Krakens Uncovers the Hackable Trezor Hardware Wallets Flaws: Best Wallet To Use

Isuamfon (IwillTeachUCrypto)
4 min readJan 31, 2020

--

In what appears to be a simple hacking experiment by the Kraken’s security lab, the exchange lab reported that Kraken Identified Critical Flaw in Trezor Hardware Wallets.

How they went about this was devising a way to extract seeds from both cryptocurrency hardware wallets. Funny enough the

Kraken Security Labs has devised a way to extract seeds from both cryptocurrency hardware wallets offered from industry leader Trezor, the Trezor One and Trezor Model T.

The attack required just about 15 minutes of physical access to the device. And to think that not just the Trezor One was hacked, but also, the overhyped Trezor Model T is a big concern to all the crypto users.

How Kraken Identified Critical Flaw in Trezor Hardware Wallets

Here is how Krakens’ Security Labs experimented and successfully hacked through the Trezor wallets.

The attack relied on voltage glitching to extract an encrypted seed. The initial research required some know-how and several hundred dollars of equipment, but we estimate that we (or criminals) could mass produce a consumer-friendly glitching device that could be sold for about $75.

When this was achieve, the team went on to crack the encrypted seed, which is protected by a 1–9 digit PIN, but is trivial to brute force.

Technical Details to Krakens Trezor Wallet Hack

In the words of the company,

Extracting seeds from Trezor wallets is not new territory. Trezor has implemented significant mitigations against a variety of previous hardware attacks, including successful mitigations against the glitching attacks demonstrated during the Wallet.Fail talk at the 35th Chaos Communication Congress. This attack builds upon that research to bypass the mitigations.

Our attack begins by re-enabling the integrated bootloader of the processor using a fault-injection attack. This integrated bootloader has functionality to read-out the flash contents of the device, but verifies the protection-level of the chip while executing the command.

By utilizing a second fault-injection attack it is possible to circumvent this check, and then the entire flash-contents of the device can be extracted 256 bytes at a time. By repeating the attack it is possible to extract all of the flash contents.

Additionally, because the Trezor firmware utilizes an encrypted storage, we developed a script to crack the PIN of the dumped device, leading to a full compromise of the security of the Trezor wallets.

The script was able to brute force any 4-digit pin in under 2 minutes. This attack demonstrates that the STM32-family of Cortex-M3/Cortex-M4 microcontrollers should not be used for storage of sensitive data such as cryptographic seeds even if these are stored in encrypted form

The STM32F205 and STM32F427 are flash-based microcontrollers used in the Trezor One and the Trezor T, respectively. Many derivatives of the Trezor One, such as the Keepkey, also use the STM32F205. Both STM32F2 and STM32F4 are ARM Cortex-M3 microcontrollers of the STM32 family of ST Microelectronics.

The STM32F2 and STM32F4 provides all the peripherals necessary for implementing the hardware wallet, including a PLL, as well as interfaces, such as USB. Most notably, the STM32F205 offers two common ARM programming interfaces: JTAG and ARM SWD. In addition to these programming interfaces, the STM32F205 also offers an integrated bootloader that can be used to program the device using interfaces such as UART, USB and CAN.

The Solution To All Trezor Hardware Wallet Owners Against Hack

According to Kraken’s security lab’s team,

The attack takes advantage of inherent flaws within the microcontroller used in the Trezor wallets. This unfortunately means that it is difficult for the Trezor team to do anything about this vulnerability without a hardware redesign.

Until then, here is what you can do to protect yourself:

#1. Do not allow anyone physical access to your Trezor wallet else you could permanently lose your crypto.

#2. Enable Your BIP39 Passphrase with the Trezor Client

Although the passphrase is a bit clunky to use in practice but is not stored on the device and therefore is a protection that prevents this attack.

A Better Solution: Top 3 Hackers Best Crypto Hardware Wallets In 2020 (№3 will shock you!)

Crypto Users Reactions to Trezor Hardware Wallets Flaws by Kraken

TLDR: Trezor is vulnerable if someone steals it from you (and has the technical expertise to perform this procedure)

This would be VERY obvious as the device needs to be opened so if your trezor is in your pocket, and its not been pried open, its fine. It can also be mitigated using the passphrase feature.

But if your device is stolen and you don’t have the passphrase feature enabled your funds are at risk.

Likely not a worry, but if you are worried, get a ledger as they have a more secure hardware design using a secure element.

Trezor does not use a secure element and instead uses a general purpose microcontroller, opening it up to these sorts of vulnerabilities — Afasso

Here is a video page that shows how Kraken Found Critical Security Flaw in Trezor One and T Wallets

--

--

Isuamfon (IwillTeachUCrypto)
Isuamfon (IwillTeachUCrypto)

Written by Isuamfon (IwillTeachUCrypto)

Top Quora Writer on Cryptocurrency, Blockchain, Bitcoin and Altcoins.

No responses yet