Celebrates Lunar New Year 2020 With Introduction of Free Spins

Ledger Reveals Physical Exploits Against Trezor Hardware Wallets

The battle of the hardware wallets is heating up. At this weekend’s MIT Bitcoin Expo in Boston, Charles Guillmet, Chief Security Officer of Ledger, presented a number of physical attacks that could be executed against Trezor hardware wallets. He also outlined an attack on their rival’s device that Ledger has refrained from making public because it is not patchable.

Also read: How the World’s Leading Banks Help Launder $2 Trillion a Year

Ledger CSO Runs a Train on Trezor

Like any self-respecting hardware wallet (HW) manufacturer, Ledger rigorously pen tests its own devices in search of potential vulnerabilities. The French firm’s Paris hacking lab, known as the “Ledger Donjon,” doesn’t just dissect its own wares: it also thoroughly attacks those of its fiercest rival, Trezor. While identifying and disclosing a competitor’s vulnerabilities might seem counterintuitive, it yields a brace of benefits, highlighting potential weaknesses in the opposition and emphasizing Ledger’s offensive prowess.

Within hours of Ledger CSO Charles Guillmet presenting at MIT Bitcoin Expo 2019, where he described the Trezor One, Trezor T, Keepkey, and B Wallet as “completely broken,” insisting there was “no way to fix” their security flaws, his employer published “Our Shared Security: Responsibly Disclosing Competitor Vulnerabilities.” The article explains how “about four months ago we contacted Trezor to share five vulnerabilities our Attack Lab uncovered. As always, we gave Trezor a responsible disclosure period to work on these vulnerabilities, even granting them two extensions.”

With the disclosure period having now expired, Ledger proceeds to gleefully reveal what it found upon pen testing its rival’s devices.

4 Vulnerabilities Fully Disclosed

In total, Ledger claims to have found four major vulnerabilities in Trezor’s flagship wallets. The first of these concerns the “genuineness” of the device. Trezor HWs have previously been shown to be susceptible to cloning, prompting the company to improve its tamper-proof stickers and to provide guidelines on how to detect ersatz devices. Trezor’s response to this “vulnerability” was to point out that users will not be exposed to this risk provided they purchase devices directly from the Trezor website.

The second attack identified involved a weakness in the PIN number used to secure Trezor HWs. Ledger explained: “On a found or stolen device, it is possible to guess the value of the PIN using a Side Channel Attack.” This entails entering a random PIN and then measuring the power consumption of the device when it compares this code with the actual value of the PIN. “This measurement allows an attacker to retrieve the correct value of the PIN within only a few tries (less than 5 in our case),” reported Ledger. “We found that the PIN does not protect the funds against an attacker with physical access to the device.”

The final two vulns involve the confidentiality of the data stored within the devices, primarily the private key and the seed. This exploit, involving the flash memory, was deemed the most serious since “it can only be circumvented by overhauling the design of the Trezor One / Trezor T, and replacing one of its core components to incorporate a Secure Element chip, as opposed to the general purpose chip currently used.” Ledger continued:

This vulnerability can not be patched – for this reason, we have elected not to disclose its technical details. It could also be mitigated by users adding a strong passphrase to their device.

A fifth, less serious, vulnerability was also disclosed. Trezor released firmware security updates last week, which it acknowledged to have been discovered by Charles Guillemet and the Ledger Donjon team. It stressed that exploiting the vulnerabilities required physical access to the device, adding that there is no evidence to suggest “any of these vulnerabilities have ever been exploited outside of the lab to extract any data.” Last week, Twitter and Square CEO Jack Dorsey revealed that he had purchased a Trezor hardware wallet.

What are your thoughts on Ledger pen testing its rival’s devices? Let us know in the comments section below.

Image credits: Ledger, Pixabay, and Trezor.

Need to calculate your bitcoin holdings? Check our tools section.

Share this story:

Kai Sedgwick

Kai's been manipulating words for a living since 2009 and bought his first bitcoin at $12. It's long gone. He's previously written whitepapers for blockchain startups and is especially interested in P2P exchanges and DNMs.

comments powered by Disqus.

In Case You Missed It

Monopoly Is a Tiny Darknet Market With Big Aspirations

There’s a certain irony in the smallest market on the darknet being named Monopoly. With less than 150 listings, the monero-friendly Monopoly Market is anything but. What this tiny darknet market (DNM) lacks in size, however, it makes up for ... read more.

Bitcoin Cash Gets Significant Privacy Boost With Cashfusion Alpha Launch

On January 17, the BCH developer known as Acidsploit announced the launch of the highly anticipated Cashfusion alpha. Interested parties can reach out to the Cashfusion developers via the team's Telegram group to become an alpha tester. The news of ... read more.

How Is Bitcoin Cash Different From Bitcoin Core?

The crypto space can be hard to break into for those unfamiliar with the jargon, lingo, and foundational knowledge taken for granted by the already initiated. Adding to this difficulty is the fact that there are several different cryptos which ... read more.

Developer Proposes Decentralized Bitcoin Hashrate Derivatives

There’s a new concept called Powswap that lets people speculate on hashrate in order to hedge against price volatility. Powswap was developed by the software engineer Jeremy Rubin who believes hashrate derivatives products allow people to leverage new trading strategies. ... read more.

Maduro Opens International Crypto Casino

Venezuela’s President Nicolas Maduro has authorized the opening of an international casino at a luxury hotel in Caracas where bets must be placed in petros, the country’s national oil-backed digital currency. Several cryptocurrencies and fiat currencies can be exchanged into ... read more.

