- Ledger uncovered five vulnerabilities in Trezor’s devices.
- All the vulnerabilities have been reported to Trezor who has also issued a response.
Hardware wallet giants Ledger unveiled five vulnerabilities in its direct competitor Trezor’s devices. In a report published by Ledger titled, “Our Shared Security: Responsibly Disclosing Competitor Vulnerabilities,” they pointed out the following vulnerabilities:
- The genuineness of a Trezor device can be copied. Ledger was able to create fake devices which were exact clones of a genuine Trezor device.
- On a stolen device, it is possible to guess the value of the PIN using a Side Channel Attack.
- Anyone with physical access to Trezor One can extract all the data stored within its flash memory.
- Anyone with physical access to Trezor T can extract all the data stored within its flash memory.
- Ledger analyzed the implementation of the crypto library in Trezor One. They found out that the library doesn’t contain proper countermeasures against Hardware Attacks except for the Scalar Multiplication function.
All the vulnerabilities have already been reported to Trezor. Of these five vulnerabilities, Trezor said that four of them are patched, non-exploitable, or require a pin. Trezor also noted:
“We would like to highlight the fact that none of these attacks are exploitable remotely. All of the demonstrated attack vectors require physical access to the device, specialized equipment, time, and technical expertise.”
Share
