Hackear una hardware wallet

Me parecio realmente interesante este video de Joe Grand explicando como lograron una secuencia lógica para hackear fisicamente un hardware wallet Trezor One y recuperar así $2 millones en Theta.

Y aunque Trezor ya haya protegido esta vulnerabilidad el desafío de no tener una integración vertical para fabricar todo el hardware (en serio no es lógico pensarlo) muestra que hoy por hoy hay vulnerabilidades que no se pueden solucionar por la estrategia de “seguridad por oscuridad” de los fabricantes de chips:

But a core issue with the chip that allows fault injection still exists and can only be fixed by the chip maker — which the maker has declined to do — or by using a more secure chip. Rusnak says his team explored the latter, but more secure chips generally require vendors to sign an NDA, something his team opposes. Trezor uses open-source software for transparency, and when Rusnak’s team discovered a flaw in one secure chip they considered using, the chip maker invoked the NDA to prevent them from talking about it.

This means Trezor wallets may continue to be vulnerable to other hacking techniques. Grand is already working on one new method for hacking the STM32 microcontroller used in the wallets. It will work even on wallets with the newest, more protected firmware. He says he won’t release the details publicly, however, because the ramifications go beyond wallets.

Via The Verge