Cold crypto wallets

Are the makers kidding?

link on german website, below google translated:

Also on his Bitcoin purse you have to be careful

Crypto Wallet vendors promise Bitcoins to be stowed away safely. If they are not, then security researchers showed up at the Chaos Computer Club congress.

Bitcoin’s course has suffered a bit lately. But that does not mean that Bitcoin and other blockchain-based currencies are not always worth a lot of money. Therefore, it is still a good idea to keep them as safe as possible. There are specially encrypted USB sticks, so-called crypto-wallets, electronic wallets.

There is only one problem with them, as Thomas Roth and two other security researchers have just demonstrated at the 35th Congress of the Chaos Computer Club in Leipzig: the three attacked the most common crypto-wallets - and cracked them. Or, as Roth and his colleagues Josh Datko and Dmitry Nedospasov describe on a hacked website, “Poof goes your crypto …” (“Puff, and gone is your encryption / cryptocurrency …”)

How exactly they did that is a bit complicated, because after all they are not normal USB sticks, which are sold there for 70 to 200 euros as a particularly secure repository of bitcoin and other crypto currencies. If the following is too technical, at least one thing should be remembered: as an owner to take care of the corresponding stick always very well. “If you give it away, it’s over,” says Nedospasov.

However, the small data stores are all marketed with the promise that no-one will ever get access to the Bitcoin if they lose their memory. Encryption, password protection and PIN codes should prevent this. But Roth, Datko and Nedospasov have looked at three devices from the two main manufacturers Ledger and Trezor and were able to take all three completely apart. What’s more, they also said in their talk that some of the safety promises are downright negligent.

Hacker tool hair dryer

Trezor, for example, is shipping his wallet called Trezor One in a package sealed with a holographic sticker. The undamaged sticker should show the customer that no one has played around with the device. Datko has ordered such holographic seal stickers via the Internet inexpensively from a printing company. He opened the glued box of the packaging with the hot air from the hairdryer of his hotel room. “Stickers do not work as a security feature,” says Datko.

But that was just the prelude. The Trezor One is probably the most widely used stick for storing cryptocurrencies. For security reasons, the chip on it is programmed in such a way that its content can not simply be read out. For example, he does not permit the use of a so-called debugger, a troubleshooting tool. But by creating a glitch in the chip, a kind of hiccup, Roth and his two colleagues could flank such a debugger.

The security researchers had to have access to the Trezor for the attack. They connected him to his normal power supply via USB, but during the startup of the Trezor they broke the power supply at the right time for a tiny moment. This allowed them to outsmart the chip’s internal verification process and put it under a manipulated version of the on-chip software. It took weeks to find the right time, but the three discovered more problems. Ultimately, they succeeded, which should never happen: they could read the secret password, called Seed, unencrypted in plain text.

This attack method is a bit complicated, so they built a device to crack any trezor. Now they just have to pry up the plastic cover, solder the chip out of the Trezor, put in their glitcher called hacker tool - then they can read the password and come to the saved on the Trezor Bitcoin.

If the wallet is suddenly remotely controllable

Roth, Datko and Nedospasov are not the first to discover security holes in crypto-wallets. Last year, for example, the US tech magazine Wired published a text by Mark Frauenfelder in which the described a personal problem with his own Trezor One: Frauenfelder had forgotten the password for his wallet and no longer came to his bitcoin worth $ 30,000 approach. He was helped by a young hacker who was able to fill a gap in the device’s software.

But the current attack by Roth, Datko and Nedospasov is more comprehensive than that described by Frauenfelder. At that time, the manufacturer quickly replaced the software with a new version. Roth and his colleagues go directly to the chip and pry out all its security barriers.

The hack of Blue called, 200 euro expensive crypto wallet of the French manufacturer Ledger needed no such great effort. From a distance of several meters, Roth, Datko and Nedospasov can use an antenna to record the signals that come when someone enters their secret PIN into the device - and so the security researchers can finally read the PIN.

The cause is a design error. The trace between the main controller and the security chip is unusually long. He noticed that immediately when he opened the case, says Roth. Because a long line also means a greater possibility of unintentionally transmitting radiation, since every electrical pulse in a line also emits electromagnetic radiation. The Ledger Blue generates the signals in the radio spectrum around 169 megahertz from the component that controls the screen. If the user presses a number of his PIN on the touchscreen, a specific signal pattern is created. If you pick up the signal, you can see which PIN has been entered on the screen.

These signals are tiny, but fortunately, the device comes with a very good antenna, which makes these signals amplified and measurable, says Roth: “the USB cable to the power supply”. From at least three meters he and his colleagues could measure with more than 90 percent certainty, which number was entered. An attacker would then only have to steal the device and could come to the content.

The third popular crypto wallet, the Ledger Nano S, also has a hardware problem. The device has two chips: a specially secured, which can not be easily controlled from the outside, and a normal one, which handles the communication with the display and with the security chip. The Nano S costs 70 euros and advertises with state-of-the-art security: the secured chip guarantees “optimal security”, it says on the manufacturer’s website. But the weak point is the normal chip.

What’s the use of the most beautiful security chip …

This has been known for some time, says Roth. Ledger used it anyway. Again, the three security researchers found several targets. They could take over the device completely and even play his own software - the mobile game Snake. Something like that should not be possible, as it means that the chip will not notice when manipulated.

Ultimately, Roth, Datko and Nedospasov were able to control the Ledger Nano S remotely. If you get one in your hand, you can solder in a few simple steps a tiny chip on which a wire hangs as an antenna. If the actual owner then uses his crypto-wallet, the security researchers can use the antenna to transmit commands to their spy chip by radio and thus transfer Bitcoin without the owner noticing. Twice already, he and his colleagues pointed out the manufacturer Ledger to problems they would have found, says Roth. The reaction had been different than they had expected: Ledger had sealed off, but so far nothing changed.

Crypto-Wallets do justice to their name in a way that was previously only vaguely feared: they obviously have to take care of them just as well as a normal wallet with cash in them. Although the manufacturers promise something different.

1 Like

Already for people like me, crypto coin newb, it’s hard to understand safety features implemented into wallets and other.

Reading articles like this isn’t really helping in feeling more secure about safety in the crypto coin storage world but convinced me about staying in touch with the developers forum and their followers, and at the same time never to forget that hacking a wallet , key or exchange is just for the moment one of these things that can happen. Hopefully not to much…

Thanks for posting this , a real eye opener for me.

From what I can tell when they say “Hacked” they just mean they made the hardware wallet do things that they were not suppose to do. The PINs or SEEDS of the devices were not compromised. So far the hardware wallets seem to be the safest way to store your coins and still have access to them. Otherwise cold storage is the safest.

So from what I read, your coins on the device would not have been stolen. Lots of people claim they hacked the devices before, but you have to consider hacked means alot of things, and not always means coins have been stolen or compromised.

1 Like

dude, get your shit together. you logical thinking is way too bad, relating also to other posts in this forum. If you have a good feeling with the wallets, its up to you. I hope you’re right, and maybe the Google translation is not that good and it was just informative, so do whatever you think is correct.

Not sure if your post is directed at me or not, but I was just posting what the response was to the “wallet has been hacked” claims. The coins on the wallet were not compromised.

The hackers made the hardware wallet play a game of snake AKA “hacked” the wallet. The coins on the wallet were still safe. So no, the wallet wasnt compromised and the coins would not have been stolen.

Making a device play snake isnt the same as compromising the seed/pin and gaining access to the coins inside the wallet. The coins were still safe.

So unless you can show me “hackers” compromising the coins inside the wallet, I dont consider this a big deal, also the wallet has already released a firmware update making it more secure, so these “hacks” have already been fixed.

EDIT: The other hacks are impractical in a normal use case. The hacker would need to gain acces to your device, physically mod it, and give it back to you and allow you to log into a computer, while they waited close by to intercept your pin. Totally impractical. The other “hack” was setup in a way, where if the device was moved even a little bit, the antenna would not pick up the correct signal, once again impractical in real use cases.

1 Like

I believe that it is better to store most of the coins in a cold storage and for other wallets to use 2FA and other means of enhancing security

Agree, a very good piece of advice. I always try to follow it.

Though, 2FA takes so long…

You get to the bottom of everything when you try it in practice, I think