Topic: Extracting the Private Key from a TREZOR ... with a 70 $ Oscilloscope - page 2. (Read 5172 times)
April 17, 2015, 08:21:33 AM
This is why I always advise people to wait a few more years before using hardware wallets to store significant amounts of Bitcoin. They are too new, untested and unstudied and due to this they may have undiscovered flaws like this, in fact my opinion is that there are many other side-channel attacks similar to this, however in a few years once they have been better studied, tested and improved and we fully understand all the security concerns involved then hardware wallets will really shine.
April 17, 2015, 08:18:48 AM
You never break into my Trezor collection.
April 17, 2015, 08:12:58 AM
It took me a while to realize that gmaxwell was talking about secretly recording the audio interference from a nearby compromized computer which would then be retrieved and decoded by the attacker at a later time.
Actually, from the computer the Trezor is connected to itself (after all, the point of the Tezor is the assumption the host computer is compromised); nearby would be an even more impressive stunt-- in terms of nearby but not connected; that would better be done with a software defined radio receiver (e.g. not merely a remote compromise).All of that is a long shot, but thats the annoyance about defense; you have to defend against all attackers, and an attacker may spend a lot of time and resources on a single valuable target. It's quite hard to be confident that you do not have an exploitable weakness. If you're sure you're secure you're probably not being creative enough.
wooow. crazy shit. reminds me of the hollywood movie "eagle eye". But not long ago i ve read an article about some scientists from Tel Aviv University who were able to extract RSA keys from the "noise" of a CPU!!! So the above scenario, where a nearby computer "attacks" a victim within his noise-recognition area by "listening to its processor", should be practically possible. maybe we should start adding noise protection measures to our computers and trezors... LOL
April 17, 2015, 06:16:15 AM
It took me a while to realize that gmaxwell was talking about secretly recording the audio interference from a nearby compromized computer which would then be retrieved and decoded by the attacker at a later time.
Actually, from the computer the Trezor is connected to itself (after all, the point of the Tezor is the assumption the host computer is compromised); nearby would be an even more impressive stunt-- in terms of nearby but not connected; that would better be done with a software defined radio receiver (e.g. not merely a remote compromise).All of that is a long shot, but thats the annoyance about defense; you have to defend against all attackers, and an attacker may spend a lot of time and resources on a single valuable target. It's quite hard to be confident that you do not have an exploitable weakness. If you're sure you're secure you're probably not being creative enough.
April 16, 2015, 08:47:42 PM
It took me a while to realize that gmaxwell was talking about secretly recording the audio interference from a nearby compromized computer which would then be retrieved and decoded by the attacker at a later time.
April 16, 2015, 01:27:47 PM
I always feel uneasy to connect a device with private key directly to an untrusted online computer
I hope something like a audio modem could be implemented but seems it's too slow to be practically used?
https://bitcointalksearch.org/topic/bounty-25-btc-audiomodem-based-communication-library-135423
I hope something like a audio modem could be implemented but seems it's too slow to be practically used?
https://bitcointalksearch.org/topic/bounty-25-btc-audiomodem-based-communication-library-135423
April 15, 2015, 09:24:56 PM
Adding caps will not stop anyone to measure directly at the processor pins. And the device is tamper-evident, not resistant. Nothing is. The goal is to slower and make attack more expensive.
That's true, 'swhy I specified power only at the USB port. It would allow the tamper-evident feature to do its job, as only needing non-invasive monitoring would let someone try without being noticed. It really only needs to withstand attack long enough for its owner to notice it missing.
Quote from: gmaxwell link=topic=1022815
.... it's conceivable that a sufficiently creative attacker could do basically the same power analysis attack just by recording EMI picked up by the soundcard in the computer or via RF emissions from the device. (It's apparently quite easy to pick up noise from the trezor from across the screen with a radio receiver). People who've tried this have been frustrated by the extreme amount of noise put off by the screen and power regulators, but sufficiently advanced DSP may overcome it.
Hmm, I wonder if it's FCC class B certified. Seems unlikely if it's throwing out a noticeable amount of RFI, so maybe using more elaborate shielding and coupling to the detector would help passive monitoring succeed. Might try placing it near a machine with an old taiwanese ISA-bus soundblaster clone in it; those were great at picking up noise! April 15, 2015, 06:53:55 AM
Going by the pulse widths, it seems like a few cents worth of power filtering caps in the device would have prevented seeing anything exciting on the USB port. He mentioned removing the screen as well to clean up the signal, so I guess the device isn't even tamper-resistant? It doesn't seem to be going by the Trezor website. Too bad everything has to be made as cheaply as possible.
It isn't connecting to the jtag is easier than the power analysis.But-- not quite the same, it's conceivable that a sufficiently creative attacker could do basically the same power analysis attack just by recording EMI picked up by the soundcard in the computer or via RF emissions from the device. (It's apparently quite easy to pick up noise from the trezor from across the screen with a radio receiver). People who've tried this have been frustrated by the extreme amount of noise put off by the screen and power regulators, but sufficiently advanced DSP may overcome it.
April 15, 2015, 01:22:35 AM
Adding caps will not stop anyone to measure directly at the processor pins. And the device is tamper-evident, not resistant. Nothing is. The goal is to slower and make attack more expensive.
April 15, 2015, 12:01:16 AM
Going by the pulse widths, it seems like a few cents worth of power filtering caps in the device would have prevented seeing anything exciting on the USB port. He mentioned removing the screen as well to clean up the signal, so I guess the device isn't even tamper-resistant? It doesn't seem to be going by the Trezor website. Too bad everything has to be made as cheaply as possible.
April 13, 2015, 01:20:19 PM
Wow that is a creative attack!
April 13, 2015, 12:10:41 AM
Wow, that was some crazy shit
April 13, 2015, 12:06:48 AM
Good read, great to see security research in this space. Hope you get a tip!
April 12, 2015, 05:48:17 PM
nice link and good read thanks.
so every trezor user shoulda update their firmware asap
so every trezor user shoulda update their firmware asap
April 12, 2015, 05:19:37 PM
http://johoe.mooo.com/trezor-power-analysis/
Paper claims that private keys from a TREZOR device could be extracted via a side channel attack, but newer firmware fixes the vulnerability.
Paper claims that private keys from a TREZOR device could be extracted via a side channel attack, but newer firmware fixes the vulnerability.
Jump to: