Ledger Chief Security Officer Charles Guillemet gave a shocking presentation at the MIT Bitcoin Expo this week in which he presented alleged vulnerabilities with the hardware cryptocurrency wallet produced by Trezor – perhaps its top competitor. Trezor argues in a new blog post that all of the attack vectors mentioned are not exploitable remotely.
Trezor particularly took umbrage to the disclosure of an existing chip vulnerability, saying:
“[W]e were surprised by Ledger’s announcement of this issue, especially after being explicitly asked by Ledger not to publicize the issue, due to possible implications for the whole microchip industry, beyond hardware wallets, such as the medical and automotive industries. Since Ledger is in talks with the chip manufacturer (ST) at the moment, we will also refrain from divulging any critical information, save for the fact that this attack vector is also resource-intensive, requiring laboratory-level equipment for manipulations of the microchip as well as deep expertise in the subject.”
Neither they nor Ledger have disclosed much more about the vulnerability outside of the presentation in the video above. All we know is that it’s related to a chip produced by ST Microelectronics, a French hardware component producer. As SatoshiLabs (the makers of Trezor) point out, the vulnerability goes beyond just crypto wallets. They say that regular security measures mitigate against it, but don’t detract from the seriousness of the problem.
After all, even major cryptocurrency exchanges are known to use hardware wallets for cold storage. Even if it requires “laboratory level” equipment and extreme knowledge, the jackpot is big enough that attacks could take place if people learn how to do them.
Guillemet noted a number of attack vectors for hardware wallets, one of which is a “supply chain attack.” A supply chain attack involves compromising the device itself, en route to the customer. Ledger’s CSO claims that Trezor is aware they have had counterfeiting of their products.
“But why does it matter? It does matter because in this white device, I could insert some kind of backdoor. You can backdoor the device in many different ways.”
The problems that are possible with a counterfeit or tampered-with hardware wallet are myriad. The attacker can create a pre-seeded wallet, for example.
Trezor says they’ve handled this problem as much as possible. There are resellers and other markets to acquire hardware wallets, after all. It doesn’t matter what you do to try to verify the genuineness of a hardware wallet – it can still be faked. They point to an example where a Ledger wallet was compromised in just this way.
The problem will exist until such a time that people somehow make their own hardware wallets at home. Even then, as Trezor says:
“No hardware is unhackable, and depending on what your security model is, there are tools which you can use to mitigate threats. […] Besides, if one has sufficient capital, time, and resources, no hardware barriers will stand against their attacks.”
All hardware wallets are subject to some form of physical attack. However, most crypto users don’t perceive physical threats as the primary reason they might lose their funds. The attacks outlined by Ledger are, in reality, mostly theoretical. They largely require physical access to the device. They’re mitigated by things like passphrases.