’s RAM and then dumps it when it “glitches.” To access the private key data researchers initiated a firmware upgrade procedure when a glitch occurred. To help the team grab the RAM data dump, they devised a way to delay the RAM from being cleared long enough to access the private key and PIN number. “When you review the relevant code you see [during the firmware upgrade process] that there is a call to backup metadata.. We observed the backup was from the memcopy we were interested in.. So our basic procedure was go into bootloader, start a firmware upgrade and stop it before the RAM gets cleared,” Roth said. Next, they used a simple string program to extract the private key and user PIN from the RAM dump. Trezor and Ledger Respond Both Trezor and Ledger responded to the research presented at 35C3. Ledger called the proof-of-concept attacks unrealistic and impractical. In a blog, Ledger responded: “They presented 3 attack paths which could give the impression that critical vulnerabilities were uncovered on Ledger devices. This is not the case. In particular they did not succeed to extract any seed nor PIN on a stolen device. Every sensitive assets stored on the Secure Element remain secure.” Regarding the proof-of-concept attack against the Ledger Nano S, Ledger called the research impractical. “They demonstrated that physically modifying the Ledger Nano S and installing a malware on the victim’s PC could allow a nearby attacker to sign a transaction after the PIN is entered and the Bitcoin app is launched. It would prove quite unpractical, and a motivated hacker would definitely use more efficient tricks (such as installing a camera to spy on the PIN entry),” the company wrote. Trezor replied via a tweet stating: “Regarding the presentation at #35c3, we were not informed ahead of time about the details of the disclosure. We are working with the info as it arrives. We will address the vulnerability in due time—as soon as possible.” Trezor continued: “Please keep in mind that this is a physical vuln. An attacker would need physical access to your device, specifically to the board—breaking the case. If you have physical control over your Trezor, you can keep on using it, and this vulnerability is not a threat to you.” The entire wallet.fail session can be viewed here. source
Oh, how the mighty have fallen. Well, that's not entirely fair if you are a firm believer in the future of blockchain technology and crypto currencies in the end user space. That was the spotlight feature on the original HTC Exodus 1 and the same is true for the newly announced Exodus 1s. The phone doubles as a hardware ledger and this time around has a few other crypto tricks up its sleeve. But more on that in a bit. First thins first, however, the hardware itself. There really is no way around it, the 1s has pretty terrible hardware for 2019. You are looking at a Snapdragon 435 chipset, along with 4GB of RAM, pushing pixels on a 5.7-inch, 18:9 HD+ display. You also get 64GB of storage and and SD card slot. But the latter might not be meant for your multimedia. The phone still uses a microUSB port. But at least you get a 3.5 mm audio jack. In the camera department the Exodus 1s offers a single 13MP PDAF snapper on the back and one of the same resolution of the front - no autofocus, but complete with an LED flash light. Two SIM card slots with 4G plus 3G dual standby, Wi-Fi ac, Bluetooth 4.1 and last, but not least, a 3,000 mAh battery keeping the lights on. Oh, and Android 8.1. Makes sense, we guess. HTC's product page is rather scare on details, but we think it is fairly safe to just check the HTC Desire 12s specs page for any additional info you might require. All of this can be pre-ordered today for EUR 219. Although HTC's website doesn't exactly make it clear if you can use "outdated" cash to fund that purchase, or they are still going to convert the price over to a Crypto currency during the final steps of checkout, as was initially the scheme with the original Exodus 1. Anyway, now that we're done making fun of the hardware, we should talk about the meat of HTC's product offer. The main added-value, crypto-enthusiast, added value attraction on the Exodus 1s is the ability to run a full Bitcoin node on the phone. Without going into too much detail, that means that the phone has the means of keeping the entire Bitcoin ledger in its memory. Well, on a microSD card, top be more precise with at least 400GB of storage, sold separately. That should be good for some time since the current Bitcoin ledger is about 260GB big and growing at a rate of roughly 60GB a year. The reason you would want the entire ledger in your pocket is that you can verify transactions for yourself and operate with more security, then, say, using the popular Simplified Payment Verification (SPV) wallet scheme, where a third-party website takes part in the validation process. You can also, apparently, query the ledger itself for transaction data, without sharing any info with the world. And last, but not least, you are actively contributing to the Bitcoin network, which definitely holds some allure to enthusiasts who believe in the future and viability of the network. There are some caveats, though, like the fact that currently only a Bitcoin node can run locally. No other currencies. Plus, running it apparently puts quite a strain on the three year old chipset, which is why HTC themselves only recommend running the node while connected to a wall socket or power bank. There is all the data usage involved as well, which can't help the battery situation either. Perhaps real enthusiast might have better luck with the new technology on the original and more powerful Exodus 1. It will also be getting the Bitcoin node feature as an update at some point. Other than that, just like its sibling, the Exodus 1s still has the HTC's hardware Zion crypto wallet with your keys hidden in the Snapdragon's security enclave. There is also the Trusted Execution Environment (TEE), which runs the Zion Vault software in a sandbox environment for extra security and also guards against common attack vectors, like third-party keyboards with key loggers. And if you lose the phone itself Social Key Recovery allows you to pick several trusted people in such a way that if they all come together, they can recreate your private key. This is called Shamir’s Secret Sharing or (as it’s better known in the crypto world) key sharding. No word on decentralized app or dApp support this time around. But we can only imagine that just like the Exodus 1 the 1s can run these as well. Honestly, do tell us in the comments if you think HTC is gambling a bit too fast and loose with the whole Exodus project as a last resort. Or, perhaps we are missing something and failing to see a bigger picture where the Exodus 1s is an important piece of the puzzle. Source: 1. HTC launches another blockchain phone - Exodus 1s (via GSMArena) 2. Introducing Exodus 1S (via HTC)