Reading: Accurate Analyst Expects Chainlink To Sustain Over 70% Drop: Here’s Why

Bitcoin Wallet

Hardware Hacking: How To Secure Your Trezor Wallet With Passphrase

Avatar

Emilio Janus | Dec 28, 2018 | 18:00

Trezor hardware wallet hack wallet.fail Bitcoin Wallet

Hardware Hacking: How To Secure Your Trezor Wallet With Passphrase

Avatar

Emilio Janus | Dec 28, 2018 | 18:00

Send
Share

A group called wallet.fail gave a presentation on how to hack cryptocurrency hardware wallets at the 35th Chaos Communication Congress. While all attack vectors required physical access, worryingly, the group demonstrated scraping the seed and PIN from Trezor RAM. So is there any way to truly protect your lovely bitcoin?

Lines Of Attack

The group found ways of hacking hardware wallets via four different methods; supply chain attack, firmware vulnerability, side-chain attack, and chip-level vulnerability. All techniques required access to the actual device, so if your wallet has never left your possession…then you could still be at risk from a supply chain attack.

Holographic security stickers apparently mean nothing, as they are easy to remove and replicate. But let’s assume your device is tamper-free.

Still Not Safe

The Ledger Blue outputs a slight RF signal when entering the PIN. Connect a USB cable and you have an antenna to transmit this across the room. You then become vulnerable to the $5 Wrench Attack.

Even worse news for Trezor users. An attacker getting hold of the device (e.g. with a $5 wrench) can scrape your seed and PIN from RAM, unless you activated passphrase protection.

Trezor Passphrase Protection

(Disclaimer: Trezor recommends using the passphrase for advanced users only)
If you forget the passphrase, the funds protected by it are lost forever.)

Each passphrase creates a new unique wallet, acting as a 25th seed word. It can be any sequence of up to 50 ASCII characters – which means both numbers and letters can be used.

You must manually enable passphrase in the Advanced settings of the Trezor Wallet browser interface after each recovery process. To access the original wallet (without passphrase protection), leave the passphrase space empty.

By keeping a spoof wallet with negligible funds, you can even protect against $5 wrenches. Don’t be tempted to disable PIN protection too though, as a passphrase could be susceptible to a keylogger attack. D’oh!

A full description of how to enable Passphrase Encryption is explained in this YoutTube video.

 

 

Do you use a passphrase? What other security best-practices do you recommend? Share below!

Images courtesy of Randall Munroe xkcd.com. Used under the terms of the Creative Commons Attribution license, Shutterstock

BitStarz Player Lands $2,459,124 Record Win! Could you be next big winner?

Tags: , , , ,
Send
Share
Show comments
Bobby Lee Presents First 'Hands-On' With Ballet Wallet At CES
Bitcoin Wallet

Bobby Lee Presents First ‘Hands-On’ With Ballet Wallet At CES

Bobby Lee, co-founder of BTCC crypto exchange, was at the Consumer Electronics Show in Las Vegas this week, demonstrating the first physical samples of his non-electronic hardware...

Emilio Janus | 6 months ago
Keepkey crypto flaw
Bitcoin Wallet

Kraken: Keepkey Crypto Hardware Wallet Has an Alarming Flaw

Crypto practitioners who depend on Keepkey hardware wallets to store their coins ought to take a pledge of not discussing it in public. Kraken Warns Crypto Users The warning appears on...

davitbabayan | 7 months ago
China Forces Bitcoin Miners to Scale Down Amid Electricity Shortfall
Bitcoin Wallet

Chinese Bitcoin FOMO: Major Bank Invests in Popular BTC Wallet

Chinese bitcoin FOMO appears to be on the rise as a major bank has reportedly invested in a local wallet platform. This report marks another significant crypto and blockchain-related...

Osato Avan-Nomayo | 9 months ago