Wallet.Fail: What Does It Mean For Hardware Wallet Security?

This week, a group of security researchers gave a presentation called Wallet.Fail at the #35C3 Security Conference. During the presentation, the team outlined vulnerabilities in three popular hardware wallets.

Since hardware wallets are widely considered the most secure form of crypto storage, these discoveries could present a serious issue. However, wallet manufacturers are assuring users that the attacks are impractical and that their wallets are safe.

So, who should you trust? If you are a hardware wallet owner, this is what you need to know.

The Attacks In Brief

The Wallet.fail team managed to attack three different wallet models using four different lines of attack. These attacks were performed in controlled circumstances and have not been proven to be effective against real users:

  • Ledger Nano S: The team was able to install a hardware implant in this device. Combined with spyware, this allowed the team to obtain the wallet’s PIN the next time the wallet was used.
  • Ledger Nano S: In a second attack on the same device, the team installed custom firmware and gained partial access to the device. The Wallet.fail team claims that they were able to send malicious transactions and display false transactions via this method.
  • Ledger Blue: The team was able to intercept radio signals used by the device in order to obtain the wallet’s PIN the next time the device was used.
  • Trezor One: The team was able to flash the device with custom firmware and obtain private keys, allowing the team to access funds stored in the wallet.

A Serious Threat?

All of these issues appear to be fairly serious, but Trezor and Ledger have called the viability of the attacks into question. Ledger has argued that Wallet.fail’s attacks are impractical due to the fact they require attackers to have direct access to—and/or prolonged proximity to—each device.

Furthermore, some of these attacks hinge on discovering a PIN, and as Ledger notes, there are far simpler ways to go about stealing a PIN. Assuming that an attacker knows where a hardware wallet is being used, it would be much easier for that attacker to install a camera and then watch the owner enter their PIN.

Suggested Reading Take a look at our picks for the best IOTA wallets.

Fixes On the Way

Although Trezor and Ledger have reassured users that their wallets are safe, the manufacturers do intend to implement a few security improvements as part of future updates:

  • Ledger Nano S: There is no direct way of preventing hardware implants, but Ledger is reminding users that they can easily open their device and check for modifications.
  • Ledger Nano S: A minor bug is being addressed in the firmware upgrade process. However, Ledger claims this bug allows far less access to the device than the Wallet.fail team claims.
  • Ledger Blue: To prevent attackers from observing PIN entry over radio waves, the device’s touchscreen will use a randomized keyboard in future updates.
  • Trezor One: Trezor has announced that a firmware update is planned for the end of January, but has not specified any details. It also notes that the device’s passphrase feature can prevent the attack.

In short, it seems that hardware wallets remain much more secure than software and web wallets, which are susceptible to remote attacks. Furthermore, it seems that upcoming fixes will eliminate the Wallet.fail vulnerabilities entirely.

Even at the moment, most of the Wallet.fail attacks require that attackers have prolonged and direct access to a hardware wallet – meaning that those who use hardware wallets in public settings are slightly at risk. Those who use hardware wallets privately face virtually no risk at all.

The post Wallet.Fail: What Does It Mean For Hardware Wallet Security? appeared first on UNHASHED.