OneKey Hardware Wallet HACKED!

[dkbit98]

Another day and another hardware wallet hacked, this time it was open source device OneKey, biggest manufacturer of hardware wallets in China.
OneKey was forked from original Trezor code and they added secure element ATECC608A, but they obviously didn't do a good job with that, as it was explained in this short video clip.

This vulnerability was discovered by company called Unciphered, known for helping people unlock their crypto wallets, and for this job they received $10,000 bug bounty reward from OneKey.
Seed phrase was easily extracted by doing man in the middle attack, and inserting chip between processor and secure element, after that it took only one second to extract all seed words.
It's important to say that this bug is now fixed with firmware update, but problem is that many hardware wallets available today share the same code (based on Trezor) so they could also be affected.


Video by Unciphered: https://www.youtube.com/watch?v=b8OrakRJmHE

Eric Michaud, the founder of Unciphered said that hardware wallets can often times give people a false sense of security, thinking that wallet can't be hacked.
He also said that there could be a problem with many other hardware wallets because manufacturers recycle the same code base for their products.
Article about this was first released on Fortune Crypto website:
https://archive.is/S1Nwo

OneKey released official reply on their blog page, and they said how these attacks cannot be exploited remotely, and attackers need to have physical access to device.
It's interesting to see them claiming how other ''world-renowned hardware vendors'' had similar problem but they didn't say anything about it, because they are not open source (Ledger comes to my mind first).
They plan to improve security for future devices by introducing EAL6+ higher level of security, but I would be careful with their devices in future.
https://archive.ph/1qg0h

Good thing about this bug was that nobody lost any coins, because evil hackers didn't found out first about it, but it's a good reminder to everyone, don't blindly trust any device just because it is open source and it has secure element.
Don't trust, verify.

[Charles-Tim]

Good thing about this bug was that nobody lost any coins, because evil hackers didn't found out first about it, but it's a good reminder to everyone, don't blindly trust any device just because it is open source and it has secure element.
Don't trust, verify.

If possible passphrase is not stored on the wallet it is a good thing to go for while using a hardware wallet. That will give me the feeling of thinking that even if my seed phrase is known, I have different keys that the seed phrase can not generate without the passhrase.

[dkbit98]

If possible passphrase is not stored on the wallet it is a good thing to go for while using a hardware wallet. That will give me the feeling of thinking that even if my seed phrase is known, I have different keys that the seed phrase can not generate without the passhrase.

It's true that passphrase is not stored anywhere on device but there are still methods to crack them especially if they are weak, so this is not a perfect protection.
Good thing about this bug is that it could be fixed with software patch, but it shows that it's not enough just to put one or two secure elements and consider device secure enough.
I am more interested to find what other closed source wallets had the same issue like this, Unciphered certainly knows about this but they can't release it in public because of NDA from manufacturer.
 

[SFR10]

and for this job they received $10,000 bug bounty reward from OneKey.

Based on what I'm seeing under the "Bug Severity and Bounties" part of OneKey's program, I believe it means they were dealing with more than a single bug ^{[perhaps we're not seeing the whole picture]}!

but it's a good reminder to everyone, don't blindly trust any device just because it is open source and it has secure element.
Don't trust, verify.

You have a point, but the main issue is the fact that an average joe like me, doesn't have the necessary skills & knowledge to deal with such cases ^{[unfortunately]}.

[Hispo]

I would have not expected these news to come from China, to be honest. In my eyes, China is kinda a black hole if we talk about Bitcoin technology, gadgets, wallets and other tools. Still, I am glad the good guys this time received a bounty for responsibly disclosing this failure. We need to see more of it in this space.

Also, If I recall correctly Trezor wallets have a similar problem with physical attacks, back in the day after the Kraken video about that vulnerability, Satoshilabs suggested the use of a passphrase to mitigate the risk. Cannot all the Trezor based wallets do the same?

[Charles-Tim]

Also, If I recall correctly Trezor wallets have a similar problem with physical attacks, back in the day after the Kraken video about that vulnerability, Satoshilabs suggested the use of a passphrase to mitigate the risk. Cannot all the Trezor based wallets do the same?

Like for Trezor to release an update to eliminate the risk? Trezor is not having a secure element which makes it impossible to eliminate the risk of a physical attack to not be able to reveal Trezor wallet seed phrase.

[m2017]

Oh, this eternal struggle of the sword and shield - one creates protection, the other breaks it.

There is no perfect protection or safe way to store crypto. Everywhere has its own nuances and peculiarities. Hardware wallet have them as well. It is an ideal device in terms of online security due to the need to physically confirm the transaction by pressing a button, but has the disadvantages of physically accessing the device. The video confirms this, as well as many other cases when various HW were hacked.

