According to a report published by the Kraken Security Labs, the Trezor wallet is vulnerable to attack as a security flaw has been uncovered in its system. This is very worrisome as hackers can take advantage to steal private keys to access the wallet of users to steal cryptocurrency.
The process to break into the wallet to access the private keys is not an easy one as it demands physical access to the device for about 15 minutes. Though this is not an easy task to succeed as a hacker, it is very achievable. This calls for the need for Trezor wallet users to protect their wallets especially ensuring that no one has physical access to it.
According to the Kraken Security Labs, the criminals are required to be technically inclined and must have a few hundreds of dollars on equipment or glitcher device to stand a chance. The report states that hackers can mass-produce a glitcher device that can be sold for $75. In their attempt to test their discovery, they cracked the encrypted seed which is protected by 1-9 PIN. It was revealed that the hackers take advantage of the inherent flaws in the microcontroller used in the Trezor wallet. This is difficult to address according to the report as there will be a need for hardware redesign.
Image Source: www.businessinsider.com
According to Kraken Security Labs, hackers will first have to extract the Trezor wallet chip and connect it to the glitcher device. This is meant to send signals at specific moments. The report states that this procedure breaks the built-in protection that is designed to prevent the chip memory to be read by any external device. This is a very smart move and a very dangerous security flaw that can be taken advantage of by attackers who are close to the target. This is more interesting as attackers brute force a combination to access the seed encrypted with a PIN generated key.
Attackers will be able to access critical wallet parameters including the private key seeds as captured in the report. A number of wallets have obvious vulnerabilities that have been taken advantage of by hackers. Many cryptocurrency exchanges and mining platforms have been victims of the strikes launched by attackers after uncovering certain vulnerabilities. This validates the popular statement that “any device is hackable”. There is nothing like a 100% secured device elsewhere. There is always a way to break into it. However, the impacts can be minimized when certain measures are put in place.
A report revealed that the security flaw was earlier discovered by some researchers in 2019, forcing the Trezor team to issue out a statement advising users to make use of the paraphrase feature. According to the statement, the attack is viable when paraphrase does not protect the device. It was reported that a strong paraphrase mitigates an attack and protect holdings from the reach of hackers. Many users do not imagine losing their Trezor wallet to anyone, hence making them set any weaker paraphrase on their device.
Kraken Security Labs stated that their research is similar to the previous discovery on KeepKey. According to them, they all rely on the same family of chips. Kraken Security Labs cautioned that the chip is not meant to keep secrets. For this reason, Trezor wallet and KeepKey must not rely on them to secure the assets of the cryptocurrency users.
Image Source: www.zdnet.com
Trezor made a profound statement that will help victims to know whether their chip has been tampered with or not. According to their statement, the attack is mostly launched in their STM32 chip. This means there will be a visible indication of an attack as the case would have to be broken by the attacker. Being aware of the constant threat that exists in the cryptocurrency industry and has been a concern for almost all Bitcoin users, Trezor has used most of its resources to try to solve this issue as they are fully resistant to online attacks. They have collaborated with the Kraken Security Labs to address this issue.
They stated that all hardware wallets are hackable, and the question of physical attacks is not “when they will happen, but if they happen.” Trezor also said that though a small portion of all cryptocurrency users is concerned about physical attacks, they give physical vulnerabilities the same attention as the remote vulnerabilities. They introduced the paraphrase feature to protect their wallet without compromising their principle. Paraphrase is not stored by the Trezor wallet and no back up is stored as well. In this case, the management of paraphrase is the sole responsibility of users. Users are advised to use a stronger paraphrase and keep it away from people as they cannot afford to expose it to anyone.
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation to the reliance on or usage of any content, goods or services mentioned in this article.