The major hardware wallets manufacturer Ledger has recently unveiled vulnerabilities in its direct competitor Trezor – more specifically, its devices. This is a viral topic in the latest cryptocurrency news, emerging from a report that was published on Monday, March 11.
Currently, Trezor is not available to comment on Ledger’s findings. However, the study states that these vulnerabilities were found by Attack Lab. The Lab is the company’s department that hacks into its own and the competitors’ devices to improve security.
The List Of Four Weaknesses That Trezor Found
Ledger right now claims that it has repeatedly addressed Trezor about the weakness in the Trezor One and Trezor T wallets – and decided to make them public after the responsible disclosure period has ended.
There are a number of issues, including:
- The genuineness of the devices. As the Ledger team stated, the Trezor device can be imitated by backdooring the device with malware and re-sealing it in its box by faking a tamper-proof sticker which is easy to remove.
- Ledger hackers guessed the value of the PIN on a Trezor wallet using a side-channel attack, later reporting it to Trezor (November 2018). The company solved the issue in the 1.8.0 update.
- The possibility of stealing confidential data from the device. An attacker with physical access to the Trezor One and Trezor T can easily extract all the data from the flash memory and therefore gain control over the assets that are stored on the device.
- The crypto library found in Trezor One does not contain proper countermeasures against hardware attacks. This makes it easy to hack into and extract the secret key via a side-channel attack.
buy apcalis oral jelly generic buy apcalis oral jelly online no prescription
Users Can’t Be Sure When Purchasing Trezor Hardware?
In the recent report, Ledger claims that users cannot be sure when they purchase hardware from the official Trezor website. In that way, the attacker could possibly buy multiple devices, backdoor them and send them back to the manufacturer asking for a refund.
As they concluded, “in case the compromised device is sold again, the user’s crypto funds can be stolen.”
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]
Discussion about this post