Editors Note: This article comes fromBabbitt InformationEditors Note: This article comes fromblog.trezorBabbitt Information
, translated by Free and Easy; The original text comes from
, author SatoshiLabs, reprinted with authorization by Odaily.At this years MIT Bitcoin World Expo, hardware wallet manufacturer Ledger demonstrated five attack methods against its counterpart Trezor at the conference. After that, the company also announced specific vulnerability details on its official website. Its to be expected that many users who buy a Trezor or its imitation hardware wont sit still.》
Readers who dont know about this matter can first read this article reported by Miss Babbitt Wendy:
The hardware wallet security team has repeatedly made strange moves, and Ledger started with its peer Trezor
Of course, we cant make a conclusion so simply, we have to listen to the other partys explanation. According to the response given by Trezor, the vulnerabilities mentioned by Ledger all require physical access, some of which have been solved by Trezor, some of which belong to the problems of all hardware devices, and the rest are all currently based on ST microchips. Problems with the equipment, which also includes the Ledger itself.
Through this incident, we can understand that no hardware wallet can be 100% safe, and it is important for users to raise their security awareness.
The following is Trezors response:
We would like to take this opportunity to address, clarify, and respond to Ledgers statement made against Trezor at the MIT Bitcoin Expo.
secondary title
Simple response:
Supply chain attacks: out of scope, affecting all hardware in transit, no 100% solution, all companies have different ways to mitigate this;
Software vulnerability attack: not exploitable, has been fixed;
Side channel PIN attack: fixed;
Side channel attack scalar multiplication: not exploitable, requires PIN;
Surprise Concluding Attack: Not fully disclosed, it affects all hardware devices based on ST microchips, and can be mitigated through passwords;
All of the demonstrated attack vectors require physical access to the device, the attacker needs to use specialized equipment and master specialized attack techniques, and finally it takes time.
This is why we believe these issues are of low importance to the vast majority of hardware wallet users. A recent study conducted in partnership with Binance confirms this, with only 5.93% of respondents citing physical attacks as the greatest threat to cryptocurrencies, while 66% of respondents cite remote attacks as the main threat. This 5.93% can be protected by using a passphrase, which overrides the physical security of the device and recovery seed.
Binance Security Survey Results, Sample 14,471 Respondents
The primary purpose of hardware wallets has always been to protect funds from malware attacks, computer viruses, and various other remote threats such as stealing all funds from the ledger by secretly changing addresses. While achieving perfect physical security is a noble goal, it is ultimately unattainable because of the $5 wrench attack. Furthermore, if one has the money, time, and resources, there is no hardware barrier against their attacks. If we take into account accidental theft, the chances of him finding your hardware wallet and accidentally having the equipment needed to break into these devices are relatively small.
image description
We designed the Trezor device with the threat model explained above in mind - our main focus is protecting users from remote attacks. That said, combined with strong cryptography and at least basic operational security principles, even a physical attack on Ledger would not affect Trezor users.
Knowing this, lets look at the issues Ledger addressed on Sunday.
secondary title
Supply chain attacks are an eternal problem with all hardware devices (not just wallets), no matter how well protected they are. A piece of hardware cannot check itself and verify its integrity. Hardware authentication is not a solution, since hardware modifications can be added that cause the device to confirm that it is genuine.
image description
Demonstrate injecting arbitrary recovery words into the Ledger hardware wallet, presented by Saleem Rashid
Problem 2- Software Vulnerabilities Attacks
During testing of the Trezor codebase, Ledger researchers discovered two issues, and they also confirmed that our code is highly resistant to malicious actors. Although these bugs were not exploitable, we fixed them anyway. We would like to take this opportunity to thank Ledger for reaffirming that the Trezor source code is written with high quality.
Issue 3 - Side channel attack on PIN
The side-channel attack on the PIN on the Trezor One wallet is indeed impressive and we applaud Ledger for their efforts. At the same time, we would like to thank Ledger for responsibly disclosing this issue to us. This attack vector can be solved by backporting the data storage method on the Trezor T model to the Trezor One.
Question 4-Scalar Multiplication of Side Channel Attacks
This vulnerability assumes that the attacker has the users PIN and has physical access to the device, and ultimately the passphrase. With all of the above in hand, the attacker has full control over all funds held by the hardware wallet.
secondary title
Question 5+6 Surprise Concluding Attack
The two questions are practically the same, but 6 sounds better than 5. Still, we are surprised that Ledger announced this issue, especially after Ledger explicitly asked not to announce it, as this could affect the entire microchip industry, not just hardware wallets (such as the medical and automotive industries). Since Ledger is currently negotiating with the chip manufacturer (ST), we will also avoid leaking any critical information, except that this attack vector is also resource intensive, requiring lab-grade equipment to operate the microchip as well as in-depth expertise.
Ledger, we are still discussing with ST, please dont mention the details of the attack, okay?
If you are a Trezor wallet user and fear physical attacks on the device, we recommend setting up a password-protected wallet. In the best case, multiple passwords can be used for combined protection. Passwords will completely mitigate this attack vector.
secondary title
in conclusion
in conclusion
image description
