Author

Topic: Trezor Recovery Phrase Extraction Vulnerability (Read 256 times)

legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Here is an interesting one coldcard disclosed a vulnerability in their old hardware wallet (does not work on the new one). It needs a $200k piece of equipment, the destruction of the case, de-soldering the secure element, and some other stuff:

https://blog.coinkite.com/laser-fault-injection/

And they are actually telling people about it.
Not burying it.

-Dave
legendary
Activity: 2590
Merit: 3015
Welt Am Draht
I think we underestimate the amount of money in hardware wallets these days. Ledger have mentioned selling over a million of them and that was years ago now. Also it's rather like Bitcoin itself, once something reaches the forefront of a market like this it's not going to be deposed. The trust builds up and sticks so they're only going to grow from here. On top of that I'm sure both enjoy ginormous funding rounds and maybe have an eye on being bought out some day for untold amounts.

With all that in mind I'm not surprised they highlight a bit of dirt on occasion. I own both but stick with Trezor as I prefer their more open and approachable attitude to things. Ledger are snooty fuckers and some day that might bite them, and their users, but they are French.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Came up again because SatoshiLabs / Trezor  just announced their tropicsquare thing and people are talking about it.

People are not talking about that it came from the same company that refuses to even change their documentation to include the fact that you really should have a complex password on your device or other security issues that exist on their products.

So, I really have no issue with them bringing it up again.

Stay safe.

-Dave
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
I think you meant Trezor One. Trezor T users can enter the passphrase directly on the device so it is not exposed to the computer.

You're right, I was wrong about the model, it's actually about Trezor One. But as it is o_e_l_e_o  mentioned, it is unlikely that someone will become a victim of physical theft and at the same time expose passphrase via PC hack to same person. This would have to be a targeted attack, which is certainly possible if someone has a significant amount in their possession.

Trezor is obviously in trouble because they can't fix that vulnerability in any way, which definitely does some damage to them. However, workarounds do not satisfy all users, so I expect that in the near future they will have to launch a completely new device based on a completely new hardware.
legendary
Activity: 2268
Merit: 18748
Given that most places say that as soon as you have entered your seed in to an internet enabled device it should be considered compromised, and given the number of coins that continue to be stolen by people entering their seed phrase in to malicious wallets, services, websites, etc., then we should be taking the same level of precaution when considering a passphrase. Typing a passphrase in to an internet enabled device, as everyone using a passphrase with a Trezor One will be doing (excluding the small minority who only use the device with an airgapped device), is risking the security of your passphrase.

Now, I fully appreciate the likelihood of someone stealing your passphrase via malware and also having physical access to your Trezor wallet is very small, but there is no good reason for them not to patch this security risk, other than the time it takes to enter a passphrase. But having said that, there is no reason they couldn't give users the option to type the passphrase if they are willing to accept the risk. Having got used to the Ledger Nano S method of entering a passphrase, even a long and complicated passphrase can be entered in under 5 minutes.
legendary
Activity: 1876
Merit: 3132
In this latest post, Ledger warns that users of model T can be compromised even if they use passphrase, assuming their computer is compromised.

I think you meant Trezor One. Trezor T users can enter the passphrase directly on the device so it is not exposed to the computer. I wonder why they won't implement more secure passphrase entry just like their advanced recovery which works great. It would take much longer time to use a device, but it would be more secure.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
It's a bit strange that Ledger is republishing the old news, but since Trezor is a major competitor, it makes some sense to want to remind the public that the problem still exists. With frequent discounts (recent for Nano S - 50%) this is just another way to attract new users, reminding the public that the Trezor is vulnerable to physical attacks.

In this latest post, Ledger warns that users of model T can be compromised even if they use passphrase, assuming their computer is compromised. From the perspective of the average user who is not even aware of what it is passphrase, and how to set it up - safety of a large part of the Trezor users in case of physical theft is definitely a big risk.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
Yeah, this news a year old. Not sure why Ledger would make a new blog post about it as if it was a new discovery. A little bit dishonest on their part I feel. Almost feels like a marketing gimmick.
Yea this sounds like a way to get people to go to their website where they can be pitched a competing device. Not a bad way to get what amounts to some free advertising. The usefulness of their disclosure is minimal considering the information is a year old.

I still don’t think this exploit is trivial to execute, even if the hardware required is cheap. Realistically, you will need to be specifically targeted to fall victim to this exploit.
legendary
Activity: 2268
Merit: 18748
Yeah, this news a year old. Not sure why Ledger would make a new blog post about it as if it was a new discovery. A little bit dishonest on their part I feel. Almost feels like a marketing gimmick.

