Another nasty supply chain attack exists, way simpler (unlikely to work on knowledgeable users though)... A legit hardware wallet is shipped, but with fake documentation accompanying it. Some evil people working for delivery companies would swap legit hardware wallet for the exact same model, but with documentation using the official company's logo and font and saying, basically:
"Here's your hardware wallet, initialize it with the seed written on this piece of paper, it's the only one that's going to work for this hardware wallet. Do not lose this seed or you'll lose access to your funds!".
Several unsuspecting users, not aware that a random seed is supposed to be generated by the hardware wallet (or by throwing dice, or whatever) have been pwned this way.
There have also been cases of software using malicious seed generators which have semi predictable outputs. People assume it’s safe because they see what looks like random seeds, combined with no network activity. But the attacker can then just scan over the whole possible key space and check for funds.
Even more concerning than predictable wallet seeds are covert channels in the form of nondeterministic signature outputs.
Most wallets let you provide your own seed words, which users can derive using diceware themselves, but DSA (and its elliptic-curve variants) need a secure random input, and I'm not sure if all wallets commonly use a deterministic (i.e. provably free of covert channels) construction (like in RFC 6979) for that.
There's a shelf life to this attack for each distributer though. You'll eventually distribute to users who _do_ understand what's happening and they'll raise alarms.
With the article, it can go unsuspecting for years even simply waiting for maximum distribution and then a coordinated attack.
And you shouldn't keep your keys on a regular computer, because that has an even bigger attack surface, nor should you use an exchange which may rugpull you.
Incredible. This is so sophisticated and takes so much effort it makes you wonder just how many other wallets are compromised from before you even use them. There are so many other low effort attacks you can run that the fact that people are doing THIS really makes me wonder just how many wallets out there are 100% compromised.
It would be trivial for any iOS-based software wallet to compromise your seed before your private key before is even created. You don't even need fancy spyware that calls home. If the seed is generated from a method that isn't random you'd never know. It will appear random to you, but the author of the software could simply increment on a known value and be able to recreate every private key ever created with that app. No one would ever know. The attacker could sit silent for years or even decades, and if they DID drain a wallet there would be no way to prove it and no one would believe the victim. It would just be a case of, "Well, you must have leaked your seed, it's your fault."
I can even see something like Coinbase Wallet being 100% compromised. The apology post is probably already written in a draft somewhere.
There was a recent drainage of many wallets, even old untouched ones on Ethereum. I don't think it was resolved. Your scenario is likely imo, and the fictional quote was what I saw.
I think hardware hacking is becoming increasingly sophisticated. The way car thieves managed to unlock luxury cars using a custom device built out of a JBL speaker also blew my mind.
This recently happened to the trust wallet browser extension due to using mersenne twister to generate their private keys. Issue is that this PRNG is not cryptographically secure. I think trust wallet is more popular than coinbase wallet as well.
Title seems misleading (and isn't the article title). It implies that Trezor is a fake wallet. The article is actually about a wallet that purports to be made by Trezor but is in fact not (hardware supply chain attack).
It does uncover a vulnerability about Trezor that allows attackers to fake a Trezor without the user knowing it. It should have been defended via attestation, and software downloaded from the official website should have checked the attestation signature so they know the firmware hasn’t been tampered with.
Or even better, it should just say “Case study: fake hardware cryptowallet”, which is the exact title, and in accordance with the guidelines. No need to append “Kaspersky” On the front, or mention Trezor at all, let the reader click through and form their own opinion.
"choose models with special versions of protected microcontrollers"
I don't see how this is helpful advice.
The whole point of the article was how the look and feel of a legitimate hardware wallet was cloned.
Under these circumstances there is no way to tell what is in the device(clear housing perhaps?). all it has to do is act like the real device. It does not matter how good your security chip actually is if all I have to do is copy the correct interface.
Unrelated: the use of that particular version is a strangely shoddy mistake. It should have been very easy to use a version string that exists. In which case that version would never have been skipped??? perhaps at one point that was a real version and trezor pulled it due to it's use in a batch of clone units.
