Knowing this, let’s look at the issues Ledger presented on Sunday.

Issue 1 — Supply Chain Attack

“Supply Chain Attacks” are an everlasting problem for all hardware devices (not only wallets), no matter how well they can be protected. There is no way a piece of hardware can inspect itself and verify its integrity. Hardware attestation is not a solution, as hardware modifications can be (and have been) added, resulting in the device confirming it is genuine.

Moreover, all our manufacturing is based in the EU where we closely control the entire manufacturing process.

Demonstration of injection of arbitrary recovery words into Ledger hardware wallet. Credits: Saleem Rashid

Issue 2 — Software Crappy Attack

During the Trezor codebase testing, Ledger researchers only found two issues, confirming that our code stands strong against malicious actors. Although these vulnerabilities were unexploitable, we fixed them anyway. We would like to use this space to thank Ledger for confirming, once again, that Trezor source code is written with a high degree of quality.

Issue 3 — Side Channel Attack PIN

Side-channeling the PIN on Trezor One was indeed impressive and we commend Ledger’s effort. At the same time, we would like to thank Ledger for responsibly disclosing the issue to us. This attack vector was closed by back-porting the way to store data on Trezor Model T to Trezor One.

Issue 4 — Side Channel Attack Scalar Multiplication

This vulnerability assumes the attacker has the user’s PIN, physical access to the device and eventually the passphrase. By having all this the attacker can send all the funds from the hardware device anyway.

Issues 5 + 6 — Surprise Concluding Attack

These two are actually the same issue, but 6 sounds better than 5. That being said, we were surprised by Ledger’s announcement of this issue, especially after being explicitly asked by Ledger not to publicize the issue, due to possible implications for the whole microchip industry, beyond hardware wallets, such as the medical and automotive industries. Since Ledger is in talks with the chip manufacturer (ST) at the moment, we will also refrain from divulging any critical information, save for the fact that this attack vector is also resource-intensive, requiring laboratory-level equipment for manipulations of the microchip as well as deep expertise in the subject.

“This is still under discussion with ST. Could you please avoid mentioning details about the attack?” — Ledger

If you are a Trezor user and fear physical attacks against the device, we recommend setting up a passphrase-protected wallet, in the best case with multiple passphrases for plausible deniability. Passphrases will completely mitigate this attack vector.

While hardware-testing and adherence to responsible disclosure should be commended, the disclosure of this last issue seems to be premature.

“We would like to thank Ledger for practically demonstrating the attack that we have been aware of since designing Trezor. Because we realize no hardware is 100% safe, we introduced the concept of passphrase; that besides plausible deniability eliminates many kinds of physical attacks, like this one.” — Marek Palatinus, CEO SatoshiLabs

Conclusion

Summary of Ledger’s presentation at #MITBitcoinExpo.

This whole episode is a valuable lesson for us. We need to communicate something that we already know: No hardware is unhackable, and depending on what your security model is, there are tools which you can use to mitigate threats. For users who are wary of physical attacks, passphrases for plausible deniability and operational security are the way to go. For users who are concerned about remote attacks, nothing changes. We will continue to promote the passphrase feature in the future, as well as other operational security strategies in order for you to stay safe.