Topic: Trezor hacked (again) - page 5. (Read 1461 times)

I am so fed up with hardware wallets at the moment, that I'm pretty much exclusively using airgapped encrypted devices and paper wallets for my non-hot wallets. Adding in KYC linked debit cards, supporting KYC and AML requirements from privacy invading centralized exchanges, adding unnecessary features (and therefore vulnerabilities) such as games to the firmware, adding support (and therefore vulnerabilities) for hundreds of useless shitcoins, the list goes on. I don't want to spend money on yet another new hardware wallet for the company to announce in few weeks' time that they are now implementing *stupid feature* and I have yet another device that I don't want to store my coins on. At least with a DIY solution I know it will still work exactly as I want it to in 1, 5, 10 years' time.

Lol. People are dumb. They just read the headline about Trezor being hacked and start to panic. No one bothers to actually read the story to see this is a non-issue.

With or without secure elements, it's definitely much safer to have hardware wallet with secure element, than using just regular smartphone for holding smaller amounts of coins you can spend.
After reading all the news that happened in last few days with hardware wallets, I am thinking that regulators will soon try to do something similar like in Switzerland.
That is why I think that having multiple solution is the best thing you can do, own multiple hardware wallets, own DIY signers like Seesigner or Krux, and own a laptop with sole purpose of being a secure cold storage.
Doing this you will most likely be able to survive with bitcoin post 2022  

He was sort of doing this, but video was recorded somewhere in 2017 I think, and owner couldn't update the device even if he wanted to do it, because he didn't know the password.
Posting this video on Youtube now in 2022 is just a free marketing campaign for Kingpin more than anything else, but it sure hurt Trezor so they even had to comment on that video with explantion.



Or just use Seedsigner/Krux that works exactly like that, but it's much more easier to import seed words again (with QR codes) than it is on trezor, ledger and other hardware wallets.
You don't even need secure element or secret NDA's and permission with this.

Not possible for regular humans, but I bet smart guys and hackers like Kingpin, with all their gadgets will find some way to do it again.

Good point! I forgot about the PIN. I don't own a Trezor device but when you install new firmware updates on Ledger, it does ask you to enter your current PIN. I am sure it wouldn't work on Trezor either. To get the firmware installation files, you would have to connect to the Suite or the wallet.trezor interface. With an unlocked device, that would surely not work. 

As o_e_l_e_o pointed out, it's not possible to downgrade the firmware if you have anything newer than 1.6.1.

You can downgrade it without knowing the PIN? That would mean any security mechanisms implemented through firmware upgrades would be pointless, since an attacker could just downgrade to an older version and exploit the vulnerabilities that were fixed through upgrades; I can't imagine that's possible.
If you can downgrade, you will be able to attack like in the video. The update doesn't 'remove' the data permanently from insecure storage or something like that; v1.6.0 copies the secure data into RAM at boot, it will do that no matter if it was updated and downgraded again.

It also seems like a pretty standard attack / setup (still great, no question!): voltage glitch, automatic reboot and getting serial console, then read RAM. I suspect after this was shown, many will try to replicate it. So maybe update your wallets.

---

Okay, so since this is the case, he will not get any bounty from Trezor, obviously and also not listed on the webpage, most probably. Since he used a known, fixed vulnerability. It was still a cool feat that took him a while to perfection, but you typically only get listed and paid if it's something new. ^@PX-Z

Correct. See above:

If you are storing enough funds to want them on a hardware wallet, then you should have a secure means of recovering that wallet and a secure place to send the coins in the event your hardware wallet is stolen. Having a second hardware device is a possibility, which you can initialize, back up a seed phrase, and note down a receiving address in advance, and then wipe and use to restore your compromised seed phrase. Using a similar set up but with an airgapped device is also a possibility. If you can't do either of those, then it would worthwhile using your current hardware device to generate a new wallet, either via a brand new seed phrase or an additional strong passphrase on top of your existing seed phrase, and having a receiving address noted down and ready to go. Then, in a pinch, you could sweep everything to that receiving address via a software wallet, accepting of course the increased risk by using a hot software wallet.

Not possible. Once you've upgraded to any version beyond version 1.6.0, it is not possible to downgrade back to 1.6.0. See the table here: https://wiki.trezor.io/Firmware_downgrade

Sure, enjoy it.

Are you talking about leaving one somewhere as a trap to be grabbed in case a thief breaks in to your home? That's not bad either but its different from what I mentioned in my previous post. I was talking about having a 2nd device, fully functional and set up to be used in your primary device goes missing or malfunctions.

Sure, that would work. But again, you still need a second hardware wallet for this.

---

Comments about the Trezor attack.

