Ledger unveils vulnerabilities in Trezor’s wallets
|- Ledger uncovered five vulnerabilities in Trezor’s devices.
- All the vulnerabilities have been reported to Trezor who has also issued a response.
Hardware wallet giants Ledger unveiled five vulnerabilities in its direct competitor Trezor’s devices. In a report published by Ledger titled, “Our Shared Security: Responsibly Disclosing Competitor Vulnerabilities,” they pointed out the following vulnerabilities:
- The genuineness of a Trezor device can be copied. Ledger was able to create fake devices which were exact clones of a genuine Trezor device.
- On a stolen device, it is possible to guess the value of the PIN using a Side Channel Attack.
- Anyone with physical access to Trezor One can extract all the data stored within its flash memory.
- Anyone with physical access to Trezor T can extract all the data stored within its flash memory.
- Ledger analyzed the implementation of the crypto library in Trezor One. They found out that the library doesn’t contain proper countermeasures against Hardware Attacks except for the Scalar Multiplication function.
All the vulnerabilities have already been reported to Trezor. Of these five vulnerabilities, Trezor said that four of them are patched, non-exploitable, or require a pin. Trezor also noted:
“We would like to highlight the fact that none of these attacks are exploitable remotely. All of the demonstrated attack vectors require physical access to the device, specialized equipment, time, and technical expertise.”
Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers.