In line with a recent official ‘report‘ published, leading cryptocurrency hardware wallets manufacturer ‘Ledger’ has revealed vulnerabilities in its direct competitor ‘Trezor’s’ devices.
However at the reporting time, Trezor hasn’t yet responded to any of these allegations imposed by Ledger.
The case study states that the vulnerabilities were found by Attack Lab, the firm’s department that hacks into both its own and competitors’ devices to enhance security protocols. Ledger however claims that it has repeatedly told Trezor regarding weaknesses in its Trezor One and Trezor T wallets, and has decided to publish them publicly after the disclosure time period.
The first related issue represents the authenticity of the devices. As per the Ledger team, the Trezor device is imitated by backdooring the device with malware and re-sealing it in its box by a ‘faux‘ tamper-proof sticker, that is reportedly very simple to remove. Ledger states that this vulnerability can solely be tackled by overhauling the look of the Trezor wallets and, specially, by replacing one among the core parts with a Secure Element chip.
Secondly, Ledger hackers are able to guess the exact values of the PIN on a Trezor wallet employing a side-channel attack. This was reported to Trezor earlier in Nov. last year. The firm lately however resolved this problem in its firmware update 1.8.0.
The third and fourth vulnerabilities, that Ledger additionally offers to resolve by replacing the core parts with a Secure Element chip, carries with it the chances of stealing confidential information from the device. Ledger states that an attacker with physical access to Trezor One and Trezor T would be able to extract all the information from the flash storage and gain management over the assets kept within the device.
The last vulnerability discovered is additionally associated with Trezor’s security model: consistent with [Ledger], the crypto library of the Trezor One doesn’t contain proper countermeasures against hardware attacks. The team claims that a hacker with physical access to the device can extract the private key via a side-channel attack, though Trezor has claimed that its wallets are secured against it.
Earlier in Nov. last year, Trezor itself ‘warned‘ that an unknown third party was distributing fake copies of its flagship Trezor One device. The faux ‘wallets‘ appeared to originate from China, and therefore the company thus urged purchasers to shop for wallets solely from Trezor’s official web-site.
However, within the recent report, Ledger also claimed that users can’t be sure even when they purchase hardware from the official Trezor’s web-site. The offender’s might have possibly purchased many devices, backdoor them, and send them back to the manufacturer asking for compensation. Just in case, the compromised device is sold-out again, the user’s crypto funds are expected to be stolen again, [Ledger] concludes.
Even earlier in Nov. last year, the analysis team named ‘Wallet.fail’ ‘demonstrated‘ how they hacked into the Trezor One, Ledger Nano S and Ledger Blue at the 35C3 Refreshing memories conference. At that time, both Trezor and Ledger admitted to have found ‘vulnerabilities‘ — with Trezor ‘noting‘ that a firmware update would be enough to address them while ledger ‘added‘ that the issue is although not so critical for its wallets.