French-based HD wallet manufacturer company Ledger revealed in a blog post on March 11, 2019, that its AttackLab has discovered five major security vulnerabilities of Trezor’s products, the famous Trezor One and Trezor Model T.
Before making the vulnerabilities public, Ledger provided Trezor with ample lead time to resolve the uncovered vulnerabilities. The blog post claimed that Ledger even provided two extensions so that Trezor can address the issues.
Both companies are involved in producing hardware wallets for cryptocurrencies and Ledger said it has “a responsibility to enhance security throughout the entire blockchain ecosystem whenever possible,” and that’s why the AttackLab in their Paris HQ constantly try to hack their own products as well as competitors such as Trezor’s products.
Since its inception, the blockchain industry has faced a major challenge in terms of securing cryptocurrencies. Almost all the security breaches at crypto exchanges and private hacks involved stealing cryptocurrencies that were stored in spaces connected to a network.
While network-connected security measures try to minimize security vulnerabilities by implementing layers of encryption to secure the content, hackers have always found a way to undermine all efforts. Hence, companies like Ledger have come up with the Ledger Nano S, which keeps cryptocurrencies in a memory stick-like device called Hardware Wallets that remains offline, disconnected from any network. These portable and offline devices have built-in encryption systems that owners can rely upon.
Trezor’s hardware wallets claim to offer a “safe place” for cryptocurrencies and its product line includes a few models, including the new LCD screen Model T.
However, Ledger said that its engineers were able to create an imitation version of Trezor’s products using the same components, same hardware architecture, same look & feel that put a big question mark about the genuineness of the device.
Next, Ledger claimed that since Trezor’s devices provide PIN verification and allow users 15 tries to with an exponential waiting time to input the correct PIN, it is possible to guess the value of the PIN using a side-channel attack. Ledger said it has managed to retrieve the correct PIN using the side-channel attack with less than five tries.
The next two security vulnerabilities are even more severe as Trezor uses flash memory as a storage device that does not incorporate a Secure Element chip. Hence, according to Ledger, this security vulnerability cannot be patched at all without totally overhauling the core design of the Trezor One and Trezor T hardware wallets. Hence, they decided not to disclose it.
Commenting on the vulnerability, Ledger said it has “proved that with a digital oscilloscope, and a few measurements, it’s possible to extract the key of a transaction using Side Channel analysis.”
UPDATE: Trezor Responds to the claims in a new blog-post.
