Trezor Responds to Ledger Report on Vulnerabilities in Its Hardware Wallets

Published at: March 12, 2019

Prague-based crypto wallet manufacturer Trezor has responded to а report about hardware vulnerabilities from its competitor Ledger on Tuesday, March 12.

Trezor claims that none of the weaknesses revealed by Ledger in a detailed report on March 10, are critical for hardware wallets. As per Trezor, none of them can be exploited remotely, as the attacks described require “physical access to the device, specialized equipment, time, and technical expertise.”

Trezor further cites the results of a recent security survey performed in partnership with major cryptocurrency exchange Binance. According to the survey, only around 6 percent of respondents believe that physical attack is the biggest threat to their crypto funds, while 66 percent claim they consider remote attacks a main problem.

Furthermore, Trezor noted that a “$5 wrench attack” — a targeted theft when the user is forced by intruders to disclose his password — cannot be prevented by a hardware barrier set by the manufacturer. Nonetheless, in the case of accidental thefts, the probability of cracking a Trezor wallet is relatively small, as the criminals will not be able to find the necessary equipment, the company states.

Of the five vulnerabilities in Trezor One and Trezor T disclosed by Ledger, Trezor said that four of them are patched, non-exploitable or require a pin. Trezor also noted that the manufacturing process for its devices is closely monitored.

Trezor’s response to the recent Ledger report on their wallet vulnerabilities. Source: blog.trezor.io

Ledger initially disclosed its findings during the #MITBitcoinExpo at the Massachusetts Institute of Technology this weekend. The company focused on hacking attacks that require access to device. In particular, Ledger described an option to extract a secret key via a side-channel attack, and the possibility of stealing confidential data from the device.

Tags
Related Posts
Ledger Discloses Five Reported Vulnerabilities in Two Models of Trezor Hardware Wallets
Major hardware wallets manufacturer Ledger has unveiled vulnerabilities in its direct competitor Trezor’s devices, according to a report published on Monday, March. 11. As of press time, Trezor was not immediately available to comment on Ledger’s findings. The study states that the vulnerabilities were found by Attack Lab, the company’s department that hacks into both its own and competitors’ devices to improve security. Ledger claims that it has repeatedly addressed Trezor about weaknesses in their Trezor One and Trezor T wallets, and has decided to make them public after the responsible disclosure period ended. The first issue is related to …
Blockchain / March 11, 2019
What happens if you lose or break your hardware crypto wallet?
Hardware cryptocurrency wallets are known for granting users full control of their crypto and providing more security, but such wallets are prone to risks such as theft, destruction or loss. Does that mean that all your Bitcoin (BTC) is lost forever if your hardware wallet is lost, burned or stolen? Not at all. There are a number of options to restore cryptocurrency for someone who has lost access to their hardware wallet. The only requirement to recover crypto assets, in that case, would be maintaining access to the private keys. A private key is a cryptographic string of letters and …
Blockchain / June 14, 2022
Research Team Demonstrates Hard Wallets Vulnerabilities, Trezor Promises Firmware Update
Researchers have reportedly shown how they were able to hack the Trezor One, Ledger Nano S and Ledger Blue at the 35C3 Refreshing Memories conference. The demonstration of the hacks was published in a video on Dec. 27. The research team behind the dubbed “Wallet.fail” hacking project is made up of hardware designer and security researcher Dmitry Nedospasov, software developer Thomas Roth and security researcher and former submarine officer Josh Datko. During the conference, the researchers announced that they have been able to extract the private key out of a Trezor One hardware wallet after flashing — overwriting existing data …
Blockchain / Dec. 28, 2018
What is a seed phrase and why is it important?
How to keep your seed phrase safe A crypto seed phrase in the wrong hands can do damage, so it is advisable to always ensure it is safe. The following are some tips for ensuring your seed phrase is secure. Never share your seed with anyone else: It’s extremely important that you never reveal your recovery phrase to anyone. Why? Because if someone else finds out your recovery phrase, they will be able to access — and therefore control — your crypto funds. Make a note of it on paper and keep it in a secure location: This is the …
Blockchain / Aug. 27, 2022
‘Blockchain Bandit’ Has Stolen 45,000 ETH by Guessing Weak Private Keys, Report Claims
A “blockchain bandit” has managed to amass almost 45,000 ether (ETH) by successfully guessing weak private keys, according to a report released by Independent Security Evaluators on April 23. Adrian Bednarek, a senior security analyst, said he discovered the sophisticated hacker by accident. While guessing a private key is meant to be a statistical improbability, he managed to uncover 732 private keys through his research — giving him the ability to complete transactions as if he was the account holder. The report notes that rather than using a brute force search for random private keys, it used a combination of …
Blockchain / April 23, 2019