Trezor wallet hacked in under 5 minutes! How??

in trezor •  last year

When you ask the internet, or some bitcoin experts, how I'm going to store my bitcoin and cryptos safely? I wouldn't want anyone to touch my precious crypto. And almost all will tell you put them in the hardware wallet. For example trezor! Well that's no longer the case any more.

DEFCON 25, just revealed how they used the glitch in Trezor chip to easily hack it within 5 minutes. This all thanks to the vulnerable chip made by STMicroelectronics. This hack actually happened months ago, since March 29th, 2017. But only recently Trezor released the patch.

Why it works?
When you disconnect your Trezor from a power source, all your private keys, pins will be uploaded to the SRAM chip. And funny enough this SRAM chip store all of your sensitive info in plain text only waiting to be read. All you need to is inject your own modified firmware so that you can dump all the info stored in SRAM. So the details,

The procedure

  1. You need to download these programs :
  1. There's two ways of hacking it, simple reset or frozen attack

  2. If you chose simple reset, you need to disassemble the device. And you need to introduce soft restart as you're going into bootloader mode without erasing the RAM. This can be done by connecting the wire as in diagram below.

  1. If you chose frozen attack, you need spray the device with this 15$ chip freezer without the need to disassemble the whole device, but you need to introduce power glitch to the device.

  1. connect trezor to a fully charged laptop. Remember not to lose power at this stage or your password will be gone.

  2. Wait until the label is shown on screen

  3. If you're performing the simple reset, simply hold on two Trezor buttons, and while doing that release the RESET button. If you're performing the freezing attack, do the power glitch and release the two buttons

  4. Run the command “tz_update fw_hacked_2017mar31.bin”

  5. When firmware is uploaded, press on RESET button.

  6. Next, run that “tz_dump” that will dump your seed, PIN, label and other information. Repeat step 11 if needed. And voila :

All these took less than 5 minutes if you did it properly!

Sources : https://medium.com/@Zero404Cool/trezor-security-glitches-reveal-your-private-keys-761eeab03ff8

Response from Trezor :

Today, SatoshiLabs released a security update to your TREZOR; a new firmware version — 1.5.2 — was pushed out to all users. This update fixes a security issue which affects all devices with firmware versions lower than 1.5.2.

Trezor further added that :

It is important to note that this is not a remote execution attack. To exploit this issue, an attacker would need physical access to a disassembled TREZOR device with uncovered electronics. It is impossible to do this without destroying the plastic case.

If your device does not leave your presence, your coins are safe. Moreover, if you have a passphrase enabled and actively use it, your coins are safe. Yet, we strongly recommend you to update your TREZOR anyway.

My 2cents :
It is important that all you guys who's been using trezor to update to the latest firmware, to remove this glitches. The way Trezor solved this, is modify the bootloader in a way that it clears the whole RAM on start and also before it is going to load the firmware. But still they're not encrypting the sensitive info in the RAM, as they claimed it a trade off for convenience over security. As the way I see it, it's just a temporarily fix and more work need to be done.

steembannerforme.jpg

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Hey there, you're talking about "tz_dump"... Where did you get that information or software from?

From what I can recall that piece of software was never published..

·
·
·

Thanks for your post :)

Yikes.... well, I don't have the device but it's good to hear they fixed it!

Calling @originalworks :)
img credz: pixabay.com
Nice, you got a 2.0% @minnowbooster upgoat, thanks to @tngflx
Want a boost? Minnowbooster's got your back!

·

The @OriginalWorks bot has determined this post by @tngflx to be original material and upvoted(2%) it!

ezgif.com-resize.gif

To call @OriginalWorks, simply reply to any post with @originalworks or !originalworks in your message!

This post has received a 0.31 % upvote from @drotto thanks to: @banjo.

This post received a 5% vote by @minnowsupport courtesy of @isaria from the Minnow Support Project ( @minnowsupport ). Join us in Discord.

Upvoting this comment will help support @minnowsupport.

Thanks for the info!

·

No prob at all!! Follow me for more info on crypto!

·
·

I already am..lol

·
·
·

How old are you? May I ask? You're such inspirational blogger! I like to hear about meditational stuff too.

·
·
·
·

i am 68 years old. I am also a reiki healer, so I post the things that helps me the most.

it's great but I recommend you to this website https://0bf34dfa.usi-tech.info/

·

Don't post stupid referal link. I know what is usi-tech. If you're not even reading my article. GTFO plz.

·
·

Vous ne savez pas que tout sera toujours à ne pas apprendre et à vous demander pardon

·
·
·

I appreciate your comment. But is it possible you do that in English?

·
·
·
·

You do not know that everything will always be not to learn and to ask forgiveness

·
·
·
·
·

Ok USI tech guys. Go bother others please. bye.