And so, one vulnerability was patched, but how many more will be found over time? Who will use them first, a bounty hunter or an evil hacker? How many devices will hackers gain access to when a new hack is discovered?

It seems to me that the consequences of such hacks are overestimated. Hardware wallet continue to protect the security of crypto assets million users (online). For this it are needed. And if the attackers have gained physical access to HW, then it will no longer matter whether they use the help of a hacker or a $5 wrench attack.

[DaveF]

HW wallet manufactures are also kind of stuck in a loop. NOT picking on any one here, even OneKey, more in general.

If I create the BEST and MOST SECURE hardware wallet on the planet. BUT I make it all closed source and remove all marking from all the chips so you can't see what they are. And then figure out a way for them to all self destruct when tampered with I am going to sell just about none. Because there could never be any proof since it would all be a black hole and nobody could trust it. So, we have open source products with off the shelf parts and have to deal with the fact that the bad guys have now have a perfect knowledge of what we are doing and how we are doing it and can work from there to figure it out.

Not saying there is a better or worse way, but this is what it is and we as a group have to accept it and be able to help others understand the risks and how to mitigate them and possible fixes.

-Dave

[dkbit98]

Based on what I'm seeing under the "Bug Severity and Bounties" part of OneKey's program, I believe it means they were dealing with more than a single bug ^{[perhaps we're not seeing the whole picture]}!

Or their bug founding was so big and important that OneKey decided to pay them extra reward to make them happy and (more silent) not so critical
I want to see researchers like this testing all other hardware wallets, because I am sure they could earn more money.

You have a point, but the main issue is the fact that an average joe like me, doesn't have the necessary skills & knowledge to deal with such cases ^{[unfortunately]}.

Average Joe probably can't do that for firmware, but luckily it's easier for developers to do it when wallet is open source.

I would have not expected these news to come from China, to be honest. In my eyes, China is kinda a black hole if we talk about Bitcoin technology, gadgets, wallets and other tools.

Believe it or not, most of the hardware devices and chips are coming from China, so they are far from being a black hole.
We already know that Ledger is made in China (and assembled in France village), Keystone is made in China, Safepal is made in China, and others that are less known.
OneKey is most popular hardware wallets in China, some repots say they sold over 100,000 devices.

Also, If I recall correctly Trezor wallets have a similar problem with physical attacks, back in the day after the Kraken video about that vulnerability, Satoshilabs suggested the use of a passphrase to mitigate the risk. Cannot all the Trezor based wallets do the same?

This is totally different from Trezor devices because they still don't have any secure elements, so it's logical that there is no communication between chips.

It seems to me that the consequences of such hacks are overestimated. Hardware wallet continue to protect the security of crypto assets million users (online). For this it are needed. And if the attackers have gained physical access to HW, then it will no longer matter whether they use the help of a hacker or a $5 wrench attack.

It doesn't have to be hackers, it can be any regular lowlife thief or government parasite agents that finds or confiscates hardware wallet.
Knowing they could hack it in one second would be nice surprise for them, especially in China.

If I create the BEST and MOST SECURE hardware wallet on the planet. BUT I make it all closed source and remove all marking from all the chips so you can't see what they are.

Yeah, especially if you sign NDA with your partners, and create black box operating system for secure element, like some manufacturers are already doing

[dkbit98]

First, don't worry, there was no new hack for Oneky wallet, but I didn't want to create a new topic for this.  

If you ever wondered what Onekey wallets used as a base for their devices, I suggest watching latest video from Crypto Guide.
He was doing a review of OneKey Pro and he discovered it was based on Tretor Model T that was later modified.
It's interesting that with small tweak you can connect Onekey wallet with Trezor Suite app:


https://youtu.be/yEsiFQUuGJo

[Meuserna]

This is yet another example of why I'm not a fan of saving a seed on a hardware wallet.  Every secure element will eventually get hacked, meaning you'll need to upgrade again and again.

There's a better way.

With a device like Krux or SeedSigner, you can save your seed on a QR code that you scan in order to load your seed.  There's no need for a secure element chip or even a PIN code to unlock the device since there's nothing saved on the device.  Plus, it's fully airgapped.

And with Krux, you can save your seed as an encrypted QR.  If somebody finds your encrypted QR, they can't scan it without the decryption key.

If somebody steals your device?  No worries.  There's nothing on it.  And if you use an encrypted QR, no worries if somebody finds it.  They can't scan it without the decryption key.

Best of all, the encryption is open source.  It's industry standard CBC encryption with as strong of a decryption key as you choose.  You can even save your decryption key as a QR.

Companies that make hardware wallets are never going to use the Krux/SeedSigner way of loading seeds via QR because they make money through hardware sales and upgrades.  "Oh, no!  Last year's secure element chips have been hacked!  Better upgrade to the latest model!"  It's ridiculous, but I don't blame them.  It's a business model that works.  I don't have to worry about any of that though.  I never save my seed on a device.

Pro Tip!  There's a fork for SeedSigner that enables encrypted QRs too.

[DaveF]

This is yet another example of why I'm not a fan of saving a seed on a hardware wallet.  Every secure element will eventually get hacked, meaning you'll need to upgrade again and again.

There's a better way.

With a device like Krux or SeedSigner, you can save your seed on a QR code that you scan in order to load your seed.  There's no need for a secure element chip or even a PIN code to unlock the device since there's nothing saved on the device.  Plus, it's fully airgapped.

And with Krux, you can save your seed as an encrypted QR.  If somebody finds your encrypted QR, they can't scan it without the decryption key.

If somebody steals your device?  No worries.  There's nothing on it.  And if you use an encrypted QR, no worries if somebody finds it.  They can't scan it without the decryption key.

Best of all, the encryption is open source.  It's industry standard CBC encryption with as strong of a decryption key as you choose.  You can even save your decryption key as a QR.

Companies that make hardware wallets are never going to use the Krux/SeedSigner way of loading seeds via QR because they make money through hardware sales and upgrades.  "Oh, no!  Last year's secure element chips have been hacked!  Better upgrade to the latest model!"  It's ridiculous, but I don't blame them.  It's a business model that works.  I don't have to worry about any of that though.  I never save my seed on a device.

Pro Tip!  There's a fork for SeedSigner that enables encrypted QRs too.

Makes you wonder how difficult it would be to make a QR and software that gave 3 different seeds.
 
1) Fully unencrypted, but valid, this way if someone finds it they get whatever little amounts of crypto you had on it. (Hot wallet)

2) Encrypted and you have to enter a password to get that seed. (Warm wallet)

3) Encrypted, but you have to scan with a different piece of software and enter a password that then generates another QR code that you then scan with something like Krux (cold storage)

Might be more Rube Goldberg then really needed but seems like an interesting concept.

-Dave

[Meuserna]

Makes you wonder how difficult it would be to make a QR and software that gave 3 different seeds.
 
1) Fully unencrypted, but valid, this way if someone finds it they get whatever little amounts of crypto you had on it. (Hot wallet)

2) Encrypted and you have to enter a password to get that seed. (Warm wallet)

3) Encrypted, but you have to scan with a different piece of software and enter a password that then generates another QR code that you then scan with something like Krux (cold storage)

Might be more Rube Goldberg then really needed but seems like an interesting concept.

-Dave

You're on the right track - but don't think of it as a QR code.  Think of it as data.  A QR code is just a visual representation of data.  Scan the code to transcribe the data.

I would think of it like this:

How difficult it would be to make a string of data that can be recovered two different ways:

1) Unencrypted, but valid.  For example, as a decoy seed.

2) Encrypted and you have to enter a decryption key to get the real seed.  A decryption key is just a password or passphrase.  It's whatever you set up as the decryption key.

As for your original #3:

3) Encrypted, but you have to scan with a different piece of software and enter a password that then generates another QR code that you then scan with something like Krux (cold storage)

You can do that now, with Krux.  Here's how.

Create an encrypted QR code.

Let's say this is your seed phrase:

"maid water stomach exhibit much wood useless blood debris reject either green"

To make this easier to talk about, let's call that seed phrase "Green."

And let's say you want to protect it with a crazy strong passphrase.  Use Krux to make an encrypted QR code for this long passphrase (which is actually a seed phrase):

"claim pigeon depth cook clerk paper merge bachelor winner patrol surprise muffin"

To make this easier to talk about, let's call that passphrase "Muffin."

And let's say this is the decryption key for Muffin:

"nine sky red truck"

Here's the magic:  Use Krux to create an encrypted QR for your Green seed phrase, using Muffin as the decryption key (the passphrase).

So...  to decrypt your seed phrase, you'd use 2 Krux devices.

Krux A:  Scan Muffin and enter the passphrase to decrypt it: "nine sky red truck"  Then have Krux show you a plaintext QR code for Muffin.

Krux B:  Scan your Green seed, then scan Muffin on your other Krux to decrypt it.

EDIT: This is a conversation for a different thread.  Check out Krux.  There are a few Krux threads here.  And like I said, there's a SeedSigner fork to add this functionality as well.  Highly recommended.