The researchers team discovered vulnerable places and was able to hack the most popular hardware wallets for storing cryptocurrency Trezor One, Ledger Nano S and Ledger Blue.
The hacker group Wallet.Fail consists of all of those developers specializing in the safety of products. At the 35C3 Refreshing Memories conference, they said that they could remove the closed key from Trezor One after his flashing. However, they specified that the scheme works if the user has not installed its own password. The manufacturer promised that in the January update the problem will be eliminated.
In addition, hackers also stated that they found a way to establish any firmware and the most popular hardware wallet Ledger Nano S. Although after hacking, they used the device to play the game «Snake», but according to the team, with the help of this vulnerability, you can send maliciously transactions on a secure chip and confirm them or display false operations on the screen.
Researchers also reported a lack of Ledger Blue. They claim that the signals are transmitted to the screen on a very long path on the motherboard, so the wallet emits them in the form of radio waves. When connected to a USB cable, the signals become powerful enough and they can be easily captured from a distance of several meters. Using this vulnerability, the group managed to get a PIN from the hardware wallet, when it was internal transmission at the time of input.
Earlier, our columnist Oleg spoke in detail in detail about