Kraken Security Labs has revealed that it only takes 15 minutes to hack Trezor hardware wallets and their derivative tools.
?It took Kraken Security Labs just 15 minutes to hack both of @trezor’s crypto hardware wallets.
Here’s how we did it and what it means if you’re a user: https://t.co/5betNtDnD0
— Kraken Exchange (@krakenfx) January 31, 2020
The attack requires physical intervention in the Trezor wallet by extracting its chip and placing it on a special device or welding a few important connectors.
The Trezor chip must then be connected to a malfunctioning device that can send signals at a specific time. These devices break the integrated protective layer that helps prevent the memory of the chip from being read by external devices.
The trick allows an attacker to read important wallet parameters, including private keys.
Although the seed was encrypted using a PIN-generating key, the researchers were able to crack it in just two minutes. The attack takes advantage of vulnerabilities inherent in the microcontroller used in the Trezor wallets. This means that the Trezor team is unlikely to do anything about this vulnerability without redesigning the hardware.
Kraken urges Trezor users not to allow anyone to access the physical wallet.
In a coordinated response published by Trezor, the team minimized the impact of the flaw. The company argued that the attack would show visible signs of tampering due to the need to open the device, noting that the attack requires extremely specialized hardware to execute.
The Labs recommends that users enable the wallet password feature to protect against such attacks and note that this is a viable alternative.
Read more:
- Kraken Exchange Received A Total Of 710 Regulatory Requests In 2019, Nearly 50% Compared To 2018
- CoinGecko Yearly Report: An Overview Of The Crypto Market Throughout The Entirety Of 2019