Cybersecurity company Unciphered says they have found a method to physically hack into the Trezor T hardware wallet.
Unciphered, a cybersecurity company who specialises in recovering lost or stolen cryptocurrency has claimed that they have discovered a way to physically hack into the popular Trezor T hardware wallet.
To perform the hack, according to Unciphered, an exploit of an “unpatchable hardware vulnerability” can be made to a wallet’s STM32 chip, allowing for exploiters to “dump the embedded flash and one-time programmable (OTP) data.
In a video documenting Unciphered’s hack method, the team was able to successfully retrieve a seed phrase and pin from a physical Trezor T wallet.
Trezor on the other hand upon learning of the physical exploit states that its team does not have enough details on the exact attack Unciphered performed to make a proper response. According to the wallet maker, it appears to resemble a “RDP downgrade attack,” which was publicly flagged as a risk three years ago.
A press representative for Trezor defines RDP downgrade attacks as an exploit “[requiring] physical theft of a device and extremely sophisticated technological knowledge and advanced equipment,” citing a blog post from early 2020.
An RDP, or not an RDP?
Despite Unciphered finding the hack, Trezor emphasised that they were unaware of any attempts for direct contact from the cybersecurity company to inform of the exploit.
Trezor added that “even with the above, Trezors can be protected by a strong passphrase, which adds another layer of security that renders a RDP downgrade useless.”
Unciphered has a record of finding exploits to hack wallets – having previously hacked the EthereumWallet to recover locked up crypto. On their website, they claim to “support every wallet in the market” for crypto recovery.
Unciphered says it is unable to confirm nor deny whether the hack they performed is considered an RDP downgrade, where they are bound under “current engagements and non-disclosure agreements” that restrict elaboration on “how this exploit chain works at this time.”
“Further, any technical disclosure would put Satoshilabs customers at potential risk till mitigations such as a new chip is utilised other than the STM32 in current use,” says the company.
Unciphered adds that while Trezor is aware that their Trezor T wallet has an STM32 chip vulnerability, the company still has not taken action to fix the issue, despite its disclosure of the risk back in early 2020.
Furthermore, the hacking method performed by Unciphered can only be performed in the case where the $219 device is in the hacker’s physical possession.
“The fact remains that through this article they are trying to put the responsibility of securing their device on the customer rather than taking the responsibility of admitting that their device is fundamentally insecure,” Unciphered disclosed in an email.
In response, Trezor says “Contrary to Unciphered’s claims, Trezor has already taken significant steps to resolve this with the development of the world’s first auditable and transparent secure element through sister company Tropic Square.”
The buzz behind hardware wallets
In a hardware wallet’s setup process, the wallet generates a random set of 12 to 24 words, known as a seed phrase. That seed phrase allows a user – any user – that grants access to the assets present in the wallet.
Over the past weeks, hardware wallets have been a topic of discussion, following rival hardware wallet maker Ledger’s proposed optional “recovery option” – a private key recovery service for hardware wallets. The suggestion infuriated some users, which understood that the device was fully isolated – meaning, separate from the blockchain and the internet.
Crypto security experts have been recommending hardware wallets as a safer alternative to store assets than to keep them on crypto exchanges.
The popularity of hardware wallets, and the increased demand for them, have skyrocketed since the collapse of crypto exchange FTX – but latest developments are showing that keeping your crypto assets locked up in a hardware wallet isn’t the peak of crypto security.
“Security is that the threat can often be coming from inside the house,” said Nick Federoff, head of marketing at Unciphered. “We can be our own worst enemy. So this is a huge part of it.”