Hardware wallet developer Ledger took to its blog on March 11 to outline five vulnerabilities the company claims to have found in two hardware wallet models from manufacturing competitor Trezor. The vulnerabilities were found by Attack Lab, a department at Ledger that hacks its own and competitors' wallets to find any security issues in order to contribute to the "shared responsibility in guaranteeing a high level of security for the entire industry."
According to the blog post, Ledger's findings pertain to the Trezor One and the Trezor Model T, though the analysis heavily focused on the Trezor One. The post also clarifies that Trezor was notified about four months ago regarding the five vulnerabilities and were then given a "responsible disclosure period" to fix the vulnerabilities before Ledger published its analysis.
The first issue Ledger makes note of is the "genuineness" of the Trezor devices. In its post, the company claims to have been able to manufacture fake devices that were exact clones of the Trezor wallets. They were also able to open the box of a Trezor wallet, install malware that gives the attacker complete control over the code running on the device, and then reseal the box without breaking the tamper-proof sticker "aimed at protecting against such attacks." Though all the vulnerabilities were reported to Trezor, this is the only one Ledger says Trezor responded to. Trezor argued that "users won't be exposed to this issue if they purchase their products directly from the Trezor website."
Next, Ledger says it was able to guess the wallet's PIN using a side-channel attack that "consists of presenting a random PIN and then measuring the power consumption of the device when it compares the presented PIN with the actual value of the PIN." The PIN gives users access to the device and the funds held within. The post does note that this vulnerability was patched out by Trezor in a firmware update. It is the only vulnerability Ledger indicates has been fixed.
The third and fourth vulnerabilities deal with an attacker's physical access to the Trezor wallets. According to Ledger, with physical access, an attacker can extract all of the data stored on the wallet's memory, and therefore gain control of the assets stored on the device. Ledger specifically notes that this vulnerability cannot be patched out and recommends users add a strong pass phrase to their device.
The last vulnerability outlined by Ledger has to do with the Trezor wallets' scalar multiplication function. According to the post, scalar multiplication is the core function for signing transactions, meaning it deals with the user's private key. Ledger found that the scalar multiplication function was vulnerable to a side-channel attack, making it possible to extract the key from the wallet.
After seemingly meeting Ledger's vulnerability report with a bit of awkward silence four months ago, Trezor published a post on Medium today, March 12, explaining that Ledger's vulnerabilities are not critical to hardware wallets as they all require "physical access to the device, specialized equipment, time, and technical expertise." Trezor goes on to state it has patched two of the vulnerabilities and found the scalar multiplication issue non-exploitable as the attacker would need the PIN. As for the claims made against the genuineness of the wallets, Trezor states there is "no 100% solution" to mitigate against this kind of attack.
Although Trezor's post covers what it is doing or has done to prevent the security issues and thanks Ledger for demonstrating the possible weaknesses in its wallets, the company's response as a whole is discombobulated. Trezor asserts in its post that perfect physical security is an unreachable goal, making note of the possibility of "$5 wrench attacks" – targeted thefts in which victims are forced to disclose their password. Trezor then asserts that with a strong pass phrase and an understanding of the company's operational security principles, "even the physical attacks presented by Ledger cannot affect Trezor users." However, Trezor then goes on to admit that if an attacker had enough time, money, and resources, "no hardware barriers will stand against their attacks."