Having said that, Trezor are still being hugely irresponsible by not talking about this flaw on their website, on their set up guide, in their manual, in their FAQs, etc. Nowhere between a new user buying a Trezor, setting up their wallets, and storing their coins on it, are they told they absolutely must be using a long and random passphrase or else their coins are at risk. Trezor saying "It's only a risk if someone has physical access" is completely irrelevant, and negates half the point of a hardware wallet altogether. Carrying my seed around in plain text in my wallet is also only a risk if someone gains physical access, but no one in their right mind is going to do that.

Even although the flaw itself isn't a deal breaker for me (give I always use long and random passphrases), I've stopped using Trezor becuase I find their behavior regarding not warning new users particularly untrustworthy.
legendary
Activity: 2212
Merit: 7064
Actually the war has started more than a year ago. See here.
Since then Ledger releases now and then notes about certain vulnerabilities of Trezor.

Yeah I know it started earlier, so I was confused with digging old news from them and posting on Twitter Smiley

I believe it is Ledger's answer to Trezor's recent announcement of Tropic Square.
Hmmm I missed that.
So it looks like some form of Ledger revenge.
Thanks for the info
legendary
Activity: 1876
Merit: 3132
They call it 'responsible disclosure'

Laughable. Trezor claims that Ledger asked them not to publish this issue.

They also posted The Workaround

By the way, there is another workaround for Trezor T users. Since the latest update, SD cards can be used to store a secret which along with the PIN can be used to encrypt/decrypt the data stored on the device. So, without the SD card inserted, the attack is not valid anymore.

Why Ledger is posting this now on all their social media and website? Am I missing something?

I believe it is Ledger's answer to Trezor's recent announcement of Tropic Square.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
It looks to me like hardware wallets war just started, as Ledger released research

Actually the war has started more than a year ago. See here.
Since then Ledger releases now and then notes about certain vulnerabilities of Trezor.

However, it was discussed and turned on all sides, and the proper result is that there's nothing to worry about the hardware wallets as long as others don't have physical access to them. With physical access on the other hand, there are a lot of possible problems.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
I'm not 100% sure, but think it was Kraken that originally found the vulnerability.  They informed Trezor before they released the information to the public.

https://blog.kraken.com/post/3662/kraken-identifies-critical-flaw-in-trezor-hardware-wallets/

Trezor recently released a firmware update that allows you to use the SD card of the T2 to add layer of security:
https://bitcointalksearch.org/topic/m.54233855

And Trezor recently started a new company that's goal it find a more secure hardware solution that remains open source:
https://bitcointalksearch.org/topic/m.54433167
legendary
Activity: 2212
Merit: 7064


It looks to me like hardware wallets war just started, as Ledger released research on their website regarding Trezor Recovery Phrase Extraction Vulnerability
https://www.ledger.com/improving-the-ecosystem-disclosure-of-the-trezor-recovery-phrase-extraction-vulnerability

The also posted this on their twitter page:
https://twitter.com/Ledger/status/1262376150397059074

They call it 'responsible disclosure'
It is all based on this report posted in July 2019: https://donjon.ledger.com/Unfixable-Key-Extraction-Attack-on-Trezor/

They also posted The Workaround
Quote
If you currently own a Trezor hardware wallet, all hope is not lost. Firstly, someone does actually need to be able to get their hands on your Trezor device. Keeping it as safe and hidden as your recovery phrase would be one option.

There is another workaround to still keep your cryptocurrencies secure as well. Similar to Ledger devices, a Trezor hardware wallet can be set up with a passphrase. This is an extra word of your own choosing that you can add on top of your recovery phrase. To make sure it’d be nearly impossible to brute force your passphrase, it is strongly recommended to add a lengthy (preferably over 37 characters), random and secure passphrase.

While the passphrase solution is indeed a good solution to keep your crypto secure, it does mean you’ll need to enter it into your Trezor One or Trezor model T every single time you want to use it. For the Model T, it is but a minor inconvenience as you can securely enter it directly on the device itself. There is a matter of concern for the Trezor One, however: to use your passphrase, you’ll need to enter it through Trezor’s web wallet on your computer. If your computer is compromised, your Trezor One passphrase will likely be as well.

So this is not anything new, and we know about this...
Why Ledger is posting this now on all their social media and website?
Am I missing something?

Jump to: