Bitcoin Global News (BGN)
January 02, 2019 -- ADVFN Crypto NewsWire -- Security issues
are consistently cited as the major issue that is preventing mass
adoption. Systems must be in place to maintain security before
major financial institutions would be willing to handle
cryptocurrencies, and the average individual is unlikely to
transition to using this new technology without being sure their
money will be safe. In order to address these problems, a group of
researchers took the time to leap frog potential hackers by
developing novel ways to hack cryptocurrencies themselves. In this
way, they can begin finding solutions proactively to ensure the
integrity of the system as it grows.
Cold
Wallets
The most broad distinction of
wallets is “hot” or “cold.” This is the difference of whether it is
connected to the Internet or not. This is like carrying physical,
fiat cash vs. spending that same fiat cash with a debit card
connected to your checking account. Ledger and Trezor are the two
most popular companies making cold storage devices.
Recently IBM published research
touting that using their Trusted Execution Environments (TEES)
technology, smartphones could become the best cold storage wallets.
They create partitions on a device’s memory that is completely
separate from its main processor and storage system, preventing
internet connection. However, leading up to the Chaos Computer Club
Conference in Germany a group of researchers decided to find ways
hackers might attempt to circumvent this type of advanced
technology.
Hacking The Consumer Supply
Chain
The hardware researchers sought new
vulnerabilities in the Trezor and Leger hardware wallets. They were
able to successfully use rudimentary radio technology and
non-traditional hacking techniques. It’s important to note, the
hacks are extremely unlikely to occur in any realistic environment,
and especially to be completed at scale in any way. But ultimately,
they were able to hack the devices using three methods:
-
Vulnerabilities in the supply chain
- situations where an attacker gains access to a device before the
consumer actually owns or uses the device
-
Side channel attacks - situations
where observations are made on the base hardware of the device
rather than the software running on top of it
-
Glitch attacks - situations where
attacks are made to disrupt data transmission within a
device
The first step was much more simple
than hacking is perceived. One researcher found that because only
stickers are used to ensure that the device has not been opened
before a consumer purchases it. They were able to open a sticker
without breaking the seal or leaving residue using a blow dryer or
hot air gun.
Next, they found it was possible to
pop open a Ledger and install an internal receiver that tampered
with the functions of the hardware wallets used to block
transactions they user did not make - like rejected a fraudulent
charge on your credit card. Another method was able to make this
radio input become a side channel attack, where the users’ password
or PIN number could be sent to the hacker. Although these issues
have been raised, there is already work being done to avoid the
possibilities, and overall this will create more effective
technology.
“Anyone following these attacks
needs to understand that both scenarios as portrayed are not
practical in the real world and extremely unlikely. We stand by our
products and are continually updating and implementing firmware
countermeasures to ensure the highest standards of wallet integrity
against hackers.” - Nicolas Bacca, CTO at Ledger
By: BGN Editorial Staff