Ledger Reveals Five Vulnerabilities Of Its Rival; The Trezor Hardware Wallet

Crypto Hardware manufacturer, Ledger revealed five vulnerabilities of its rival’s product. This was revealed in a report published on March 11.

Vulnerabilities Of Trezor’s Hardware Wallets

Ledger noted in the report that the vulnerabilities were discovered by Attack Labs, a department of Ledger that hacks its device as well as competitors’ devices to improve security. Trezor has been addressed repeatedly on the weaknesses in their Trezor One, and Trezor T wallets by ledger before the decision of public disclosure was reached as claimed. At press time Trezor was not available to comment on ledger’s findings.
One of the vulnerabilities is the genuineness of the device. Ledger team noted that the Trezor’s device could be imitated by backdooring the device with malware and then resealing it in its box by faking a tamper-proof sticker, which is reportedly easy to remove. According to Ledger, the vulnerability can only be addressed by overhauling the design of the Trezor wallets and replacing one of the core components with a secure element chip.
The second vulnerability noted is the guessing of the value of the PIN on a Trezor wallet using the side-channel attack. Ledger stated that this was reported to Trezor in late November 2018 which was later solved in the firmware update 1.8.0.
The third and fourth vulnerabilities entail the possibility of stealing confidential data from the device. Ledger noted that an attacker with physical access to Trezor One and Trezor T could extract all the data from the flash memory and have control over the assets stored on the device. Ledger offers to solve this by replacing the core component with a Secure Element chip.
Lastly, the fifth vulnerability of Trezor’s wallet that was revealed is related to the security model. Ledger stated that the crypto library of the Trezor One does not contain proper countermeasures against hardware attacks. This means that a hacker with physical access to the wallet can extract the secret key via a side-channel attack.

Open Source Is No Silver Bullet

Recently, CEO of Twitter, Jack Dorsey purchased Trezor wallet for Bitcoin storage. When asked the reason for the choice, he stated that he chose Trezor because of its open source infrastructure. In response to this, Ledger stated that “The security model of hardware is quite complex, and offering open source firmware isn’t a silver bullet.”
Apparently, the vulnerabilities had made Ledger state that. However, the crypto space still awaits the response from the Trezor team.

Related posts
EthereumEthereum NewsETHUSDethusdtNewsVitalik Buterin

Ethereum Just Minted The World’s Youngest Crypto Billionaire

Ethereum (ETH) just minted its 13th billionaire and he’s the youngest on the list.  Russian-born, Vitaliik Buterin is the latest to be inducted into the prestigious triple comma club by Forbes. The 27-year-old programmer and co-founder of Ethereum who was…
CBDCcryptocurrencyCryptocurrency Newsdigital currencyNews

World Central Banks Deliberate On The Future of Money

Think about it this way: “It would be a mistake to think the internet won’t do to money the same thing it’s done to communications. When was the last time you wrote a letter, as opposed to sending a mail,…
Bitcoin NewsbtcusdBTCUSDCBTCUSDTcryptocurrencyCryptocurrency NewsEthereum NewsETHUSDethusdtNewsxbtusd

S&P Dow Jones Indices Takes Bitcoin and Ethereum to the Trading Floors of Wall Street

S&P Dow Jones Indices, the leading investment benchmark and indices provider, has launched “S&P Cryptocurrency Indices” with an ambitious goal of bringing transparency to the ever-evolving cryptocurrency market. These indices will measure the performance of certain cryptocurrencies that meet specific…