Our Response to Ledger’s #MITBitcoinExpo Findings
We would like to use this opportunity to address, clarify, and respond to the claims made by Ledger during the #MITBitcoinExpo.
Too long, did not read
- Supply Chain Attack: Out-of-scope, affects all hardware in transport, no 100% solution, all companies have different methods to mitigate this
- Software Crappy Attack: Non-exploitable, patched
- Side Channel PIN Attack: Patched
- Side Channel Attack Scalar Multiplication: Non-exploitable, PIN required
- Surprise Concluding Attack: Not disclosed fully, implications for all hardware devices based on ST microchips, mitigated by passphrase
Starting off, we would like to highlight the fact that none of these attacks are exploitable remotely. All of the demonstrated attack vectors require physical access to the device, specialized equipment, time, and technical expertise.
That is why we believe that these issues are of lower significance for the absolute majority of hardware wallet users. This was confirmed by the recent study carried out in partnership with Binance, where only 5,93% of respondents consider physical attack as the biggest threat to their cryptocurrencies, compared to 66% of respondents that stated that they consider remote attacks as a primary threat. These 5,93% can be protected by using passphrase, which covers the physical security of both the device and the recovery seed.
The primary purpose of a hardware wallet has always been to protect users and funds against malware attacks, computer viruses, and various other remote dangers (like stealing all funds from Ledger via the Stealth Change Address). While reaching perfect physical security is a noble goal, it is, in the end, unreachable, because of the “$5 wrench attack” — targeted thefts. Besides, if one has sufficient capital, time, and resources, no hardware barriers will stand against their attacks. If we consider accidental thefts, there is a relatively small probability that someone who finds your hardware wallet by chance will have any equipment required to crack into these devices.
We designed the Trezor devices with the above-explained threat models in mind–our main focus is protecting the user against remote attacks. This being said, in combination with strong passphrases and at least the basic operational security principles, even the physical attacks presented by Ledger cannot affect Trezor users.
EDIT: In an effort to bring some peace of mind to our users, we would like to point out exactly why we continue to say that a strong passphrase is the answer to a physical attack performed with all the necessary equipment and expertise.
Bruteforcing a passphrase of just nine alphanumeric characters (a combination of letters and numbers in both upper and lower case) or even twelve lowercase letters and spaces can cost millions of dollars.
If your wallet is protected by a passphrase, then it wouldn’t be worth it to bruteforce your passphrase. Without that passphrase, even with your recovery seed words extracted from a physical attack, your wallet would still be safely secured.
Knowing this, let’s look at the issues Ledger presented on Sunday.
Issue 1 — Supply Chain Attack
“Supply Chain Attacks” are an everlasting problem for all hardware devices (not only wallets), no matter how well they can be protected. There is no way a piece of hardware can inspect itself and verify its integrity. Hardware attestation is not a solution, as hardware modifications can be (and have been) added, resulting in the device confirming it is genuine.
Moreover, all our manufacturing is based in the EU where we closely control the entire manufacturing process.
Issue 2 — Software Crappy Attack
During the Trezor codebase testing, Ledger researchers only found two issues, confirming that our code stands strong against malicious actors. Although these vulnerabilities were unexploitable, we fixed them anyway. We would like to use this space to thank Ledger for confirming, once again, that Trezor source code is written with a high degree of quality.
Issue 3 — Side Channel Attack PIN
Side-channeling the PIN on Trezor One was indeed impressive and we commend Ledger’s effort. At the same time, we would like to thank Ledger for responsibly disclosing the issue to us. This attack vector was closed by back-porting the way to store data on Trezor Model T to Trezor One.
Issue 4 — Side Channel Attack Scalar Multiplication
This vulnerability assumes the attacker has the user’s PIN, physical access to the device and eventually the passphrase. By having all this the attacker can send all the funds from the hardware device anyway.
Issues 5 + 6 — Surprise Concluding Attack
These two are actually the same issue, but 6 sounds better than 5. That being said, we were surprised by Ledger’s announcement of this issue, especially after being explicitly asked by Ledger not to publicize the issue, due to possible implications for the whole microchip industry, beyond hardware wallets, such as the medical and automotive industries. Since Ledger is in talks with the chip manufacturer (ST) at the moment, we will also refrain from divulging any critical information, save for the fact that this attack vector is also resource-intensive, requiring laboratory-level equipment for manipulations of the microchip as well as deep expertise in the subject.
“This is still under discussion with ST. Could you please avoid mentioning details about the attack?”
— Ledger
If you are a Trezor user and fear physical attacks against the device, we recommend setting up a passphrase-protected wallet, in the best case with multiple passphrases for plausible deniability. Passphrases will completely mitigate this attack vector.
While hardware-testing and adherence to responsible disclosure should be commended, the disclosure of this last issue seems to be premature.
“We would like to thank Ledger for practically demonstrating the attack that we have been aware of since designing Trezor. Because we realize no hardware is 100% safe, we introduced the concept of passphrase; that besides plausible deniability eliminates many kinds of physical attacks, like this one.”
— Marek Palatinus, CEO SatoshiLabs
Conclusion
This whole episode is a valuable lesson for us. We need to communicate something that we already know: No hardware is unhackable, and depending on what your security model is, there are tools which you can use to mitigate threats. For users who are wary of physical attacks, passphrases for plausible deniability and operational security are the way to go. For users who are concerned about remote attacks, nothing changes. We will continue to promote the passphrase feature in the future, as well as other operational security strategies in order for you to stay safe.
About Us
Created by SatoshiLabs in 2014, the Trezor One is the original and most trusted hardware wallet in the world. It offers unmatched security for cryptocurrencies, password management, and serves as the second factor in Two-Factor Authentication. These features combine with an interface that is easy to use whether you are a security expert or a brand new user.
Trezor Model T is the next-generation hardware wallet, designed with the benefits of the original Trezor in mind, combined with a modern and intuitive interface for improved user experience and security. It features a touchscreen, faster processor, and advanced coin support, as well as all the features of the Trezor One.
