Unciphered points out vulnerabilities in hardware wallets, may exploit Trezor products

hack hardware wallet

Security firm Unciphered claims on the 25th that it was able to hack Trezor Model T, a product of crypto asset (virtual currency) hardware wallet company Trezor.

Unciphered has shown the process of parsing the seed phrase (default password) from the wallet on YouTube. It states that by directly manipulating the chip, it is possible to circumvent the hardware security mechanisms of the Trezor T model, but only if the attacker physically takes over the hardware wallet.

Specifically, the Trezor microchip is removed from the original board and soldered to the breaker board. The device then uses its own attack techniques to manipulate Trezor T and extract the firmware. Upload that information to a high performance computing cluster. This cluster has about 10 GPUs and we analyzed the PINs over a period of time.

Unciphered co-founder Eric Michaud claims that by leveraging a dedicated GPU chip, he was finally able to crack the device’s PIN seed phrase.

The company hopes to provide an educational opportunity through this demo and that viewers will learn something. Unciphered also provides assistance with unlocking wallets, and has a form posted on its official website.

Michaud also pointed out that fixing the Trezor T attack would require a full product recall, as it cannot be fixed with a firmware update. He has heard rumors that the new product will incorporate a new chip, and he said he would check the impact.

connection:Ledger Accelerates Open Source Plan to Restore Credibility

Claims by Trezor

Trezor, on the other hand, insists the vulnerability is not new. The Unciphered demo acknowledges similarities to the Read Protection Downgrade (RDP) vulnerability discovered by researchers at Kraken Security Labs in early 2020.

The RDP downgrade attack is an attack method that targets hardware vulnerabilities in the STM32 microchip used in hardware wallets such as Trezor One and Trezor Model T. In this attack, an attacker with specialized hardware, knowledge and physical access manipulates (glitches) the voltage of the STM32 microchip, bypasses the protections in place and extracts the contents of the flash memory.

The name “Read Protection Downgrade (RDP)” indicates that the attack has the ability to illegally read information that would otherwise be protected by lowering (downgrading) the read protection level of the microchip.

Tomáš Sušánka CTO (Chief Technology Officer) of Trezor says that even with RDP risk, physical theft of the device, extremely advanced technical knowledge, advanced equipment, and a passphrase function to protect the device are required. The attack will only succeed if is not enabled, he said. Passphrase is a feature that creates an entirely new account setting by adding an additional word of your own choice to your existing recovery phrase.

In a statement to The Block, a foreign cryptocurrency media outlet, Trezor said that it is working with its sister company Tropic Square to develop a new security configuration for its hardware wallets and plans to solve the problem of RDP attacks. .

Tropic Square announced in February this year that its first prototype batch, the Tropic01 chip, had passed initial tests and was nearing the production stage. This chip has added resistance to physical attacks in which an attacker physically accesses the device and steals or manipulates the information in it.

connection:Trezor to manage wallet chip supply chain