The “Wallet.fail” hack demonstration took place at the 35C3 Refreshing Memories conference, led by hardware designer and security researcher Dmitry Nedospasov, software developer Thomas Roth and security researcher Josh Datko.
The team was able to exploit a weakness in Trezor One hardware wallets which didn’t have a set passphrase by the owner, extracting the private key by overwriting data using a custom firmware. The chief technology officer (CTO) of Trezor’s parent company SatoshiLabs Pavol Rusnak responded on Twitter, saying a firmware update will be established at the end of next month to address this vulnerability.
With regards to #35c3 findings about @Trezor: we were not informed via our Reponsible Disclosure program beforehands, so we learned about them from the stage. We need to take some time to fix these and we'll be addressing them via a firmware update at the end of January.
— stick⚡Pavol Rusnak @ 35c3 (@pavolrusnak) December 28, 2018
The Ledger Nano S was found to allow the installation of any firmware, which the research team exploited to play Snake on the device. Ledger Blue also showed weaknesses, leaking signals as radio waves when operating which, according to the researchers, were strong enough to be detected from several meters away when a USB cable was attached.
These vulnerabilities follow reports in August that a teenager was able to hack a BitFi device, something denied by producers as no coins were actually extracted.
Follow BitcoinNews.com on Twitter: @BitcoinNewsCom
Telegram Alerts from BitcoinNews.com: https://t.me/bconews
Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.
Image Courtesy: Pixabay