The vulnerability existed in the 1.6.0 firmware version of Trezor One’s firmware. With ver. 1.6.1, they fixed it. If someone was facing an issue like a lost PIN but had a newer firmware version, I wonder if it would work if he downgraded to version 1.6.0 and had Kingpin work on the device to extract the seed like he did for the guy in the video? I know that it is possible to downgrade to an older Trezor firmware, but would the data still be extractable from the chip, that’s the question.

It's funny how they scrambled the seed words at the end of the video. Like it still contains any crypto.  

To be completely honest, I'd say: it depends. If you trust your ability to keep the device mostly safe and the bigger risk for you is a backdoor in the secure element (also circumstantial: potential of bad actors, legality of BTC in your home country, ...) - then an open source device without such closed element would be beneficial.
On the other hand, if you need to bring your wallet into insecure places like shared offices or something and there is a risk of an 'evil maid' attack, and a comparatively lower risk of backdoors or flaws in the secure element, then this solution is for you.

I'd even go as far as saying that you may actually want to have both types for two very different, very specific applications. Cold storage = no S.E., daily driver = with S.E.? Just a thought.

Easy, third one.

Wasn't the issue even fixed already, but possible due to outdated firmware? Like at the time of attack, he mentions about firmware v1.6.0 and that the attack wasn't gonna be possible in v1.6.1 etc., so he was exploiting the fact that the device was running old software in a way.

To me it sounded like the PIN and seed were both loaded into RAM at boot, which is also shown in the video where he reads out the RAM to the host machine, then just performs strings. Therefore, he's not using the PIN to retrieve the seed (as you're describing).

---

Makes me think: in a pinch, you could even just wipe a HW wallet that you have around (of which you have a seed backup handy) and load the stolen wallet's seed onto it. When you're done transferring the funds, reset it again and put in 'its' seed again.
Probably quicker than starting downloading Tails and more secure than importing seed into Electrum.
Note that not all hardware wallets  have this feature.

It wasn't... The hacker in question "retrieved the seed phrases" as well.

If you were referring to using a passphrase, then even in such cases, hackers can't access it ^{[it's not stored on the hardware wallet]}.

I love that line. Going to be using it a lot.
It's also the reason why if you have a lot of BTC / crypto. You really should be using more then 1 wallet.

At for the cost of hardware wallets on the secondhand market, leaving one around might not be the worst idea.

If it goes missing you can check you real one to make sure it's safe. But at that point, you know your security has issues because someone got in and got to your hardware wallet. Even if it's not your real one. Someone out there can no longer be trusted.

-Dave

I look at it the same way as I look at oxygen tanks. They will help me breath and survive under water for a specific amount of time. After that, I will drown if I don't get to the surface in time. As soon as you notice that your hardware wallet is missing, take your recovery seed out from its hiding and transfer your coins somewhere else as soon as you get the opportunity to do it.

+1.
It's a good idea to even have such a wallet safely generated and prepared in case something like that happens one day. It will be quicker to just recover an already existing wallet than creating one from scratch and writing down its seed words when you don't know who might be playing around with your lost HW. Imagine being 10 minutes late because you had to make sure your seed is correct and doing all the other steps and verifications according to your personal needs.

Yeah, this is the last days of hardware wallets without secure elements, or maybe not.
It's possible to use something that Seedsigner or Krux DIY with non-persistent storage that would delete everything after you shut down power from wallet.
Until I see first opensource secure element, I will not trust any other secure elements and signed NDA's.

Bonus task, try to find Kingin in this image (click to enlarge)


He was certainly paid by the guy who hired him for this job, and it's possible that Trezor compensated him related with this flaw.
All this happened several months ago and Trezor was well aware of this problem and fixed it right away.
I think that Saleem Rashid fixed this issue and he is on top of the bounty list on ledger website with 60.000 points.

I guess once you have the PIN, you will have the full access to everything including seed words, but this was the case before fix was applied in firmware.
It turned out good for owner of that specific Trezor and I am hearing that many people are now contacting Kingpin with same issues of lost PIN.

Undoubtedly, this event will catch up with fear, but let's look at it from a different angle. The discovery of this vulnerability will push manufacturers to change and the security system of their devices will be improved. So it turns out that a negative event leads to positive changes.

In the future, similar events will happen more than once and you should not panic because of this. What is created by a person can always be hacked by another person. It's just a question of skills and resources.

It is also a great reminder that there are no perfect protection systems and therefore, you need to take this into account and be prepared. "Don't put all your eggs in one basket".

I see this as a non-issue compared to what we already know, to be honest.