Lawsuit Against Ripple May Decide the Fate of XRP but Regulators Have the Final Say

A prolonged legal battle, which may hold the key to XRP’s future, has been extended again. The class action lawsuit alleges that Ripple issued and sold the coin, one of the largest by market cap, as an unregistered security. The ... read more.

Cypherpunk Bitstream Hosts Talk Crypto-Anarchy, Dropgangs, and Importance of Real Life Connections

The Cypherpunk Bitstream podcast is a relatively new program that's just released its fourth episode. The hosts, known as Frank Braun and The Real Smuggler, are so-called 'privacy extremists' and dyed-in-the-wool crypto-anarchists concerned with exposing cypherpunk ethos to a wider ... read more.

Bitcoin.com Partners With Mecon Cash, Enabling Withdrawal at ATMs Across South Korea

Bitcoin Cash has been added to Mecon Cash’s M.Pay platform which is integrated with over 13,000 ATMs in South Korea. By making bitcoin cash usable for withdrawing won across the country, Mecon Cash is ensuring that BCH users in Korea ... read more.

An In-Depth Look at the Multi-Currency Cold Storage Card Ballet

Last September, Bobby Lee, the former CEO of China’s first cryptocurrency exchange BTCC revealed his new business venture Ballet, a non-electronic crypto wallet solution that offers multi-currency support. During the North American Bitcoin Conference Miami, all the attendees got a ... read more.

Uzbekistan Prepares Crypto Tax Exemptions, Launches Licensed Exchange

A new presidential decree in Uzbekistan envisages the introduction of tax exemptions for income obtained from operations involving crypto assets. The draft document published recently also incorporates proposals for the establishment of a blockchain valley and licensing regime for cryptocurrency ... read more.

Bitcoin Cash Sees Mining Pool Shift and Hashrate Surpass 4 Exahash

While people have watched the BTC network surpass 100 exahash per second (EH/s), Bitcoin Cash (BCH) has been steadily gathering hashrate as well. Since the November 15, 2018 blockchain split, which produced the Bitcoin SV (BSV) chain, BCH hashrate has ... read more.

Why User Experience Is Crypto’s True ‘Killer App’

There's been a lot of buzz in the space recently about the importance of user experience. Kim Dotcom's proclamation that "Mass utility is going to lead to mass adoption," speaks to this. Peter Schiff's bitcoin wallet fiasco, CZ's claim that ... read more.

Polkadot Will Finally Launch This Year – But Is the Multi-Chain Network too Late to Catch Ethereum?

Remember Polkadot? It’s the multi-chain network that raised $145 million in 2017 and hasn’t been seen since. But unlike many of the blockchain projects from that era, Polkadot hasn’t taken the money and run. Its team, led by Ethereum founder ... read more.

Bitcoin Cash Miners Plan $6M Development Fund by Leveraging Block Rewards

A group of Bitcoin Cash mining pool operations have decided to help fund BCH infrastructure development. On January 22, Btc.top founder Jiang Zhuoer revealed that five mining pools are preparing a short-term developers donation plan. Miners from Btc.top, Bitcoin.com, Viabtc, ... read more.

Demand for Crypto Derivatives Swells as CME's Bitcoin Volume Rises

The global markets company Chicago Mercantile Exchange (CME) has seen considerable demand since launching its options contracts in the wake of the firm’s bitcoin futures. On the first day of swaps, CME’s bitcoin options saw 55 contracts ($2.3 million). By ... read more.

Vodafone Becomes 8th Company to Exit Libra Association

After a spate of big names parting ways with the Libra Association late last year such as Paypal, Visa, Mastercard, and Ebay, British telecommunications giant Vodafone has become the latest to bid the ambitious digital asset project farewell. While Vodafone's ... read more.

Gift Bitcoin Cash for Chinese New Year With a Limited Edition Red Envelope Paper Wallet From Bitcoin.com

Giving red envelopes full of money to friends and family is a traditional way to celebrate the Lunar New Year in China and other Asian cultures. This year you can gift your loved ones bitcoin cash with a limited edition ... read more.

Paypal Pullout Prompts Pornhub to Add Tether as Payment Option for Its Adult Models

The porn industry is seen by many as a perfect fit for widespread cryptocurrency usage as it suffers from financial censorship far more than most businesses. When Paypal stopped servicing Pornhub models, the company hinted it might turn to digital ... read more.

Bitcoin Cash Miner Jiang Zhuoer Answers Infrastructure Funding Questions

On Wednesday, Btc.top founder Jiang Zhuoer disclosed that five mining operations had plans to donate roughly $6 million in coinbase rewards (depending on market prices) to developers building Bitcoin Cash infrastructure. The news was met with mixed reviews as some ... read more.

BCH Script Meeting Aims to Enhance the Programming Language in Bitcoin Cash

Bitcoin Cash developers actively participate in video meetings in order to discuss the ongoing development of the BCH ecosystem. BCH software engineers met for the first time in 2020 last Thursday to examine the May upgrade and specification work. Following ... read more.

Bitcoin Games Celebrates Lunar New Year 2020 With Introduction of Free Spins

Bitcoin Games is a provably fair online casino where you can play popular games using BTC and BCH. The platform is introducing a new feature and for its Lunar New Year 2020 promotion all players can get Red Envelopes packed ... read more.

More BS on Lightning: Blockstream Pours Liquid on Thick

Blockstream reps have long been pushing for full implementation of the perpetually-delayed Lightning Network as the main solution for BTC scalability. With the recent announcement of "federated sidechain" Liquid's integration with Btcpay, however, the tune seems to have changed. Past ... read more.