Feed for tag: hardware-wallet
Trezor One Firmware Update

Recently a physical attack vector on the Trezor One hardware wallet was disclosed by a security researched called Sunny, Trezor was quick to release a firmware update 1.6.1 but the researcher realized that another attack vector of the same type was possible so SatoshiLabs released the new firmware update 1.6.3 on the 30th of August.

Trezor comes with a tamper-evident seal and the attack vector only affects tampered devices, so if you bought your Trezor used or if it came with the seal broken, make sure you update the firmware first then set it up. If you’re updating an older Trezor, make sure to have the correct recovery seed on hand as you’ll need it to set it up.

The newest firmware verifies the authenticity of the bootloader in the device. The bootloader checks the signature of the firmware. If both are genuine, your device will not display a warning, and therefore your Trezor is safe to use.

Source

Trezor Firmware Update 1.6.1

Trezor upgraded their firmware shutting down a hardware exploit in their micro controller that allows an attacker to modify or replace the bootloader. Trezor confirmed that this vulnerability only affects devices that arrived with no tamper proof seal as this attack can only be done by having physical access to the device, nonetheless, they advised users to update their firmware just to be safe. Quote:

Today, on March 21st, we have released a new security update for TREZOR One devices. This update patches a physical security issue discovered in mid-February through our responsible disclosure program. There is no evidence that this vulnerability has been used in practice. Nonetheless, the new system will also verify the integrity of your TREZOR device, making sure it is safe to use.

Ledger Detailed Analysis for Firmware 1.4.1

Ledger, known for the Ledger nano s, issued a detailed analysis of their previously released firmware on 2018/03/06.

We would like to take the time to detail the security improvements made to our firmware, initially detailed on the blog post New firmware update 1.4.1 available for the Nano S published on the 6th of March. Following a transparent and responsible disclosure process, we are giving a full detailed assessment of the fixed attack vectors that the Firmware 1.4 patches, which were initially reported by three security researchers.

As the publication of these technical details might elevate the threat level of non-patched devices, we strongly encourage our users to update their firmware by following our step by step guide.

Code Review Submitted on Monero Hardware Wallet Ledger HW
On 2018-01-10 the following merge request was submitted on the official development repository for Monero: The goal of this PR is to propose code modifications to integrate the ledger HW into monero-wallet-cli. This code mod is not ready to merge (see below) but it is time to ask to the dev team and tech guys a first review for opinion. The Ledger Wallet is a hardware wallet supplier that provides wallets capable of interfacing with many cryptocurrencies and digital assets.