3 February 2020 by Victor
A breach on the security of portfolio materials Trezor has been unveiled by Kraken Security Labs recently. The platform has in particular managed to extract sensitive data encryption on the model T using a hardware glitch, all in less than 15 minutes.
Contents
A flaw at the level of micro-controllers
In order to test the safety of the wallets of Trezor, Kraken Security Labs has attempted to go beyond the barriers of software and physical portfolio template T by sending voltage peaks at the level of micro-controllers.
In depth, the testers have used a physical piece of hardware that costs about 75 dollars to compromise two devices to access content. To this end, the laboratory explains :
“This attack demonstrates that the breakthrough STM32 family of Cortex-M3 / Cortex-M4 must not be used for the storage of sensitive data such as seed cryptographic even if they are stored as encrypted “.
You know what to do.
.—.
/ |________________
| () | ________ _ _)
|/ | | | |
`—` “-” |_|#ProofOfKeys
— Trezor (@Trezor) January 3, 2020
A problem minimized by Trezor
Although Trezor has knowledge of this vulnerability for a long time, it continues to overlook the degree of risk inherent to these attacks by invoking a time consuming process and difficult for the pirates.
As the company explained, the physical access to the device, access to specialized equipment as well as the time it takes to assign to the transaction would reduce greatly the opportunities for corruption of the system.
However, analysts Kraken have proved that from a material of $ 75, a time period of 15 minutes, the process is quick and easy to run.
What do you think of these vulnerabilities, software and hardware discoveries by Kraken on the portfolio materials Trezor ? Do you think that the manufacturer should revise its system of security to reduce the risks of piracy ? Give your opinion in the comments section.
(Be the FIRST to vote)
…