[ad_1]
A group of security specialists have discovered that several popular cryptocurrency hardware wallets are vulnerable to compromise. Portfolios have inherent weaknesses that could allow them to be attacked. The specialists have published their results, but the producers insist that there are no problems with the portfolios.
The vulnerabilities, which could allow side-channel attacks, supply chain, microcontroller or firmware, were identified by three researchers: Thomas Roth, Josh Datko and Dmitry Nedospasov. Researchers have pointed to weaknesses as "wallet.fail" and say they are in a number of hardware portfolios, including Trezor One, Ledger Blue and Ledger Nano S.
The trio demonstrated a concept-tested attack at the 35c3 conference held last month in Leipzig, Germany. They have shown that attacks can affect firmware, software or hardware, as well as physical and architectural design flaws. According to the researchers, some vulnerabilities can only be neutralized by changing hardware or microcontrollers.
By installing a hardware system combined with spyware into a device, researchers will be able to steal the wallet PIN. In addition, they were able to load custom firmware, allowing them to create malicious transactions to send digital assets and view fake transactions. In addition, the researchers were able to steal PINs by intercepting the radio signals and then flashing a separate device with a special firmware that allowed them to access the private keys in the wallet.
As can be expected, the producers mocked the test procedures used by the researchers, stating that they were not very scientific. For his part, Ledger said: "They have not been able to extract any semen or PIN on a stolen device.All sensitive resources stored on Secure Element remain safe.Not worry, your cryptographic resources are still safe on your Ledger device. "
Regardless of whether the test was scientific or not, any possibility of a compromised portfolio should be seen as a threat and must be addressed appropriately. As with any device used to protect financial resources, the cryptographic hardware and software portfolios must be tightly protected and users must ensure that they take all possible precautions to ensure that the wallets do not fall into the wrong hands.
