“Glitch me if you can…”
Producers of crypto hardware wallets might ever so slightly start to feel the need to review their security setup, as a group of researchers has managed to successfully hack the three most reliable on the market.
As reported by Cointelegraph, the hack was performed during the 35C3 Refreshing Memories Conference on Thursday, by a team of scientists from hacking website Wallet.fail. A video of the demonstration was posted the same day.
Hardware wallets have provided a secure space to store private keys for digital currencies offline, and can be accessed by connecting them to a computer and installing the relevant management software. Hacks on them are rare, with most reports of Bitcoin theft concerning their online software counterparts. Following Wallet.fail’s discovery, however, could that change?
According to Cointelegraph, the attempted hack involved three major hardware wallets: the Trezor One, the Ledger Nano S and Ledger Blue.
To the ostensible dismay of many event attendees, the team showed that the weak signals put out by the touchscreen Ledger Blue can be strengthened considerably by connecting a USB to the wallet. Because the keys highlight when the user taps in their pin, the researchers demonstrated how Artificial Intelligence could be used to access the highlighted key inputs, leaked by the radio waves.
Then, they modified the Ledger Nano S to play a game of Snake, thereby demonstrating that the device could be vulnerable to any kind of firmware. As shared by Cointelegraph, the researchers explained the more serious potentialities of the Nano S’s weaknesses:
“We can send malicious transactions to the ST31 [the secure chip] and even confirm it ourselves [via software,] or we can even go and show a different transaction [not the one that is actually being sent] on the screen.”
As for the Trezor One? They managed to acquire the private key by overwriting the device’s existing data with custom firmware. Although, that was on a device that didn’t have a passphrase set.