Pages:
Author

Topic: Trezor hacked (again) - page 5. (Read 1507 times)

legendary
Activity: 2268
Merit: 18711
January 30, 2022, 03:52:06 AM
#19
That is why I think that having multiple solution is the best thing you can do, own multiple hardware wallets, own DIY signers like Seesigner or Krux, and own a laptop with sole purpose of being a secure cold storage.
I am so fed up with hardware wallets at the moment, that I'm pretty much exclusively using airgapped encrypted devices and paper wallets for my non-hot wallets. Adding in KYC linked debit cards, supporting KYC and AML requirements from privacy invading centralized exchanges, adding unnecessary features (and therefore vulnerabilities) such as games to the firmware, adding support (and therefore vulnerabilities) for hundreds of useless shitcoins, the list goes on. I don't want to spend money on yet another new hardware wallet for the company to announce in few weeks' time that they are now implementing *stupid feature* and I have yet another device that I don't want to store my coins on. At least with a DIY solution I know it will still work exactly as I want it to in 1, 5, 10 years' time.

Posting this video on Youtube now in 2022 is just a free marketing campaign for Kingpin more than anything else, but it sure hurt Trezor so they even had to comment on that video with explantion.
Lol. People are dumb. They just read the headline about Trezor being hacked and start to panic. No one bothers to actually read the story to see this is a non-issue.
legendary
Activity: 2212
Merit: 7064
January 29, 2022, 07:14:11 PM
#18
I'd even go as far as saying that you may actually want to have both types for two very different, very specific applications. Cold storage = no S.E., daily driver = with S.E.? Just a thought.
With or without secure elements, it's definitely much safer to have hardware wallet with secure element, than using just regular smartphone for holding smaller amounts of coins you can spend.
After reading all the news that happened in last few days with hardware wallets, I am thinking that regulators will soon try to do something similar like in Switzerland.
That is why I think that having multiple solution is the best thing you can do, own multiple hardware wallets, own DIY signers like Seesigner or Krux, and own a laptop with sole purpose of being a secure cold storage.
Doing this you will most likely be able to survive with bitcoin post 2022  Wink

Wasn't the issue even fixed already, but possible due to outdated firmware? Like at the time of attack, he mentions about firmware v1.6.0 and that the attack wasn't gonna be possible in v1.6.1 etc., so he was exploiting the fact that the device was running old software in a way.
He was sort of doing this, but video was recorded somewhere in 2017 I think, and owner couldn't update the device even if he wanted to do it, because he didn't know the password.
Posting this video on Youtube now in 2022 is just a free marketing campaign for Kingpin more than anything else, but it sure hurt Trezor so they even had to comment on that video with explantion.



Makes me think: in a pinch, you could even just wipe a HW wallet that you have around (of which you have a seed backup handy) and load the stolen wallet's seed onto it. When you're done transferring the funds, reset it again and put in 'its' seed again.
Or just use Seedsigner/Krux that works exactly like that, but it's much more easier to import seed words again (with QR codes) than it is on trezor, ledger and other hardware wallets.
You don't even need secure element or secret NDA's and permission with this.

Not possible. Once you've upgraded to any version beyond version 1.6.0, it is not possible to downgrade back to 1.6.0. See the table here: https://wiki.trezor.io/Firmware_downgrade
Not possible for regular humans, but I bet smart guys and hackers like Kingpin, with all their gadgets will find some way to do it again. Wink
legendary
Activity: 2730
Merit: 7065
January 29, 2022, 11:53:12 AM
#17
You can downgrade it without knowing the PIN? That would mean any security mechanisms implemented through firmware upgrades would be pointless, since an attacker could just downgrade to an older version and exploit the vulnerabilities that were fixed through upgrades; I can't imagine that's possible.
Good point! I forgot about the PIN. I don't own a Trezor device but when you install new firmware updates on Ledger, it does ask you to enter your current PIN. I am sure it wouldn't work on Trezor either. To get the firmware installation files, you would have to connect to the Suite or the wallet.trezor interface. With an unlocked device, that would surely not work. 

