Cybersecurity company, Unciphered, claims to have infiltrated the security of the popular hardware wallet Trezor T model. The Trezor hack has managed to obtain the PIN of the device as well as extract its seeds.
Eric Michaud, co-founder of the cybersecurity firm Unciphered, has released a video showing how he hacks the hardware wallet from Trezor.
The audiovisual document shows how he dismantles the hardware of the device and connects it to a “exploit that we develop internally”. Through this customized software, Michaud claims that it can extract the seed phrase as well as the PIN to enter the wallet Trezor.
Some will think why they publish these hacksHowever, this work helps the crypto community because Trezor could then try to fix the vulnerability. However, in this case Michaud explains how the exploit of Trezor T cannot be fixed remotely by an update:
The exploit for the Trezor T cannot be fixed with firmware updates […] To fix this, Satoshi Labs will have to retire all of their products, which they probably won’t do.
Although this may be alarming, the co-founder of Unciphered explains that the modus operandi of the milestone is “extremely tough.” Michaud explained how the attack first requires the physical theft of the device and then applying “extremely sophisticated technological knowledge and advanced equipment.” For the hack they had to use several simultaneous tools:
We upload the firmware we extracted to our high performance computer cracking clusters. We have about 10 GPUs… and it took a while, but we did pull the PIN.
Therefore, it is true that this shows that Trezor has an intrinsic vulnerability in its hardware. However, he has an easy solution… If a user gets his Trezor stolen or lost, he simply now knows that he must not only get a new device, but transfer all funds to a new one. seeds.
BeInCrypto has contacted Trezor but no response has been received yet.
Is the Unciphered Trezor hack an older vulnerability?
Some users suggested that the exploit demonstrated in the video was just a sample of an already known vulnerability. However, Unciphered claims that the previous attack had already been upgraded by Trezor years ago.
As highlighted by Michaud, the new Trezor vulnerability cannot be fixed by means of a software update, differentiating it from the previous problem.
The Trezor hack lands in the middle of a crisis due to the hardware wallets created by Ledger
The security of the hardware wallets It has been a very hot topic among the crypto community in recent weeks.
The origin of this crisis of confidence in these devices is in Ledger’s controversial new product, Recovery.
With Recovery, the French company announced an upcoming optional feature that chunks encrypted seed phrases and stores them with three different parts. The idea is to provide the user with the option to recover their cryptocurrencies in case of loss of a seed phrase.
Obviously, this has been a media bombshell since it would open up the possibility that the seeds of the hardware wallets. The sole purpose of such a purse is to seal the seeds so that it does not leave the device. With Recovery, to review the seeds in case of loss they would have to check it with the device through API’s, which opens a back door.
Following numerous criticisms from the crypto community, Ledger has been forced to delay the release of the new recovery feature. Additionally, it has committed to making most of the code open source before the official release.
Disclaimer
Disclaimer: In compliance with Trust Project guidelines, BeInCrypto is committed to providing fair and transparent reporting. This news article is intended to provide accurate and timely information. However, readers are advised to independently verify the facts and consult a professional before making any decisions based on this content.
