In a presentation given on Thursday, December 27, at the 35th Chaos Communication Congress in Leipzig, Germany, security researchers Thomas Roth, Dmitry Nedospasov, and Josh Datko demonstrated what they describe as "systemic and recurring" security vulnerabilities in common hardware wallets, including the Ledger Nano S, Ledger Blue, and Trezor One.
Roth demonstrated that the Ledger Nano S contains a firmware vulnerability wherein, if exploited, malicious transactions can be sent and confirmed through the device. Roth noted that Ledger has already recognized the potential vulnerability and attempted to address it. However, with a bit of ingenuity, the research team was able to bypass the protections and exploit the vulnerability.
In response, Ledger published an in-depth blog post intended to assure customers that the bug exposed in the demonstration "has been solved in the next firmware version."
Roth also exposed a vulnerability with the Ledger Blue, wherein the device's PIN can be revealed with roughly 90 percent accuracy. This hack was pretty involved, but using artificial intelligence and cloud technology, the team was able to publicly share the hack on Google Cloud, albeit "with a limited dataset that is trained on a very close base," said Roth. "You cannot do anything super malicious with it, but it's nice to play around and see how this was done."
Ledger responded, "This attack is a bit unrealistic and not practical." If someone really wanted the PIN, Ledger suggested, it would be easier "to put a camera in the room and record the user entering his/her PIN." The post also assured customers that Ledger had "already implemented a randomized keyboard for the PIN on the Ledger Nano S, and the same improvement is scheduled in the next Ledger Blue Firmware update."
The researchers then demonstrated how they were able to reveal the seed phrase and PIN stored in a Trezor One wallet. They admitted that discovering how to execute the attack took months, but they said that anyone who wished to could use the strategy they discovered with relative ease. They also stated that they would post a how-to on GitHub. However, Roth added that if the device's owner used a "good passphrase" on their Trezor One wallet, they could "somewhat protect against this, but a lot of people don't, so we are really sorry," he chuckled. "We didn't mean any harm."
Additionally, the researchers have promised to post their methods on their website, wallet.fail.
Pavol Rusnak, chief technology officer of SatoshiLabs, which is the creator of Trezor, posted on Twitter after the talk:
Rusnak attempted to assure Trezor owners that Trezor One wallets were in fact safe to use because an "attacker would need physical access to the device and its board" to execute the attack. A few hours later, Trezor told customers via Twitter:
"[Y]ou can enable the passphrase feature, intended for additional protection against physical attacks. However, this is an advanced option and you should know how it works before opting for it. Loss of passphrase will lead to loss of funds."