Hardware Wallets should protect cryptocurrencies. In Leipzig hackers demonstrate gaps in the supposedly secure devices.
The boom over crypto currencies has shown: encryption is not synonymous with security. To protect against at least some of the most obvious theft scams, many Bitcoin enthusiasts rely on hardware wallets designed to protect the cryptographic keys from unauthorized access.
As Dmitry Nedospasov, Thomas Roth and Josh Datko showed at the 35C3 in Leipzig, even high-quality wallets are not immune to the kind of attacks that can otherwise be used to crack the protective mechanisms of iPhones and game consoles.
USB stick with gimmick
“It may sound painful, but not many people care about the security of crypto currencies,” Dmitry Nedospasov said at the beginning of the show. The team had looked at a number of hardware wallets over the past six months and found a number of vulnerabilities.
The devices are usually USB devices with a display and a few buttons that require the user to authorize payments before they can be sent using the private key stored in memory. The keys do not leave the device.
Adhesive holograms without benefit
The hackers were particularly harsh with the security stickers that were widely used by some manufacturers, which were intended to guarantee the authenticity and integrity of the hardware. “Stickers are there to stick on laptops, but they’re not for security,” Josh Datko explained. Not only could the stickers be removed completely with the help of a standard hair dryer, they also caused confusion among the buyers of the hardware wallets. So anyone who can access the supply chain has free rein to manipulate the hardware directly. The housings of the devices can also be opened easily and without a trace.
If an attacker has physical access to the device, there are hardly any limits. For example, in Trezor and Ledger devices, Datko quickly implanted a radio receiver that triggers the keystroke to confirm a transaction. In this way an attacker can confirm a payment from a distance without the owner noticing. A verification routine offered by the manufacturer did not recognize the manipulation.
Attack target Bootloader
Potenter, however, is a solution that leverages the software in the wallet directly. For example, security researchers used a design flaw in the Ledger Nano S, whose secure ST31 microcontroller is fed with unsecured hardware. To bring this under control, it was once possible to install any firmware. But after the publication of this attack in the spring, the manufacturer had added a cryptographic verification to the update process.
However, instead of cracking this protection mechanism, the researchers managed to fool the system into a successful verification by writing the constant 0xF00DBABE into a specific memory area. The manufacturer had tried to prevent this, but did not take into account that one can address the flash memory differently. In order to convince the secure microcontroller that the original firmware is running, the hackers also had to write a compression algorithm. Result: The attackers have complete control. Roth demonstrated this by installing the game “Snake” on the device.
Secrets sparked outward
The big brother of the Nano S, the Ledger Blue, offered a different method of attack. Here, the researchers discovered an unusually long line between the secure microcontroller and the rest of the hardware. Consequence: It is possible for attackers to use a radio receiver to intercept the communication within the device – the connected USB cable was used here as an additional antenna.
To analyze the signals, the hackers used a cloud-based AI instance – the result being that the attacker was able to guess the entered PIN with 98% certainty. A thief could thus take over the wallet.
Last Solution: Glitching
The biggest challenge for the hackers, however, was the Trezor One, whose secure STM32 microcontroller is not as easy to handle as its competing products. The hackers could only switch off their read-only protection after three months of trying by manipulating the power supply at exactly the right moment in the boot process. Through this detour the hackers got onto the RAM.
Another security feature in the upgrade process was the hackers in the process: The user should verify the checksum of a new firmware version – and at this point all secret information in RAM and could be read, including cryptographic seed and PIN. After all: An additional password protection, this attack can be prevented.
The hackers want to publish the documentation of the various forms of attack on their website wallet.fail over time. “We do not want to do any damage,” Roth said. Their concern is to increase security in the crypto environment.
image by Shutterstock
german source: Heise.de