Ledger Discloses Five Reported Vulnerabilities in Two Models of Trezor Hardware

[NeuroticFish]

I feel like this belongs here more than in Press.

https://www.ledger.fr/2019/03/11/our-shared-security-responsibly-disclosing-competitor-vulnerabilities/

Today Ledger has published on their blog the competition's vulnerabilities they've found (4 months ago), with movies, images and explanations.
From what I've read some of them are still not fixed (!).

Notably, about four months ago we contacted Trezor to share five vulnerabilities our Attack Lab uncovered. As always, we gave Trezor a responsible disclosure period to work on these vulnerabilities, even granting them two extensions.

I guess that most of those vulnerabilities are not a problem in most of the cases, still, it's a warning for everybody to not feel too safe just because the coins are protected by a hardware wallet.

[1714119092]

1714119092

[1714119092]

1714119092

[1714119092]

1714119092

[gentlemand]

This is going to be an eternal battle between manufacturers and those looking to fiddle with their products. I wonder if either side will ever get a decisive upper hand.

The average user, deffo including me, is not qualified to know how serious these are or how good the fixes are or what's waiting to be unearthed.

I've got some coins that have no plans for several more years that are currently on a hardware wallet. I think they're headed back to paper.

[Pmalek]

These are serious issues that seem to be present in Trezor devices. It is quite scary that they were able to create a clone of the exact same components and hardware as a genuine device and even backdoor it and extract the seed. This has still not been patched according to Ledger!

I know that the Ledger Nano S has a security system where you can check if your device and its hardware were tampered with but I wonder how safe we can feel after reading that they were able to make a clone of a Trezor wallet. Does Trezor offer a way to check their devices to make sure they are genuine?

[Rath_]

Trezor released a security update a few days ago for both Trezor One and Trezor T. According to this article, 3 vulnerabilities submitted via the responsible disclosure have been fixed in that update.

Does Trezor offer a way to check their devices to make sure they are genuine?

Beside holograms on the packaging, Trezor should check the integrity of the bootloader which is responsible for checking the firmware. Here you can find more information. It's a bit different for each model.

[Coiner.de]

It is quite scary that they were able to create a clone of the exact same components and hardware as a genuine device and even backdoor it and extract the seed.

That is the open source model of TREZOR and why we all love it.

As far as I know TREZORs are not delivered with working firmware now. You have to do an update and you should not trust your new TREZOR if it is pretending to have the newest firmware. Wouldn't that take care of the backdoor?

[Rath_]

As far as I know TREZORs are not delivered with working firmware now. You have to do an update and you should not trust your new TREZOR if it is pretending to have the newest firmware. Wouldn't that take care of the backdoor?

Theoretically, it should take care of it, but I am quite sure that there were a lot of users who didn't know that the software would get downloaded directly from TREZOR servers. There were some cases of people using hardware wallets with already generated seed included in the box by malicious sellers. I have no idea how the device would behave in case of hardware backdoor.

[Lucius]

I think it's important to emphasize that all of vulnerabilities that is reported by Ledger security team pose a threat for Trezor hardware wallets only in case hackers come into physical possession of device. Trezor also say that this attacks can not be performed without specialized hardware, and for all wallets protected by passphrases these vulnerabilities are completely harmless.

I think that PIN vulnerability was the greatest danger in the event that a user loses device, as is demonstrated by Ledger it was possible to guess value of PIN with Side Channel Attack in just few tries. Users of Ledger Nano S know that 3 times entered wrong PIN wipe device, but Trezor have 16 tries before wipe, which is too much.

Perhaps the conclusion in this story is that users need to set up passphrase on hardware wallets, but this option is often recommended only to advanced users.

[arcade01game]

It is quite scary that they were able to create a clone of the exact same components and hardware as a genuine device and even backdoor it and extract the seed.

That is the open source model of TREZOR and why we all love it.

As far as I know TREZORs are not delivered with working firmware now. You have to do an update and you should not trust your new TREZOR if it is pretending to have the newest firmware. Wouldn't that take care of the backdoor?

Good idea but I don't think that would solve the issue even if the hardware was delivered without working firmware inside because attacker can always use a phishing method to redirect download of customized firmware(malware).
It is true that open source has positive impact on development, but at the same it is also an invitation to the bad guys by allowing more attack path to be discovered. Think for a second why (open source) Android has so many hacks (mostly jailbreaking with custom firmware) and non-open source such as iOS has better security.... it is because the source is managed tight, leaving small room for potential attack paths to be discovered.

[gentlemand]

It is true that open source has positive impact on development, but at the same it is also an invitation to the bad guys by allowing more attack path to be discovered.

A million eyes poring over something are better than one set of eyes hoarding or suppressing info that may trickle out. I'm not a fan of how Ledger conduct themselves compared to Trezor.

