by Alexander Romero Ledger reveals 5 vulnerabilities in the Trezor Wallet!
Ledger, the well-known manufacturer of secure hardware cryptocurrency wallets and in particular the Ledger Nano X, has revealed five vulnerabilities discovered in the devices of its direct competitor in this sector, Trezor.
The company has published a report with full details on its official website on Monday, March 11, 2019.
UPDATE:
Trezor has corrected the vulnerabilities after Ledger’s revelations.
https://blog.trezor.io/our-response-to-ledgers-mitbitcoinexpo-findings-194f1b0a97d4
The question is why they waited for Ledger to talk about it to do it…
Ledger has a Lascar sidewall analysis library and a Rainbow simulation tool.
The company said it still tries to hack its own equipment to make sure it meets the highest security standards.
The company indicated that its commitment went beyond its own limits and applied these same methods to the devices of its competitors, in this case Trezor, as an initiative in the shared responsibility to ensure the safety of the crypto sector.
A practice that is also found among crypto exchanges like Kraken who offers $100,000 to help find the crypto funds of QuadrigaCX.
The goal is, if not to get some publicity anyway, to fight against fraudulent acts that affect other actors in the crypto sector who try to do their job well and protect their customers crypto funds!
The new study claims that Attack Lab, the company’s department that has been successful in detecting vulnerabilities, has regularly addressed the Trezor One and Trezor T portfolios.
It has now decided to publish them to comply with the responsibility disclosure period.
The first problem is related to the authenticity of the devices, because they showed that Trezor devices can be imitated with malware and then sealed in their box, also tampering with the tamper-proof label.
On the other hand, Ledger hackers calculated the value of the PIN code in a Trezor wallet by means of a side channel attack, reported to the company at the end of November 2018.
The third and fourth problems include the ability to steal confidential data from the device.
An hacker with physical access to Trezor One and Trezor T can extract all information from the flash memory and thus control the assets stored on the computer!
Finally, the latest vulnerability indicates that the Trezor One cryptocurrency library does not contain adequate mechanisms against hardware attacks.
Ledger notes that a hacker with physical access to the device can also extract the secret key with a secondary channel attack.
These revelations are more than disturbing if, as Ledger claims, the company would have warned Trezor of these vulnerabilities and would not have corrected them…
We can therefore welcome the gesture of Ledger to disclose to the general public so that users know that their crypto Trezor wallet can be hacked in several ways!
The fact of having warned Trezor indicates that Ledger does not seek to damage the reputation of its competitor without having warned them before but discloses these vulnerabilities in order to guarantee the security of users’ crypto funds.
If Trezor has heard of these vulnerabilities and has not corrected them, it is very serious, they will surely respond to this news.
UPDATE:
Trezor has corrected the vulnerabilities after Ledger’s revelations.
https://blog.trezor.io/our-response-to-ledgers-mitbitcoinexpo-findings-194f1b0a97d4
The question is why they waited for Ledger to talk about it to do it…
In the meantime, and as a good crypto tip, be careful where you store your cryptocurrencies, there are several ways to do it, a crypto wallet on your computer, smartphone or a secure external wallet like the Ledger Nano X.
Read our article about what is certainly the Best Crypto Wallet on the market: Click Here.
