Crypto Wallet Wars: Ledger Reveals Potential Trezor Vulnerabilities
Ledger, through its testing lab and security team, pointed out a series of vulnerabilities in the flagship devices of its chief competitor, Trezor.
Ledger, the producer of some of the most popular hardware wallet devices, has disclosed several vectors of attack for its chief competitor, Trezor. The potential to unlock the device, or tamper with the electronics, has only been exploited in the lab so far, with no data of actual devices stolen or unlocked.
The first and most trivial vulnerability are insecure or fake Trezor devices. The producer of Trezor spoke in defense of only using the official store, to avoid receiving a fake hardware wallet.
But other vulnerabilities are more complex and involve the design of the devices itself. Ledger explores the vulnerabilities of its own production line, as well as the Trezor devices, through its Paris-based Attack Lab and the Donjon Ledger team.
The team has revealed that the Trezor still uses a general-purpose chip, instead of a Secure Element, thus making it possible to tamper with a device. In a process of pre-seeding, a Trezor hardware wallet could be altered for various flaws in cryptographic security, and also include malware that directly steals digital assets.
The other possible vulnerability is the potential to easily discover the PIN that unlocks the device. Trezor allows for a limited number of attempts with growing time between tries, but a Side Channel attack has been shown to discover a PIN with only five tries. Thus, a Trezor is not protected by the PIN, if a determined attacker has physical access to the device.
Trezor, however, patched the PIN vulnerability in its latest firmware release version.
Ledger has also discovered a way that an attacker can exploit and gain access through the Flash memory of the device. The Attack Lab believes this vulnerability cannot be patched, and refuses to disclose further technical details. The attack affects both Trezor T and Trezor One.
“In our view, this vulnerability cannot be patched, it can only be circumvented by overhauling the design of the Trezor One / Trezor T, and replacing one of its core components to incorporate a Secure Element chip, as opposed to the general purpose chip currently used,” Ledger explained.
The fifth attack vector discovered once again requires physical access and a Side Channel attack, to directly get hold of cryptographic keys.
It remains to be seen how Trezor responds to these claims. Meanwhile, hardware wallets remain some of the best protection for digital assets, but owners must still be aware of potential exploits.