Cybersecurity startup Unciphered claims it was able to hack into the popular Trezor T model hardware crypto wallet manufactured by Satoshi Labs.
In a YouTube demonstration, Unciphered showcased the apparent extraction of the wallet’s mnemonic seed phrase, or private key, exploiting a hardware vulnerability that relies on physical possession of the device.
This is not the first time Unciphered has seemingly managed to retrieve seed phrases from hardware wallets. In February, the company demonstrated a similar hack on a wallet manufactured by Hong Kong-based OneKey.
Hardware wallets, which store private keys offline and are designed to protect crypto assets, are generally considered highly secure. Unciphered said, however, that the hardware security mechanisms of the Trezor T model can be theoretically bypassed if a hacker had a T wallet in possession.
The type of exploit depicted by Unciphered would only be feasible if the attacker had physical access to the hardware wallet.
In the video, the Unciphered team said it developed an “in-house exploit” that allowed them to extract the wallet’s firmware. Eric Michaud, co-founder of Unciphered, claimed that by leveraging specialized GPU chips, they were eventually able to crack the device’s pin seed phrase.
“We uploaded the firmware we extracted onto our high-performance computing cracking clusters," Michaud explaineded in the video. "We have about 10 GPUs, and after some time, we extracted the keys.”
Michaud further claimed that fixing this exploit for Trezor T would require a recall of all their products.
Trezor did not immediately respond to a request for comment from The Block.
In an interview with CoinDesk, Trezor acknowledged that Unciphered’s demonstration had similarities with the Read Protection Downgrade (RDP) vulnerability discovered by Kraken Security Labs researchers that affected both the Trezor One and Trezor Model T. This implies that the vulnerability is not new.
Trezor further clarified that such attacks would require physical theft of the hardware wallet device.
© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
暂时没有评论,赶紧抢沙发吧!