How Does Kraken Crack Trezor? – Svjatoslav (Svet) Sedov
Yesterday, January 31, Kraken blog published the following announcement: “Kraken Security Labs has devised a way to extract seeds from both cryptocurrency hardware wallets offered from industry leader Trezor, the Trezor One and Trezor Model T. “
It’s followed by the pretty meticulous report on how exactly it was done: “Our attack begins by re-enabling the integrated bootloader (it, basically, writes, reads and erases the program flash memory which holds the application code) of the processor using a fault-injection attack (simply saying monkeying with error handling code paths). … By repeating the attack it is possible to extract all of the flash contents. Additionally, .. we developed a script to crack the PIN of the dumped device.”
Then Kraken hackers threatens: “we estimate that we (or criminals) could mass produce a consumer-friendly glitching device that could be sold for about $75.”
… and advises: 1) “Do not allow anyone physical access to your Trezor wallet”; 2) “Enable Your BIP39 Passphrase with the Trezor Client”.
What can I say? Nihil adeo sempiternum est: omnia eveniunt et mutant.
For detailed blockchain industry reports and projects analytics visit our platform: https://svetrating.com
For more information and community talks on this subject join our Whitepapers analysis Telegram group: https://t.me/joinchat/I5eQ-A6FSC2vXg_PNgFwJw
or my Twitter: https://twitter.com/SvjatoslavSedof
Published at Sun, 02 Feb 2020 05:09:52 +0000
{flickr|100|campaign}
