How To Hack A Trezor or KeepKey Hardware Bitcoin Wallet - Plus Make Your Own Open Sourced Hardware Wallet!
As I mentioned in a previous post, DefCon is the premier hacker conference and hosts numerous kinds of specialists hackers demonstrating their latest discoveries.
There are hundreds of DefCon videos on Youtube and I recommend checking them out if you want to learn just how open to exploitation modern computer security systems are. I still stand by my statement that there is no such thing as unbreakable digital security.
Hacking the Trezor and KeepKey Hardware Wallets
These hardware wallets are popular since they allow CryptoCurrency to be stored in a physical way that does not rely on the data being held on a hard drive that could be lost, become corrupted or even be hacked over the web. They allow users to pay for goods via USB without the risks associated with keeping your crypto data on your laptop or phone.
However, as with all digital technology, they are open to exploitation and may soon be no more safe than having your bitcoins dangling from your back pocket as digital Mario Bros hackers run along behind you collecting coins!
In the following presentation, a proof of concept is presented for hacking hardware wallets using voltage manipulation on the device, alongside software to handle the hacking process. The hackers have also open sourced the designs for these hardware wallets so that enthusiasts can create their own if they want!
NOTE: I do not advocate stealing people's imaginary Bitcoins - or dressing up in Italian plumber outfits and bouncing on top of plant pots!
Wishing you well,
Ura Soul
Buy My T-Shirts, Gifts & Other Clothing Here.
View My Witness Application Here
was just reading about Trezor this week so this is interesting, thanks for sharing
you are welcome! i had thought about getting one, but they are expensive and so i'm unlikely to unless the price comes down.. i will also ideally wait until the manufacturers improve their security protocols.
by the way, i notice that you have a few slots left in your witness vote list - i would really appreciate if you would consider taking 20 seconds to add me in there, i need a lot of help just to break even as a witness and your Steem Power would help quite a bit. cheers!a
can you summarize how the Trezor can be corrupted/hacked?
I recently purchased one for security reasons so I'm very interested in knowing bout any vulnerabilities.
As I understand from the presentation at Defcon, the main method of attack they demonstrated involved a process of using a specifically designed piece of hardware to manipulate the voltage of the Trezor unit in such a way that it could be caused to process information incorrectly inside it's circuits. When this is done in combination with specialist analysis software it is apparently possible to eventually figure out what the pin code is for the device and to thus then use the cryptocurrency that is held on it.
Clearly this is a highly specialised and 'cutting edge' type of attack that is not going to be easy to pull off - but once these things become more widely known about, they spread and it may become relatively simple to hack older units that have not been adjusted to defend against this kind of manipulation.
Hi @ura-soul, I haven't got quite as much Steem Power but I do have a few slots left in my witness vote list so if nothing else I hope the moral support helps.
Oh thanks, that's great - every vote helps!
Resteemed! Thanks for the heads-up, @ura-soul. I have not purchased any of the hard storage options yet for the same reasons you stated in your reply to @doitvoluntarily.
There are so many layers needed to best security, and I just don't feel confident enough in my understanding of how to make a truly secure cold storage that won't potentially be lost when I die.
I can't afford to lose much money in the learning process, and I feel that I would want to invest in some equipment up front, and learn to do it right from the start even though I wouldn't be risking loosing much in the way of cryptocurrency assets at the start. But that's just how I like to do things.
And then there's always the hazard of the $5 wrench attack that makes it all pointless anyways. Maybe not pointless, but not to factor in a plan that includes how one deals with that kind of attack vulnerability is akin to walking around with a wad of cash sticking out of your back pocket, and never turning around to see who might be eyeing it. Cheers!
Thanks for your support! I'll stick with trading in shiny pebbles from the beach! They are vulnerable to crab attacks - but mining is much easier :)
Bwaaaaahaaaahaaaa! Good one, @ura-soul! I could totally get into trading pebbles and shells, and spend endless hours on the beach looking for them! Cheers!
Interesting. I saw another article where a guy almost lost $30k in bitcoins from forgetting his pin on his Trezor but was able to do an exploit where he was able to get his bitcoins.
https://www.wired.com/story/i-forgot-my-pin-an-epic-tale-of-losing-dollar30000-in-bitcoin/
Doesn't look like I'll be getting a Trezor :P
hehe - nice link! there is no digital security that 15 year old children cannot bypass :)
I am scared now ;)
Hmmm. Not getting a trezor!!!
I keep seeing bad news about them being vunerable in some way. I will stick with the default BTC private key hehe
This post has received a 40.00 % upvote from @upgoater thanks to: @ura-soul.
does paper wallet keep bitcon safer?