If you can downgrade, you will be able to attack like in the video. The update doesn't 'remove' the data permanently from insecure storage or something like that; v1.6.0 copies the secure data into RAM at boot, it will do that no matter if it was updated and downgraded again.
As o_e_l_e_o pointed out, it's not possible to downgrade the firmware if you have anything newer than 1.6.1.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
January 29, 2022, 07:54:32 AM
#16
The vulnerability existed in the 1.6.0 firmware version of Trezor One’s firmware. With ver. 1.6.1, they fixed it. If someone was facing an issue like a lost PIN but had a newer firmware version, I wonder if it would work if he downgraded to version 1.6.0 and had Kingpin work on the device to extract the seed like he did for the guy in the video? I know that it is possible to downgrade to an older Trezor firmware, but would the data still be extractable from the chip, that’s the question.
You can downgrade it without knowing the PIN? That would mean any security mechanisms implemented through firmware upgrades would be pointless, since an attacker could just downgrade to an older version and exploit the vulnerabilities that were fixed through upgrades; I can't imagine that's possible.
If you can downgrade, you will be able to attack like in the video. The update doesn't 'remove' the data permanently from insecure storage or something like that; v1.6.0 copies the secure data into RAM at boot, it will do that no matter if it was updated and downgraded again.

It also seems like a pretty standard attack / setup (still great, no question!): voltage glitch, automatic reboot and getting serial console, then read RAM. I suspect after this was shown, many will try to replicate it. So maybe update your wallets. Cheesy



Wasn't the issue even fixed already, but possible due to outdated firmware?
Correct. See above:
As far as I can tell, this particular vulnerability was patched in firmware version 1.6.1 which came out in March 2018, 4 years ago.
Okay, so since this is the case, he will not get any bounty from Trezor, obviously and also not listed on the webpage, most probably. Since he used a known, fixed vulnerability. It was still a cool feat that took him a while to perfection, but you typically only get listed and paid if it's something new. @PX-Z
legendary
Activity: 2268
Merit: 18711
January 29, 2022, 07:53:06 AM
#15
Wasn't the issue even fixed already, but possible due to outdated firmware?
Correct. See above:
As far as I can tell, this particular vulnerability was patched in firmware version 1.6.1 which came out in March 2018, 4 years ago.

That's not bad either but its different from what I mentioned in my previous post. I was talking about having a 2nd device, fully functional and set up to be used in your primary device goes missing or malfunctions.
If you are storing enough funds to want them on a hardware wallet, then you should have a secure means of recovering that wallet and a secure place to send the coins in the event your hardware wallet is stolen. Having a second hardware device is a possibility, which you can initialize, back up a seed phrase, and note down a receiving address in advance, and then wipe and use to restore your compromised seed phrase. Using a similar set up but with an airgapped device is also a possibility. If you can't do either of those, then it would worthwhile using your current hardware device to generate a new wallet, either via a brand new seed phrase or an additional strong passphrase on top of your existing seed phrase, and having a receiving address noted down and ready to go. Then, in a pinch, you could sweep everything to that receiving address via a software wallet, accepting of course the increased risk by using a hot software wallet.

If someone was facing an issue like a lost PIN but had a newer firmware version, I wonder if it would work if he downgraded to version 1.6.0 and had Kingpin work on the device to extract the seed like he did for the guy in the video? I know that it is possible to downgrade to an older Trezor firmware, but would the data still be extractable from the chip, that’s the question.
Not possible. Once you've upgraded to any version beyond version 1.6.0, it is not possible to downgrade back to 1.6.0. See the table here: https://wiki.trezor.io/Firmware_downgrade
legendary
Activity: 2730
Merit: 7065
January 29, 2022, 02:26:48 AM
#14
I love that line. Going to be using it a lot.
Sure, enjoy it. Grin

At for the cost of hardware wallets on the secondhand market, leaving one around might not be the worst idea.
If it goes missing you can check you real one to make sure it's safe. But at that point, you know your security has issues because someone got in and got to your hardware wallet. Even if it's not your real one. Someone out there can no longer be trusted.
Are you talking about leaving one somewhere as a trap to be grabbed in case a thief breaks in to your home? That's not bad either but its different from what I mentioned in my previous post. I was talking about having a 2nd device, fully functional and set up to be used in your primary device goes missing or malfunctions.

Makes me think: in a pinch, you could even just wipe a HW wallet that you have around (of which you have a seed backup handy) and load the stolen wallet's seed onto it.
Sure, that would work. But again, you still need a second hardware wallet for this.


Comments about the Trezor attack.

