Ledger find security flaw in TROPIC01 (Trezor's Safe 7 chip)

[OmegaStarScream]

Trezor disclosed a security flaw in the TROPIC01 chip used in its Safe 7 hardware wallet after Ledger's Donjon security team identified a successful laboratory attack, but the company says the vulnerability does not put user funds at risk.

The flaw affects only one of the wallet's multiple security layers and would require physical access, specialized equipment and advanced expertise to exploit, with no evidence of real-world attacks or compromised devices.

And this is the official response from Trezor [1][2].

TLDR; This should not affect the user funds in anyway.

[1] https://trezor.io/blog/news/Trezor-response-TROPIC01-chip-disclosure-no-impact-to-your-funds
[2] https://x.com/Trezor/status/2062113395994738962

[Charles-Tim]

The site is making sign-in mandatory and there is error when I want to register an account on the site. No threat because it requires physical attack on the device?

If it is like that, it is the same just as old Trezor model One and model T that did not have the  secure element. If it is like that, I still prefer Trezor. It is one still one of the best hardware wallet.

But my preferred hardware wallet are airgapped.

My best cold wallets are the ones I set up myself on an airgapped device.

[OmegaStarScream]

The site is making sign-in mandatory and there is error when I want to register an account on the site. No threat because it requires physical attack on the device?

Yes, I believe you can only read three articles on Coindesk before making an account becomes mandatory now (switching to Incognito should allow you to read it too)

From my understanding, there is "no threat" because the chip with the security flaw is one of MULTIPLE security layers the Safe 7 device has, not because physical access is required. So this flaw (alone) should not put the user's funds at risk.

[Charles-Tim]

Yes, I believe you can only read three articles on Coindesk before making an account becomes mandatory now (switching to Incognito should allow you to read it too)

I have tried it with incognito mode, it is still the same. Probably because I have tried it before. Before I posted that, I cleared my browser cache, but was still the same. Maybe I can try the incognito on a new browser instead to know if it would work.

From my understanding, there is "no threat" because the chip with the security flaw is one of MULTIPLE security layers the Safe 7 device has, not because physical access is required. So this flaw (alone) should not put the user's funds at risk.

I have read part of the new links that you posted, I do not even see it as a vulnerability yet unless the 3 security layer has been breached. Laser fault injection attack only affected the TROPIC01 Secure Element chip, but according to Trezor there are two other layers of security that need to be breached before pin and other sensitive information can be known.

So for now, physical attack on the hardware wallet is useless.

[dkbit98]

Donjon team, this is the one good thing in whole ledger team, and I gave them credits many time.
I was just reading the post on both trezor and donjon website, and it was expected for first chip version to have some flaws.
This is one of the reasons why I didn't purchase Trezor Safe 7, it's better to wait until they release updated chip version.

[ABCbits]

The site is making sign-in mandatory and there is error when I want to register an account on the site. No threat because it requires physical attack on the device?

You may want to see the article written by Ledger Donjon on https://donjon.ledger.com/blog/tropic01-laser-fault-injection/.

When a laser pulse hits SPECT logic during execution, it (often) corrupts the computation, causing the (otherwise valid) signature verification to fail. But the chip itself, and in particular the main CPU, does not crash — it simply reports a verification failure and continues operating. By scanning across the die and recording which positions caused failures, we built a map of the SPECT logic location.

There are many reason it's difficult to reproduce, but personally i believe this part is most tricky to execute.

[cygan]

to exploit this flaw, an attacker would have to bypass all security measures simultaneously in order to access the sensitive wallet data.
this would make the attack extremely difficult, and the attacker would have to:

• have physical access to the device
• completely disassemble the hardware
• open the chip housing
• and much more

[fullfitlarry]

And so cyber criminals take advantage of this security flaw,



https://x.com/lopp/status/2062505144474837060

The phishing continues, so just be aware guys, there have been a lot of attacks, online and physical lately.

If you encounter this is fake and obviously a phishing attempt. Don't click the link otherwise you will be redirected to a site that will drain your crypto.

[FinneysTrueVision]

I still use an older model Trezor and this would not discourage me from upgrading to a Safe 7. There was another model of Trezor that also had a vulnerability that could only be exploited with physical access to the device and specialized hardware. I have not seen any documented cases of a real world exploit to this day. Even with all the necessary tools and knowledge to pull off this kind of attack, you would still fail if the seed had a passphrase.

The flaw in the TROPIC01 is only theoretical under real world conditions. In my opinion, Trezor hardware wallets are still some of the safest places to store crypto because of their commitment to security and transparency.

[n0nce]

I still use an older model Trezor and this would not discourage me from upgrading to a Safe 7. There was another model of Trezor that also had a vulnerability that could only be exploited with physical access to the device and specialized hardware.

The Trezor One, maybe? It is vulnerable to hardware-based attacks, although these obviously require some specialized hardware and skills.
However, this should absolutely be part of your attacker model if you buy a hardware wallet. It's one of the big advantages over a dedicated, fully airgapped laptop, for instance. You cannot just pop out its hard drive and extract the keys, especially when hardware wallets use a dedicated secure element chip with physical tampering protection and detection mechanisms.

I have not seen any documented cases of a real world exploit to this day. Even with all the necessary tools and knowledge to pull off this kind of attack, you would still fail if the seed had a passphrase.

Then you missed these? And yes, if you do use a passphrase you'll still be secure, but then you also don't necessarily need a hardware wallet; just post your seed phrase online and remember the passphrase. ^{Please nobody quote me on this, it's a joke!}

https://www.youtube.com/watch?v=dT9y-KQbqi4
https://www.youtube.com/watch?v=MhJoJRqJ0Wc
https://www.youtube.com/watch?v=akMkE2fVw3k
https://voidstarsec.com/blog/replicant-part-1
https://www.usenix.org/system/files/woot19-paper_oflynn_0.pdf

The flaw in the TROPIC01 is only theoretical under real world conditions. In my opinion, Trezor hardware wallets are still some of the safest places to store crypto because of their commitment to security and transparency.

The TROPIC01 is definitely a huge step-up from the simple STM32 microcontroller used in the Trezor One, which had zero hardware-level protection mechanisms.

[Lucius]

~snip~
The flaw in the TROPIC01 is only theoretical under real world conditions. In my opinion, Trezor hardware wallets are still some of the safest places to store crypto because of their commitment to security and transparency.

If these are vulnerabilities that cannot be exploited remotely then I can somewhat agree with your statement, but if someone wants maximum security for their private keys they will not agree to anything other than air-gapped wallets. When you store your keys offline and back them up securely, you don't have to worry about any vulnerabilities affecting the device that stores your private keys because they have never been exposed to the internet.

[SFR10]

The site is making sign-in mandatory and there is error when I want to register an account on the site.

It appears you've already read everything, but in case something similar happens in the future, you can also use archive sites ^{[e.g., this]} as a workaround for bypassing login walls.

and it was expected for first chip version to have some flaws.

Based on the list of affected parts on "page 3 of this PDF file", it seems that all/most other iterations up to this point are also affected, but as you already know, a fix is already in the works.

And so cyber criminals take advantage of this security flaw,
[...]
https://x.com/lopp/status/2062505144474837060

Another lazy attempt from scammers who mentioned Safe 5, a model that uses OPTIGA Trust M (V3) SE

[satscraper]

.

TLDR; This should not affect the user funds in anyway.

This is the key point.

I generally view these kinds of flaws as a thing in itself.

By the time this laser attack is carried out  any sane user whose Trezor Safe 7 has somehow disappeared will transfer their funds to addresses unrelated to SEED of the stolen wallet.

[Pmalek]

I was wondering just a few days ago why the Donjon team hasn't tried to break the TROPIC01secure element chip and here we are.

Their team successfully bypassed the signature verification of the chip and installed third-party firmware that they were able to execute even with invalid signatures. What helped them was the open-source nature of the code. They could investigate how the signature verification works. But even after doing that they couldn't access the sensitive data like keys and PINs because the chip uses a storage system called MACANDD that was designed to keep such data away from the CPU. After they shared their findings with Tropic Square and received a response from them, Ledger's security team claims that they found a more serious vulnerability that could also compromise MACANDD. That could mayne also mean that they managed to obtain the sensitive data that MACANDD protects or there is a way to do it because the technical details of how they did that were not revealed. 

[PX-Z]

And so cyber criminals take advantage of this security flaw,



https://x.com/lopp/status/2062505144474837060

The phishing continues, so just be aware guys, there have been a lot of attacks, online and physical lately.

If you encounter this is fake and obviously a phishing attempt. Don't click the link otherwise you will be redirected to a site that will drain your crypto.

Typical scammers trying to take advantage of any issue involving hardware wallet users. They often target this group because they're perceived to hold larger amounts of cryptocurrency compared to the average user.

That's why HW users should be extra cautious and always verify information through official sources before taking any action. Or at least, hardware wallet users are expected to have a more practical and security conscious mindset when it comes to protecting their funds. After all, choosing to use a hardware wallet already shows a higher level of awareness about crypto security.