TREZOR Hack

DEFCON 25 wrapped up a little over 2 weeks ago and we've known about this topic for a while, but it seems like people are just starting to realize that hardware wallets aren't as secure as you might think.

TREZOR is the main offender this time, but the TREZOR v2 and KeepKey may not be safe for long since the vulnerability supposedly exists in the STMicroelectronics chip they all use.

Without getting into the technicals of why and how this hack allegedly works, it ends up giving you access to the seed phrase, device label, and PIN. It doesn't seem like a difficult hack to perform if you don't mind opening the device, and there are supposedly methods that allow you to do it without opening it at all.







TREZOR's response seems to be a firmware upgrade for all devices running firmware versions lower than 1.5.2. More information on the hack is supposed to be released at a later date, after people have a chance to protect themselves by getting the update.

I've always had problems with the fact that hardware wallets aren't phishing resistant and are susceptible to shoulder surfing and evil maid attacks, but accepted these small imperfections since they are orders of magnitude more secure than an online wallet. Still, this is concerning news for those who use hardware wallets as cold storage.

How could TREZOR have avoided this hack?

The Ledger Nano S uses actual secure element chips that should be more resistant to fault injection than the ST32F05 chips in the TREZORs, which is one of the reasons I've defaulted to recommending them over the others. Still, there's that one flaw that all major hardware wallets have, the lack of good multi-factor authentication.

This is understandable. Hardware wallets have to prioritize convenience over security at a certain point, or else their devices will never compete with the devices that are much easier to use and only slightly less secure. Unfortunately, this means that this is likely an issue that isn't going away anytime soon.

What You Gain & Lose with Good MFA

Like most security measures, you lose convenience when you add security. Hardware wallets are the convenient way to store your cryptocurrencies with relative security. It's impossible to know exactly how much more or less secure one system is over another without data, and that's not something there's a lot of given that crypto is both so new and uncontrolled.

If you're using a TREZOR or Ledger Nano S for your daily driver to sign transactions, then you're more likely to notice if your device has gone missing or unsupervised - even for a short time. This means that you are reasonably safe from somebody tampering with your device and getting the sensitive information out. If you're storing it in a locked safe or some other secure location, you are also reasonably safe.

It's the people who own hardware wallets and keep them on their desk at work or in a drawer at home that need to reconsider what they're doing.

The TREZOR hack should be a stark reminder that physical security is still extremely important.

What's the Solution?

Locks can be picked and broken, safes can be cut through, and safety deposit boxes are only as trusted as the banks and government. So how do you increase your security when nothing is 100% guaranteed to work?

You use multiple physical security measures.

THIS is the one feature missing from mainstream hardware wallets - the ability to break up access control over multiple physical locations in addition to digital/memorized ones. Ideally, there should be an option to store a portion of sensitive information in one location and another portion in a different location. This ensures security even if one location is compromised, something that should already be difficult but also noticeable by the user before a second location is also compromised.

If you're interested in using a system that supports this, read part 3 of my security guide for creating a secure wallet. Not only does my guide show you how to set up a system that can utilize multiple secure physical locations, it also allows you to use multiple digital security measures. For more info, see the MyEtherWallet help docs on cold storage (where you'll also find my guide).

Until we see a mainstream device that supports physical keys (in the form of RFID, physical 2-factor like Yubikey, etc), I can't recommend hardware wallets over my own system for cold storage. For daily use, remember to keep your hardware wallet close.