> the use of that particular version is a strangely shoddy mistake. It should have been very easy to use a version string that exists
Perhaps attackers wanted to discourage user from trying to upgrade firmware/bootloader before first use by using version one step higher than officially released. If they used older version number, savvy user might try to flash newest firmware and discover something isn't quite right. Using nonexistent, but plausible looking version number, can also be used to explain minor discrepancies in behavior between fake and original unit, if some are introduced by mistake.
> It does not matter how good your security chip actually is if all I have to do is copy the correct interface.
A security chip actually deserving the name (i.e. a tamper-proof one) can protect a private key even against physical attacks, with the corresponding public key marked as authentic by the manufacturer.
If the interface contains a challenge-response interaction with that private key (and ideally ties that to any further communication with the trusted applications on it), you can't copy/emulate that.
It's an HSM which you can flash yourself. Unfortunately, it never generated much interest and so I had to fold up the tent. But maybe it was just ahead of its time.
I remember when this came out, and was interested in getting one!
Unfortunately I was aiming to use it to generate TOTP codes (and replace my authenticator app), but IIRC it needed a RT clock and thus a battery, which was not part of the design.
I was a huge fan of what was promised here. I ordered one but every time I tried to work with it I had some catastrophic unrelated incident - like a curse lol.
Anyway I suspect the problem is the nature of crypto. For this to actually take off, you would have needed to hand a bag of money to Jake Paul or John mcafee or a bitboy, and I'd highly suspect a really good product has a hard time competing against those that do
Neat! But is the microcontroller used tamper-proof? If not, your customers are still vulnerable to supply chain attacks such as the one in the article.
The core hardware is actually very similar. Both use more or less the same STM32 SoC. The difference is that the Trezor comes pre-flashed in a sealed package designed not to be opened, while the SC4-HSM is designed to be flashed by the user, and the case is not sealed so it can easily be opened to inspect the hardware. So while I can't say it would be impossible, launching a supply chain attack against the SC4-HSM would be a lot harder to execute and conceal.
> The bootloader checks the digital signature of the firmware and, if an anomaly is detected, displays an unoriginal firmware message and deletes all the data in the wallet.
This seems like a horrendous design, like a safe that burns the money inside if you try to tamper with it. Sure, it might protect a malicious thief from absconding with the funds, but it is also an attack vector for any bad actor that simply wishes to cause you harm.
If the attacker's goal was to erase the user's data, and the firmware _didn't_ erase data on invalidation, then the attacker could simply write a firmware that erases the user's data.
If an attacker succeeds in tampering with the firmware on a crypto wallet (and more generally any secure authentication/transaction confirmation device), losing authentication/signature capabilities is very likely the second worst outcome.
Unlike a safe, a hardware wallet doesn't store money, it stores private keys. These keys are derived from a seed phrase you are supposed to back up offline.
> The housing was difficult to open: its two halves were held together with liberal quantities of glue and double-sided adhesive tape instead of the ultrasonic bonding used on factory-made Trezors.
Other than having x-ray vision, one easy (but by no means perfect) verification to thwart these types of attacks is to weigh your devices.
Manufacturing should be consistent enough that resealing a device like this would be adding some grams that shouldn’t be there. And unlike something like a cisco router, nothing to cut out to make up for the added weight.
the problem is the sorta person to buy a wallet from a classifieds website isn't willing to spend $30 on a scale to weigh it, because if they had that money they'd just buy it from the official store instead
Lifehack: a post office will weigh whatever you want for free. Also many grocery stores have accessible scales.
Best part is they pay for the certifications!
Then there are friends that ahem buy/sell materials in gram quantities. A counted handful of newish coins are a reasonable way of verifying accuracy in those cases. Be sure to weigh different quantities lest the absolute and relative error cancel out.
Yeah, it's basically a good market for scammers: you're almost guaranteed whoever looking to buy this is is looking to store some large amount of money, so as a scammer your chances of big success is very large.
It is possible that the buyer of this wallet had no better option. For example, the official place to buy these devices might refuse to ship them to his country.
Readit News
"Here's your hardware wallet, initialize it with the seed written on this piece of paper, it's the only one that's going to work for this hardware wallet. Do not lose this seed or you'll lose access to your funds!".