The vulnerability existed in the 1.6.0 firmware version of Trezor One’s firmware. With ver. 1.6.1, they fixed it. If someone was facing an issue like a lost PIN but had a newer firmware version, I wonder if it would work if he downgraded to version 1.6.0 and had Kingpin work on the device to extract the seed like he did for the guy in the video? I know that it is possible to downgrade to an older Trezor firmware, but would the data still be extractable from the chip, that’s the question.

It's funny how they scrambled the seed words at the end of the video. Like it still contains any crypto.  
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
January 28, 2022, 07:19:17 PM
#13
It's worth noting this Trezor model is one of the few wallets which has no dedicated secure element.
Yeah, this is the last days of hardware wallets without secure elements, or maybe not.
To be completely honest, I'd say: it depends. If you trust your ability to keep the device mostly safe and the bigger risk for you is a backdoor in the secure element (also circumstantial: potential of bad actors, legality of BTC in your home country, ...) - then an open source device without such closed element would be beneficial.
On the other hand, if you need to bring your wallet into insecure places like shared offices or something and there is a risk of an 'evil maid' attack, and a comparatively lower risk of backdoors or flaws in the secure element, then this solution is for you.

I'd even go as far as saying that you may actually want to have both types for two very different, very specific applications. Cold storage = no S.E., daily driver = with S.E.? Just a thought.

Bonus task, try to find Kingin in this image (click to enlarge) Smiley

Easy, third one. Grin

I wonder if he get bounty bug reward from trezor considering this is a great find. I see their bounty bug page [1] but seems still outdated https://trezor.io/security/
He was certainly paid by the guy who hired him for this job, and it's possible that Trezor compensated him related with this flaw.
All this happened several months ago and Trezor was well aware of this problem and fixed it right away.
Wasn't the issue even fixed already, but possible due to outdated firmware? Like at the time of attack, he mentions about firmware v1.6.0 and that the attack wasn't gonna be possible in v1.6.1 etc., so he was exploiting the fact that the device was running old software in a way.

It appears that in addition to the pin, he hacked the seed phrases as well [blurred part].
I guess once you have the PIN, you will have the full access to everything including seed words, but this was the case before fix was applied in firmware.
To me it sounded like the PIN and seed were both loaded into RAM at boot, which is also shown in the video where he reads out the RAM to the host machine, then just performs strings. Therefore, he's not using the PIN to retrieve the seed (as you're describing).



It's a good idea to even have such a wallet safely generated and prepared in case something like that happens one day. It will be quicker to just recover an already existing wallet than creating one from scratch and writing down its seed words when you don't know who might be playing around with your lost HW. Imagine being 10 minutes late because you had to make sure your seed is correct and doing all the other steps and verifications according to your personal needs.
Makes me think: in a pinch, you could even just wipe a HW wallet that you have around (of which you have a seed backup handy) and load the stolen wallet's seed onto it. When you're done transferring the funds, reset it again and put in 'its' seed again.
Probably quicker than starting downloading Tails and more secure than importing seed into Electrum.
Note that not all hardware wallets  have this feature.
legendary
Activity: 2968
Merit: 3406
Crypto Swap Exchange
January 28, 2022, 04:57:23 PM
#12
I have a question, why is the PIN code sufficient?
It wasn't... The hacker in question "retrieved the seed phrases" as well.

In other words, if a password of sufficient length is inserted, will the hacker easily gain access to the device?
If you were referring to using a passphrase, then even in such cases, hackers can't access it [it's not stored on the hardware wallet].
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
January 28, 2022, 03:02:33 PM
#11
I look at it the same way as I look at oxygen tanks. They will help me breath and survive under water for a specific amount of time. After that, I will drown if I don't get to the surface in time. As soon as you notice that your hardware wallet is missing, take your recovery seed out from its hiding and transfer your coins somewhere else as soon as you get the opportunity to do it.
I love that line. Going to be using it a lot.
It's also the reason why if you have a lot of BTC / crypto. You really should be using more then 1 wallet.

At for the cost of hardware wallets on the secondhand market, leaving one around might not be the worst idea.

If it goes missing you can check you real one to make sure it's safe. But at that point, you know your security has issues because someone got in and got to your hardware wallet. Even if it's not your real one. Someone out there can no longer be trusted.

