Cybersecurity firm Unciphered, known for recovering lost or stolen cryptocurrency, has claimed to discover a method to physically hack the popular Trezor T hardware wallet. While Trezor acknowledges a similar vulnerability from years past, this new development has caused ripples in the crypto security landscape.
Unciphered’s Exploit on the Trezor T Wallet
In a series of conversations and emails with CoinDesk, Unciphered revealed their exploitation of an “unpatchable hardware vulnerability with the STM32 chip.” This flaw allows the cybersecurity team to dump the embedded flash and one-time programmable (OTP) data, leading to the successful retrieval of a seed phrase and pin. The claims were not merely theoretical; Unciphered demonstrated their technique via a video where they successfully infiltrated a Trezor T wallet provided by CoinDesk.
Trezor’s Response
Trezor responded by stating they lacked sufficient details about the specific attack executed by Unciphered to provide a complete reaction. However, they suspect the method used to resemble an “RDP downgrade attack,” a risk that was publicly recognized three years ago. The company assured users that a strong passphrase can safeguard their Trezor wallets against such an attack, thereby adding another layer of security.
Rising Concerns Over Hardware Wallet Security
The security of hardware wallets is under scrutiny, especially following the backlash against Ledger’s proposed optional “recovery option” and last year’s collapse of the FTX exchange. Despite the perceived safety of hardware wallets compared to exchanges, recent discoveries like this one from Unciphered show that these devices aren’t entirely invulnerable.
Unciphered’s Stance and Further Insights
Unciphered refrained from confirming or denying whether their hack on the Trezor T was an RDP downgrade, citing current engagements and non-disclosure agreements. They also warned against any technical disclosure that could potentially endanger Satoshilabs customers. The firm emphasized that Trezor’s knowledge of the Trezor T model’s vulnerability in its STM32 chip and the lack of effort to address it is a cause for concern.
The Nature of the Attack
The method of attack by Unciphered requires physical possession of the device. In light of this, Nick Federoff, head of marketing at Unciphered, pointed out that threat often comes from within. Therefore, the physical security of the wallet becomes an equally important aspect of the overall security.
Unciphered’s Test Case with CoinDesk
As a demonstration of their capability, Unciphered requested CoinDesk to procure a new Trezor T wallet and set it up with a seed phrase. After securely shipping the device to Unciphered’s lab, the cybersecurity firm was able to hack into it, even documenting some steps on video, and successfully retrieve the seed phrase and pin.
Implications of the Discovery
Unciphered’s discovery, while highlighting a potential security issue with the Trezor T wallet, underscores the need for continuous innovation in the area of hardware wallet security. Notably, Unciphered admitted that they didn’t notify Trezor of the vulnerability before attempting to publicize it via CoinDesk, deviating from the cooperative approach often followed by “white hat” hackers.