Several unsuspecting users, not aware that a random seed is supposed to be generated by the hardware wallet (or by throwing dice, or whatever) have been pwned this way.
Most wallets let you provide your own seed words, which users can derive using diceware themselves, but DSA (and its elliptic-curve variants) need a secure random input, and I'm not sure if all wallets commonly use a deterministic (i.e. provably free of covert channels) construction (like in RFC 6979) for that.
https://en.m.wikinews.org/wiki/Predictable_random_number_gen...
With the article, it can go unsuspecting for years even simply waiting for maximum distribution and then a coordinated attack.
It would be trivial for any iOS-based software wallet to compromise your seed before your private key before is even created. You don't even need fancy spyware that calls home. If the seed is generated from a method that isn't random you'd never know. It will appear random to you, but the author of the software could simply increment on a known value and be able to recreate every private key ever created with that app. No one would ever know. The attacker could sit silent for years or even decades, and if they DID drain a wallet there would be no way to prove it and no one would believe the victim. It would just be a case of, "Well, you must have leaked your seed, it's your fault."
I can even see something like Coinbase Wallet being 100% compromised. The apology post is probably already written in a draft somewhere.
https://kentindell.github.io/2023/04/03/can-injection/
https://community.trustwallet.com/t/wasm-vulnerability-incid...
how many people can or will verify the key is truly one-of-a-kind?
I don't see how this is helpful advice.
The whole point of the article was how the look and feel of a legitimate hardware wallet was cloned.
Under these circumstances there is no way to tell what is in the device(clear housing perhaps?). all it has to do is act like the real device. It does not matter how good your security chip actually is if all I have to do is copy the correct interface.
Unrelated: the use of that particular version is a strangely shoddy mistake. It should have been very easy to use a version string that exists. In which case that version would never have been skipped??? perhaps at one point that was a real version and trezor pulled it due to it's use in a batch of clone units.
Perhaps attackers wanted to discourage user from trying to upgrade firmware/bootloader before first use by using version one step higher than officially released. If they used older version number, savvy user might try to flash newest firmware and discover something isn't quite right. Using nonexistent, but plausible looking version number, can also be used to explain minor discrepancies in behavior between fake and original unit, if some are introduced by mistake.
A security chip actually deserving the name (i.e. a tamper-proof one) can protect a private key even against physical attacks, with the corresponding public key marked as authentic by the manufacturer.
If the interface contains a challenge-response interaction with that private key (and ideally ties that to any further communication with the trusted applications on it), you can't copy/emulate that.
https://sc4.us/hsm/
It's an HSM which you can flash yourself. Unfortunately, it never generated much interest and so I had to fold up the tent. But maybe it was just ahead of its time.
Unfortunately I was aiming to use it to generate TOTP codes (and replace my authenticator app), but IIRC it needed a RT clock and thus a battery, which was not part of the design.
Great project though.
Anyway I suspect the problem is the nature of crypto. For this to actually take off, you would have needed to hand a bag of money to Jake Paul or John mcafee or a bitboy, and I'd highly suspect a really good product has a hard time competing against those that do
This seems like a horrendous design, like a safe that burns the money inside if you try to tamper with it. Sure, it might protect a malicious thief from absconding with the funds, but it is also an attack vector for any bad actor that simply wishes to cause you harm.
If the firmware had been tampered with, there is no safe way to extract the key. Better that the user uses the recovery seed on a fresh device.
Which means the weakest link of your fancy hardware wallet is how well you hide that bit of paper with your seed phrase.
Edit: Looks like I was beaten to this down thread.
Other than having x-ray vision, one easy (but by no means perfect) verification to thwart these types of attacks is to weigh your devices.
Manufacturing should be consistent enough that resealing a device like this would be adding some grams that shouldn’t be there. And unlike something like a cisco router, nothing to cut out to make up for the added weight.
Best part is they pay for the certifications!
Then there are friends that ahem buy/sell materials in gram quantities. A counted handful of newish coins are a reasonable way of verifying accuracy in those cases. Be sure to weigh different quantities lest the absolute and relative error cancel out.