-Dave
legendary
Activity: 2730
Merit: 7065
January 27, 2022, 09:04:17 AM
#10
It seems that physical access to the device will mean that the password will be hacked and therefore your coins will be lost.
I look at it the same way as I look at oxygen tanks. They will help me breath and survive under water for a specific amount of time. After that, I will drown if I don't get to the surface in time. As soon as you notice that your hardware wallet is missing, take your recovery seed out from its hiding and transfer your coins somewhere else as soon as you get the opportunity to do it.

This has always been my approach. If I was to lose any device with bitcoin on it - hardware wallet, mobile wallet, encrypted cold storage, whatever - then I would be moving the coins to new wallets as soon as possible. A hardware wallet will buy you time to do this, but it shouldn't be seen as permanently infallible.
+1.
It's a good idea to even have such a wallet safely generated and prepared in case something like that happens one day. It will be quicker to just recover an already existing wallet than creating one from scratch and writing down its seed words when you don't know who might be playing around with your lost HW. Imagine being 10 minutes late because you had to make sure your seed is correct and doing all the other steps and verifications according to your personal needs.
legendary
Activity: 2212
Merit: 7064
January 26, 2022, 11:51:57 AM
#9
It's worth noting this Trezor model is one of the few wallets which has no dedicated secure element.
Yeah, this is the last days of hardware wallets without secure elements, or maybe not.
It's possible to use something that Seedsigner or Krux DIY with non-persistent storage that would delete everything after you shut down power from wallet.
Until I see first opensource secure element, I will not trust any other secure elements and signed NDA's.

Bonus task, try to find Kingin in this image (click to enlarge) Smiley


I wonder if he get bounty bug reward from trezor considering this is a great find. I see their bounty bug page [1] but seems still outdated https://trezor.io/security/
He was certainly paid by the guy who hired him for this job, and it's possible that Trezor compensated him related with this flaw.
All this happened several months ago and Trezor was well aware of this problem and fixed it right away.
I think that Saleem Rashid fixed this issue and he is on top of the bounty list on ledger website with 60.000 points.

It appears that in addition to the pin, he hacked the seed phrases as well [blurred part].
I guess once you have the PIN, you will have the full access to everything including seed words, but this was the case before fix was applied in firmware.
It turned out good for owner of that specific Trezor and I am hearing that many people are now contacting Kingpin with same issues of lost PIN.


legendary
Activity: 1792
Merit: 1296
Crypto Casino and Sportsbook
January 26, 2022, 11:34:35 AM
#8
Undoubtedly, this event will catch up with fear, but let's look at it from a different angle. The discovery of this vulnerability will push manufacturers to change and the security system of their devices will be improved. So it turns out that a negative event leads to positive changes.

In the future, similar events will happen more than once and you should not panic because of this. What is created by a person can always be hacked by another person. It's just a question of skills and resources.

It is also a great reminder that there are no perfect protection systems and therefore, you need to take this into account and be prepared. "Don't put all your eggs in one basket".


legendary
Activity: 2268
Merit: 18711
January 26, 2022, 06:25:09 AM
#7
I see this as a non-issue compared to what we already know, to be honest.

As far as I can tell, this particular vulnerability was patched in firmware version 1.6.1 which came out in March 2018, 4 years ago. And as we've known for a long time, regardless of what is happening here, seed extraction is still a possibility with Trezor devices for other reasons. Everyone with a Trezor device should be using a long and complex passphrase (or ideally, several different ones), which mitigates the risk of both vulnerabilities.

And as always, the likelihood of your coins being stolen by such a method is minuscule compared to your coins being stolen by user mistake, phishing, etc.

It seems that physical access to the device will mean that the password will be hacked and therefore your coins will be lost.
This has always been my approach. If I was to lose any device with bitcoin on it - hardware wallet, mobile wallet, encrypted cold storage, whatever - then I would be moving the coins to new wallets as soon as possible. A hardware wallet will buy you time to do this, but it shouldn't be seen as permanently infallible.
legendary
Activity: 2688
Merit: 3983
January 26, 2022, 06:02:13 AM
#6
It seems that physical access to the device will mean that the password will be hacked and therefore your coins will be lost.

I have a question, why is the PIN code sufficient? In other words, if a password of sufficient length is inserted, will the hacker easily gain access to the device?

