A group of hackers has showed an audience at the 35th Chaos Communication Congress how they hacked several hardware wallets. They demonstrated how they got the seed and PIN from the Trezor wallet’s RAM, and several others methods to hack both Trezor and Ledger hardware. However, these are not very easy hacks to perform as they require a combination of hardware tampering, malware installation on a pc, knowing the location of the victim, and being near the victim when he’s using the wallet.
The group found four ways to attack hardware wallets:
- Supply chain attack
- Firmware vulnerability
- side-chain attack
- Chip-level vulnerability
For a supply chain attack they showed how easy it is to tamper with a new hardware wallet, and how easy it is to make it look like new again. These attacks can happen in the factory, a shop, or at the post office. Anti-tampering stickers are definitely not a security. As a consumer you can never know for sure.
But even if the hardware would arrive at your house without any tampering, still your hardware wallet isn’t 100% safe. Did you know that the Ledger Blue outputs a small RF signal when you enter the PIN? When the USB cable is connected, it becomes an antenna that transmits your PIN through the room. When criminals have your password, they will only need to steal your hardware wallet.
For the Ledger Nano S the hacking group came up with a way to physically modify the wallet, in order to be able to send transactions as soon as the PIN is entered. Even though possible, it seems a bit far-fetched as it requires hardware access, malware on the victim’s computer and a room next to the victim to pick up the signal. A statement from a Ledger HQ spokesperson underlines this idea;
“In short, they demonstrated that physically modifying the Ledger Nano S and installing a malware on the victim’s PC could allow a nearby attacker to sign a transaction after the PIN is entered and the Bitcoin app is launched. It would prove quite unpractical, and a motivated hacker would definitely use more efficient tricks (such as installing a camera to spy on the PIN entry).”
With a Trezor wallet it’s even easier to gain access to both the PIN and your private seed. This data can be subtracted from the working memory (RAM) of the wallet. However, passphrase protection forms an extra layer of safety… when activated. Trezor only recommends passphrase activation for ‘advanced users’, leaving many people with an easy to be hacked hardware wallet.
Even though the hacking group was capable of performing the hacks, it’s not very likely that these methods will be used by the criminal hackers that are active with crypto. For criminal hackers it’s still much easier to spoof websites, use e-mail phishing or use social media to impersonate Elon Musk (again!). These methods can be scaled towards a bigger demographic, while the hacks performed by wallet.fail – in the video below – can only work when focused on a certain individual. It would be the Ocean’s Eleven of all crypto hacks.
Also published on Medium.