[o_e_l_e_o]

Some of these vulnerabilities are huge. They've already patched the ones that can be patched, but two vulnerabilities are inherent to the design of the Trezor and cannot be patched, according to this report.

The first one allows an imitation device to pass for a genuine Trezor, and allows a Trezor to be backdoored with malware to either send your crypto to a different address or to extract your seed. The second one, and by far the most concerning, states that Ledger were able to extract all the data stored on the Trezor, and therefore steal all the coins. If this is true, this makes your hardware wallet essentially no better than an unprotected wallet stored on a USB drive.

I don't own a Trezor, but I certainly wouldn't be buying one until they release an entirely new model that addresses these issues.

[Coiner.de]

this makes your hardware wallet essentially no better than an unprotected wallet stored on a USB drive.

Maybe while they are offline. TREZOR is made to be used. It protects from malware while being used.

Read about the threat model TREZOR was designed for:
https://blog.trezor.io/our-response-to-ledgers-mitbitcoinexpo-findings-194f1b0a97d4

[HCP]

If this is true, this makes your hardware wallet essentially no better than an unprotected wallet stored on a USB drive.

That's somewhat hyperbolic... the equipment needed to achieve this isn't just a laptop with a USB port

It's not like someone can simply plug your Trezor in, download the contents and walk away... and apparently simply using a passphrase completely mitigates the attack anyway.

Since Ledger is in talks with the chip manufacturer (ST) at the moment, we will also refrain from divulging any critical information, save for the fact that this attack vector is also resource-intensive, requiring laboratory-level equipment for manipulations of the microchip as well as deep expertise in the subject.

“This is still under discussion with ST. Could you please avoid mentioning details about the attack?”
— Ledger
If you are a Trezor user and fear physical attacks against the device, we recommend setting up a passphrase-protected wallet, in the best case with multiple passphrases for plausible deniability. Passphrases will completely mitigate this attack vector.

All this does, along with Ledgers "security" issues, is really highlight that nothing is 100% secure...

[Wind_FURY]

This is going to be an eternal battle between manufacturers and those looking to fiddle with their products. I wonder if either side will ever get a decisive upper hand.

I hope so, because it will be very good for the community to have more secure hardware wallets available.

The average user, deffo including me, is not qualified to know how serious these are or how good the fixes are or what's waiting to be unearthed.

I've got some coins that have no plans for several more years that are currently on a hardware wallet. I think they're headed back to paper.

I have a Trezor, but it's my "hot wallet". Hahaha. I trust my Tails Linux cold storage USB more. It will never connect to the internet.

[o_e_l_e_o]

-snip-

Well, that's much more reassuring. Everyone with a hardware wallet should of course be using multiple passphrases to allow plausible deniability, as the $5 wrench attack remains the most common attack vector for hardware wallets. It's still concerning for users with large amount of coins on their Trezor, though, since presumably they would be the main targets of any criminal who was organised enough to purchase or gain access to these kinds of resources and equipment.

[PrimeNumber7]

I think it's important to emphasize that all of vulnerabilities that is reported by Ledger security team pose a threat for Trezor hardware wallets only in case hackers come into physical possession of device. Trezor also say that this attacks can not be performed without specialized hardware,

This cannot be stressed enough. [The first vector involved an attacker buying a Trezor, modifying it, and returning it, but this relies on the assumption that Trezor would resell what they believe to be an unopened Trezor without additional inspections, and I do not believe this to be a valid assumption]

as is demonstrated by Ledger it was possible to guess value of PIN with Side Channel Attack in just few tries. Users of Ledger Nano S know that 3 times entered wrong PIN wipe device, but Trezor have 16 tries before wipe, which is too much.

The attack in which Ledger claims to have "guessed" the correct PIN in only 5 tries is claimed to be unexploitable by Trezor:

Findings

Our security analysis found that, on a found or stolen device, it is possible to guess the value of the PIN using a Side Channel Attack. This Side Channel Attack consists of presenting a random PIN and then measuring the power consumption of the device when it compares the presented PIN with the actual value of the PIN. This measurement allows an attacker to retrieve the correct value of the PIN within only a few tries (less than 5 in our case).

Although these vulnerabilities were unexploitable, we fixed them anyway.

It is unclear as to the technical nature of this alleged exploit, but reading the description, specifically, "with the actual value of the PIN" it doesn't look like an attacker could reverse engineer the PIN without existing knowledge of the PIN.

Perhaps the conclusion in this story is that users need to set up passphrase on hardware wallets, but this option is often recommended only to advanced users.

The passphrase is only a password that cannot be reset, and can be more "simple" compared to "password" standards because an attacker cannot try any passphrases without physical access to the device, and there is no way of knowing how many passphrases there are that contain anything of value.

The passphrase is not a very complex concept, and is only marginally more complex than the rest of the recovery seed, and I believe there is a line for the recovery seed should not be limited to "advanced" users.

I've got some coins that have no plans for several more years that are currently on a hardware wallet. I think they're headed back to paper.

A paper wallet is less secure than a Trezor with the cited exploits. A trezor allows a user to use a passphraise, so if someone gained physical access to your "wallet" all they would need is the passphraise if you are using a paper wallet, and would need the advanced equipment and technical knowledge to exploit the trezor.

An attacker may not even need physical access to your "wallet" to gain access to your paper wallet because they may be able to look at your printer to get your "wallet" or your wallet may be as vulnerable as your computer is, depending on the specifics as to how you generated the paper wallet. These vulnerabilities do not apply to any hardware wallet. You also have a higher risk of loss of funds due to things like flooding as your paper wallet may get damaged beyond being able to access the private keys if it gets wet, but is not the case for a trezor (to my knowledge).

You can also not ever spend coins on a paper wallet without loading the private key onto a potentially vulnerable computer. With a trezor, using a trezor on a compromised computer alone will not result in a loss of coins. If your computer is compromised, you should still take care of this.

[gentlemand]

A paper wallet is less secure than a Trezor with the cited exploits. A trezor allows a user to use a passphraise, so if someone gained physical access to your "wallet" all they would need is the passphraise if you are using a paper wallet, and would need the advanced equipment and technical knowledge to exploit the trezor.

A paper wallet in the sense of private keys and addresses created offline. After that they're stored in encrypted folders in electronic form. No way would I be printing things or leaving them lying around.

[PrimeNumber7]

A paper wallet is less secure than a Trezor with the cited exploits. A trezor allows a user to use a passphraise, so if someone gained physical access to your "wallet" all they would need is the passphraise if you are using a paper wallet, and would need the advanced equipment and technical knowledge to exploit the trezor.

A paper wallet in the sense of private keys and addresses created offline. After that they're stored in encrypted folders in electronic form. No way would I be printing things or leaving them lying around.

What you are describing is not a paper wallet, it is a wallet generated on an offline computer, ideally one that never touches the internet.

There are some drawbacks to this kind of wallet vs using a hardware wallet, a big one being that you need more advanced technical knowledge to create private keys this way, and another is that it is generally more expensive than a hardware wallet.

If either of the above do not sway your decision (because you possess the technical expertise, and the Δ in cost is not material for the amounts you are dealing with, which of the above is "better" is debatable, with pros and cons for each, and may vary depending on your specific situation. Assuming you aren't making any glaring security mistakes, I would say to use whichever type of wallet you are more comfortable using, which in your case appears to be one generated with an offline computer. 

[HCP]

Perhaps the conclusion in this story is that users need to set up passphrase on hardware wallets, but this option is often recommended only to advanced users.

The passphrase is only a password that cannot be reset, and can be more "simple" compared to "password" standards because an attacker cannot try any passphrases without physical access to the device, and there is no way of knowing how many passphrases there are that contain anything of value.

That isn't technically true... If you have access to the seed mnemonic, you can attempt to bruteforce passphrases. Granted, the algorithms required during mnemonic->seed->keys will slow things down, but if you use a stupidly simple passphrase, it would be possible for someone to bruteforce it in a relatively short space of time.

The trick of course is to get hold of the seed mnemonic... which apparently has now been patched as well

So, without physical access to the device (and knowledge of the PIN) or stumbling across someone's seed mnemonic backup... an attacker is going to struggle as things currently stand with the new patches.

What I am encourage by, is that "whitehats" are actively trying to find these flaws (hopefully before the "blackhats" )... and the companies are doing their best to patch the devices to mitigate the vulnerabilities.

[PrimeNumber7]

Perhaps the conclusion in this story is that users need to set up passphrase on hardware wallets, but this option is often recommended only to advanced users.

The passphrase is only a password that cannot be reset, and can be more "simple" compared to "password" standards because an attacker cannot try any passphrases without physical access to the device, and there is no way of knowing how many passphrases there are that contain anything of value.

That isn't technically true... If you have access to the seed mnemonic, you can attempt to bruteforce passphrases. Granted, the algorithms required during mnemonic->seed->keys will slow things down, but if you use a stupidly simple passphrase, it would be possible for someone to bruteforce it in a relatively short space of time.

You could say the same thing if you knew 93% of my private key because a passphraise is very similar to the last 7% of a xprivkey.

Above that, there can be more than one valid passphraise that leads to a xprivkey that controls spendable coins.

The purpose of the PIN + passphraise is not to protect your funds forever in the event you lose your trezor. The purpose is to create a long enough delay from the time you realize your trezor is not in your possession to access a backup trezor or backup seed, and move all your coins outside of what your trezor has the private keys to.