As far as I can tell, this particular vulnerability was patched in firmware version 1.6.1 which came out in March 2018, 4 years ago. And as we've known for a long time, regardless of what is happening here, seed extraction is still a possibility with Trezor devices for other reasons. Everyone with a Trezor device should be using a long and complex passphrase (or ideally, several different ones), which mitigates the risk of both vulnerabilities.

And as always, the likelihood of your coins being stolen by such a method is minuscule compared to your coins being stolen by user mistake, phishing, etc.

This has always been my approach. If I was to lose any device with bitcoin on it - hardware wallet, mobile wallet, encrypted cold storage, whatever - then I would be moving the coins to new wallets as soon as possible. A hardware wallet will buy you time to do this, but it shouldn't be seen as permanently infallible.

It seems that physical access to the device will mean that the password will be hacked and therefore your coins will be lost.

I have a question, why is the PIN code sufficient? In other words, if a password of sufficient length is inserted, will the hacker easily gain access to the device?

Overall, with the cheap device price, generating seeds, keeping seeds/addresses, and destroying hardware wallet device would be especially convenient for those who hold millions of dollars and don't intend to use them periodically.

It appears that in addition to the pin, he hacked the seed phrases as well ^{[blurred part]}.

I can't stress this enough... I'd like to add that, it's worth creating those periodically ^{[I'm really great at hiding stuff at home or in other places but that also means, I tend to lose or rather forget where I hid/placed some of them]}!

You have a point, but in this case, that information "wasn't available".

---

As a Trezor user, I'm having mixed feelings in regards to the following parts:

• Quote from: https://www.theverge.com/2022/1/24/22898712/crypto-hardware-wallet-hacking-lost-bitcoin-ethereum-nft
  But a core issue with the chip that allows fault injection still exists and can only be fixed by the chip maker — which the maker has declined to do — or by using a more secure chip. Rusnak says his team explored the latter, but more secure chips generally require vendors to sign an NDA, something his team opposes. Trezor uses open-source software for transparency, and when Rusnak’s team discovered a flaw in one secure chip they considered using, the chip maker invoked the NDA to prevent them from talking about it.

Wow! Just wow. A huge kudos to this man, imagine if it was held by malicious actor and never shares to this to trezor.

I wonder if he get bounty bug reward from trezor considering this is a great find. I see their bounty bug page ^[1] but seems still outdated

[1] https://trezor.io/security/

It's worth noting this Trezor model is one of the few wallets which has no dedicated secure element.

Also I had no idea kingpin was doing YouTube videos, that's amazing! Definitely a legend.

While it's good to remind people now and then about this kind of problems, the overall conclusion has not change:
if the hardware wallet falls into the hands of unknown people, it's safer to assume it's going to get broken into/hacked, hence use the backup seed and move the coins away asap.

Verge article released interesting article about one electrical engineer and hacker who hacked and broke Trezor hardware wallet PIN code with wallet worth around $2 million!
This was all done by Joe Grand and Trezor device was owned by Dan Reich who purchased some coins for $50k back in 2018, and then he withdraw them from exchange to Trezor wallet.
Price of the coins crash (some of us remember that time) and Dan forgot all about PIN code he used on his Trezor, and his friend lost the paper backup with this information.

Joe Grand, better known by his old hacker handle “Kingpin” was a part of L0pht hacker collective that testified to the US Senate back in 1998.
He already helped Mark Frauenfelder recover his coins from Trezor after he forgot his PIN in 2017, so Dan Reich contacted him and asked him for help.
Trezor did some changes and improvements after this, but this was not enough as Grand managed to do it again,and you can watch the procedure below in his youtube channel.

Problem is not only for Trezor but for most hardware wallets and devices that use STM32 microcontrollers and most wallets are using them.
They are used in  billions of devices around the world, not only in hardware wallets and it's scary when you think about it, even without flaws some agencies could add backdoor for spying inside this chips.

Trezor already fixed the issue in latest firmware versions and wallets no longer copy or move the key and PIN into RAM but in protected part of flash that is not affected by firmware upgrades.

Make sure to watch the video below, it does look a bit scripted but it is interesting to watch and fun time to spend 30 minutes.

Conclusion:
- Always make multiple backups for your wallet
- Use Trezor ONLY with passphrase, but back that up also.

Joe Grand video: How I hacked a hardware crypto wallet and recovered $2 million
https://www.youtube.com/watch?v=dT9y-KQbqi4


Full Article: https://www.theverge.com/2022/1/24/22898712/crypto-hardware-wallet-hacking-lost-bitcoin-ethereum-nft

https://twitter.com/Trezor/status/1485736962262810626

It might be a good idea to UPDATE your Trezor firmware now.
Latest version for Trezor One is 1.10.5.

---

NOTE:
This bug happened few years ago in 2017 and Trezor firmware was updated shortly after that.