A Def Con 25 Demonstration Claims to ‘Break Bitcoin Hardware Wallets’

The Cryptotronix Presentation: ‘Helping You Get Started Breaking Your Own Wallet!’

We then show how to apply these techniques to the STM32F205 which is the MCU on the Trezor and Keepkey. Lastly, we will present our findings of a timing attack vulnerability and conclude with software and hardware recommendations to improve bitcoin hardware wallets.
A Study In 2015 Extracts a Private Key Using a $70 Oscilloscope
Cryptotronix backs their claims with a study done in 2015 by developer Jochen Hoenicke who was able to extract a Trezor’s private key using a $70 oscilloscope. The tool is an electronic testing instrument which allows the observation of various signals within devices. Many people believe side channel attacks like the one Hoenicke demonstrated are difficult tasks to achieve, but Hoenicke believes they are relatively easy to perform. “Side channel attacks are not as difficult as many people think,” details Hoenicke in 2015. “A simple power analysis requires only a simple oscilloscope, and that can hardly be called expensive laboratory equipment. You also need basic soldering skills and deep knowledge of the code that is running.”
The 2015 Hardware Wallet Vulnerabilities Were Patched, But Cryptotronix Claims There May Be Additional Side Channel Attacks
Since then Trezor has patched these vulnerabilities found in 2015, and Hoenicke was in contact with the manufacturer Satoshi Labs throughout his investigation. However, Cryptotronix says in their demonstration summary, that although the vulnerability was patched the hardware wallets still do not have a “Microcontroller” and “[They] may be vulnerable to additional side channel attacks.” Across forums, many bitcoiners are skeptical of the upcoming demonstration that will be taking place in Vegas next month, but stated they would be watching this closely. Some proponents said they hoped Cryptotronix would also release a responsible disclosure first to bitcoin hardware manufacturers before showcasing the hack. Others said research and tools like this might up the stakes so that next generation bitcoin devices can protect themselves in the future. “Bitcoin hardware wallets help protect against software-based attacks to recover or misuse your key. However, hardware attacks on these wallets are not as well studied,” reveals the Cryptotronix demonstration synopsis. What do you think about the bitcoin hardware wallet demonstration that will take place at Def Con 25? Do you believe they possess tools that can exploit vulnerabilities found in these wallets? Do you think their research is a good thing so hardware companies can up their security game? Let us know in the comments below.Images via Def Con 24, Jochen Hoenicke’s blog post, and the Cryptotronix website.
Do you want to talk about bitcoin in a comfortable (and censorship-free) environment? Check out the Bitcoin.com Forums — all the big players in Bitcoin have posted there, and we welcome all opinions. The post A Def Con 25 Demonstration Claims to ‘Break Bitcoin Hardware Wallets’ appeared first on Bitcoin News.
Chip Whisperer Cryptotronix Def Con 25 Featured Hacker Conference Hardware wallet Jochen Hoenicke KeepKey Oscilloscope private keys Security Side Channel Attacks Trezor