Hardware Wallets

This table contains known, reported, confirmed and verified vulnerabilities by the Wallet.Fail team. The bugs are classified by our team and represent our expert opinions and are based on many years of hardware security expertise.

Vulnerability Classes

Software Vulnerabilities

Software vulnerabilities are vulnerabilities affecting the host software that runs on the PC or smartphone and communicates with the hardware wallet. Since most host software provides update mechanisms, this class of bug can be patched in a future release of the host software

Firmware Vulnerabilities

Firmware vulnerabilities are vulnerabilities affecting the software that runs on the hardware wallet. Since most wallets provide update mechanisms, this class of bug can be patched in a future firmware release.

Hardware Vulnerabilities

Hardware vulnerabilities are vulnerabilities affecting the underlying hardware components of the hardware wallet. Because these vulnerabilities affect the hardware components they can only be fixed by the component vendors and not the manufacturer of the hardware wallet. Hence, hardware vulnerabilities are unlikely to be fixed by the wallet vendor.

Physical Vulnerabilities

Physical vulnerabilities are vulnerabilities affecting the hardware design of the hardware wallet. Once the device has been manufactured, hardware vulnerabilities cannot be mitigated and can only be fixed in a future hardware revision of the device. This class of vulnerabilities is unlikely to be fixed by the wallet vendor.

Architectural Vulnerabilities

Architectural vulnerabilities are vulnerabilities affecting the overall architecture of the hardware wallet. These are inherent design flaws in the device and can only be fixed in a major hardware revision, i.e. a new version of the device. This class of vulnerabilities is unlikely to be fixed by the wallet vendor.

35c3 Presentation

Our Team

Our team of expert security engineers is super-awesome and has over X years of experience in the field. Contact us today for your project. Dmitry Nedospasov Dmitry Nedospasov is a hardware design and security engineer, security researcher, trainer, speaker and reverse-engineerer. In 2014 Dmitry received his PhD (Dr-Ing.) in IC Security at TU Berlin. Josh Datko Josh Datko is an embedded systems engineer, security researcher and former submarine officer. Josh is best known for his 2017 presentation on insecurities in cryptocurrency hardware wallets. Thomas Roth Thomas Roth was named as one of the 30 under 30 in Technology by the Forbes Magazine. His main focus is on mobile and embedded systems with published research on topics like TrustZone, payment terminals, and embedded security.