Overall, with the cheap device price, generating seeds, keeping seeds/addresses, and destroying hardware wallet device would be especially convenient for those who hold millions of dollars and don't intend to use them periodically.
legendary
Activity: 2968
Merit: 3406
Crypto Swap Exchange
January 26, 2022, 05:53:38 AM
#5
hacker who hacked and broke Trezor hardware wallet PIN code with wallet worth around $2 million!
It appears that in addition to the pin, he hacked the seed phrases as well [blurred part].

- Always make multiple backups for your wallet
I can't stress this enough... I'd like to add that, it's worth creating those periodically [I'm really great at hiding stuff at home or in other places but that also means, I tend to lose or rather forget where I hid/placed some of them]!

hence use the backup seed and move the coins away asap.
You have a point, but in this case, that information "wasn't available".

As a Trezor user, I'm having mixed feelings in regards to the following parts:

  • But a core issue with the chip that allows fault injection still exists and can only be fixed by the chip maker — which the maker has declined to do — or by using a more secure chip. Rusnak says his team explored the latter, but more secure chips generally require vendors to sign an NDA, something his team opposes. Trezor uses open-source software for transparency, and when Rusnak’s team discovered a flaw in one secure chip they considered using, the chip maker invoked the NDA to prevent them from talking about it.
hero member
Activity: 1554
Merit: 880
pxzone.online
January 25, 2022, 08:46:25 PM
#4
Wow! Just wow. A huge kudos to this man, imagine if it was held by malicious actor and never shares to this to trezor.

I wonder if he get bounty bug reward from trezor considering this is a great find. I see their bounty bug page [1] but seems still outdated

[1] https://trezor.io/security/
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
January 25, 2022, 04:34:53 PM
#3
It's worth noting this Trezor model is one of the few wallets which has no dedicated secure element.

Also I had no idea kingpin was doing YouTube videos, that's amazing! Definitely a legend.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
January 25, 2022, 03:54:50 PM
#2
Conclusion:

While it's good to remind people now and then about this kind of problems, the overall conclusion has not change:
if the hardware wallet falls into the hands of unknown people, it's safer to assume it's going to get broken into/hacked, hence use the backup seed and move the coins away asap.
legendary
Activity: 2212
Merit: 7064
January 25, 2022, 03:48:50 PM
#1
Verge article released interesting article about one electrical engineer and hacker who hacked and broke Trezor hardware wallet PIN code with wallet worth around $2 million!
This was all done by Joe Grand and Trezor device was owned by Dan Reich who purchased some coins for $50k back in 2018, and then he withdraw them from exchange to Trezor wallet.
Price of the coins crash (some of us remember that time) and Dan forgot all about PIN code he used on his Trezor, and his friend lost the paper backup with this information.

Joe Grand, better known by his old hacker handle “Kingpin” was a part of L0pht hacker collective that testified to the US Senate back in 1998.
He already helped Mark Frauenfelder recover his coins from Trezor after he forgot his PIN in 2017, so Dan Reich contacted him and asked him for help.
Trezor did some changes and improvements after this, but this was not enough as Grand managed to do it again,and you can watch the procedure below in his youtube channel.

Problem is not only for Trezor but for most hardware wallets and devices that use STM32 microcontrollers and most wallets are using them.
They are used in  billions of devices around the world, not only in hardware wallets and it's scary when you think about it, even without flaws some agencies could add backdoor for spying inside this chips.

Trezor already fixed the issue in latest firmware versions and wallets no longer copy or move the key and PIN into RAM but in protected part of flash that is not affected by firmware upgrades.

Make sure to watch the video below, it does look a bit scripted but it is interesting to watch and fun time to spend 30 minutes.

Conclusion:
- Always make multiple backups for your wallet
- Use Trezor ONLY with passphrase, but back that up also.

Joe Grand video: How I hacked a hardware crypto wallet and recovered $2 million
https://www.youtube.com/watch?v=dT9y-KQbqi4


Full Article: https://www.theverge.com/2022/1/24/22898712/crypto-hardware-wallet-hacking-lost-bitcoin-ethereum-nft

Quote
Hi, we just want to add that the vulnerability was already fixed, and all new devices are shipped with a fixed bootloader.
Thanks to @saleemrash1d for his security audit. Learn more about our Security approach and responsible disclosure program here
https://twitter.com/Trezor/status/1485736962262810626

It might be a good idea to UPDATE your Trezor firmware now.
Latest version for Trezor One is 1.10.5.



NOTE:
This bug happened few years ago in 2017 and Trezor firmware was updated shortly after that.

Pages:
Jump to: