Cryptocurrencies Keeping them safe (Trezor + Ledger)

Best Binary Options Brokers 2020:
  • Binarium
    Binarium

    The Best Binary Broker 2020!
    Perfect For Beginners!
    Free Trading Education!
    Free Demo Account!
    Get Your Sign-up Bonus Now!

  • Binomo
    Binomo

    Good Broker For Experienced Traders!

Trezor and Ledger Respond to Claims Their Crypto Wallets aren’t Secure

Three researchers and engineers have published a presentation from the 35th Chaos Communication Congress revealing claimed vulnerabilities in cryptocurrency hardware wallets. Trezor and Ledger have responded saying in short, their user’s cryptocurrency balances are safe. Dmitry Nedospasov, Thomas Roth, and Josh Datko, created the website…

Three researchers and engineers have published a presentation from the 35 th Chaos Communication Congress revealing claimed vulnerabilities in cryptocurrency hardware wallets. Trezor and Ledger have responded saying in short, their user’s cryptocurrency balances are safe.

Dmitry Nedospasov, Thomas Roth, and Josh Datko, created the website wallet.fail and promised to publish their presentation to the Chaos Communication Congress online after the event. Within 24 hours the researcher’s claims have been published and two leading hardware wallet makers have responded.

Ledger Says Your Crypto Assets Are Secure

Ledger has gone all out in response with a blog post saying that although it is happy to see people challenging its security that:

They presented 3 attack paths which could give the impression that critical vulnerabilities were uncovered on Ledger devices. This is not the case.

Despite the researchers saying they all “love cryptocurrency” and are cryptocurrency owners themselves Ledger also seems somewhat disappointed adding:

In the security world, the usual way to proceed is responsible disclosure… We regret that the researchers did not follow the standard security principles outlined in Ledger’s Bounty program.

Ledger also believes the three researchers did not provide “practical vulnerabilities.”

Firstly, the researchers performed an attack that modified the physical wallet and used malware on the cryptocurrency owner’s PC in combination with a potential attacker in a nearby room needing to remotely enter the hacked PIN and launch the cryptocurrency application. Ledger says of this type of attack:

It would prove quite unpractical, and a motivated hacker would definitely use more efficient tricks.

They tried to perform a supply chain attack by bypassing the MCU check, but they did not succeed. The MCU manages the screen but doesn’t have any access to the PIN nor the seed, which are stored on the Secure Element.

Though Ledger does acknowledge there is a bug in its firmware update function which allowed the researchers to add software. Ledger says this bug has been solved in the device’s next firmware version and that the bug doesn’t allow anything other than a JTAG debug interface. The researchers were unable to access cryptocurrency funds.

Lastly, for the Ledger Blue wallet, the researchers measured radio emanations when a PIN was entered, this tactic could lead to an attacker calculating a user’s PIN. Ledger says the posed attack is “interesting” but in real conditions would mean a device has to remain in the same position as when a “dictionary” of emanations was recorded so is again, unlikely.

It looks like Ledger had already been considering such an attack responding with:

We already implemented a randomized keyboard for the PIN on the Ledger Nano S, and the same improvement is scheduled in the next Ledger Blue Firmware update.

Trezor: If You Have Your Device…Keep Using It

Though Trezor appears to be “working with the info as it arrives” it is acknowledging a vulnerability but says as it is a physical vulnerability that has been identified:

Best Binary Options Brokers 2020:
  • Binarium
    Binarium

    The Best Binary Broker 2020!
    Perfect For Beginners!
    Free Trading Education!
    Free Demo Account!
    Get Your Sign-up Bonus Now!

  • Binomo
    Binomo

    Good Broker For Experienced Traders!

An attacker would need physical access to your device, specifically to the board—breaking the case. If you have physical control over your Trezor, you can keep on using it, and this vulnerability is not a threat to you.

Trezor has also said that concerned users can enable the “passphrase feature” on their Trezor hardware wallets, but that any loss of a user’s passphrase will lead to “loss of funds.”

The researchers do seem to have identified some potential weaknesses, however unlikely. It also appears that Ledger and Trezor are ahead of identifying vulnerabilities and responsive to parties like the wallet.fail three, even if they don’t use the wallet’s own bug bounty programs.

Ledger sold over a million of its wallets in 2020 alone and continues to be an industry leader with a flow of new partnerships. Trezor too continues to develop its wallets, adding native Ethereum support just recently.

Featured image from Shutterstock.

Now Watch: CCN TV

Last modified: January 24, 2020 10:48 PM UTC

A technology, blockchain, and cryptocurrency, writer and reporter based between France and Canada. Melanie has studied and retains an avid interest in global politics, business, and economics.

Ledger обнаружил уязвимости в аппаратных кошельках Trezor

Производитель аппаратных кошельков Ledger опубликовал обнаруженные уязвимости в устройствах Trezor, своего основного конкурента.

Уязвимости были обнаружены в Attack Lab — отделе компании, который занимается взломом как собственных устройств, так и устройств конкурентов для повышения безопасности. Ledger утверждает, что неоднократно сообщал Trezor о слабых местах в их кошельках Trezor One и Trezor T. Теперь компания решила обнародовать их после окончания периода соглашения о нераспространении информации.

Первая проблема связана с оригинальностью устройств. По словам команды Ledger, устройство Trezor можно подделать, взломав его с помощью вредоносного ПО, а затем повторно запечатать его в коробке, подделав защищенную от несанкционированного доступа наклейку, которую легко удалить.

Ledger утверждает, что эту уязвимость можно устранить только путем перестройки конструкции кошельков Trezor и, в частности, путем замены одного из основных компонентов на чип Secure.

Хакеры Ledger смогли раскрыть PIN-код на кошельках Trezor с помощью атаки по побочному каналу и сообщили об этом Trezor в конце ноября 2020 года. Позже компания исправила эту уязвимость в своем обновлении 1.8.0.

Третья и четвертая уязвимости, которые Ledger также предлагает устранить, заменив основной компонент микросхемой Secure Element, заключаются в возможности кражи конфиденциальных данных с устройства. Ledger утверждает, что злоумышленник с физическим доступом к Trezor One и Trezor T может извлечь все данные из флеш-памяти и получить контроль над активами, хранящимися на устройстве.

Последняя обнаруженная уязвимость также связана с моделью безопасности Trezor: согласно Ledger, криптографическая библиотека Trezor One не содержит надлежащих контрмер против аппаратных атак. Команда утверждает, что хакер с физическим доступом к устройству может извлечь закрытый ключ посредством атаки по побочному каналу, хотя Trezor подчёркивает, что его кошельки устойчивы к этому.

В 2020 году Trezor предупредил, что неизвестная третья сторона распространяет индивидуальные копии флагманского устройства копании Trezor One и призвала владельцев покупать кошельки только с сайта Trezor.

Однако в недавнем отчете Ledger утверждает, что пользователи не могут быть уверены в подлинности оборудования даже если они покупают его на официальном сайте Trezor. Злоумышленник может купить несколько устройств, взломать их, а затем отправить их обратно производителю с просьбой о компенсации. Ledger заключает, что в случае повторной продажи такого устройства оно останется под контролем злоумышленника.

В ноябре 2020 года исследовательская группа, стоящая за так называемым хакерским проектом Wallet.fail на конференции 35C3 Refreshing Memories продемонстрировала, как они взломали Trezor One, Ledger Nano S и Ledger Blue. Оба производителя аппаратных устройств признались в обнаруженных уязвимостях – при этом Trezor ответил, что обновление микропрограммы их устранит, а Ledger заявил, что они не являются критическими для его кошельков.

Подписывайтесь на BitNovosti в Telegram!

Делитесь вашим мнением об этой новости в комментариях ниже.

How To Store Your Digital Assets/Cryptocurrencies & Keep Them Safe

It should be understood that it is not recommended to store large amounts of bitcoins on any exchange, as the risk of loss or hacking is always present.

So, instead of keeping your bitcoins on an exchange, consider setting up a safe wallet which you own the private keys to. We recommend you ether setup an offline paper wallet or make the small investment in a hardware wallet such as a Trezor or Ledger.

Anytime a wallet is set up, users are provided with a unique recovery seed composed of anywhere from 12–24 randomized words. You are urged to write this recovery seed down somewhere safe and to never post it online.

Recovery seeds are considered the most important aspect of maintaining the safety of your cryptocurrencies.

A recovery seed is your best friend when you lose your paper, hardware, or mobile wallet, as it’s the only way you can recover your funds and wallet. Many individuals skip writing down their recovery seed code when setting up a wallet because they are too hasty.

However, to prevent total bitcoin and cryptocurrency loss, it’s crucial to record your recovery seed somewhere safe. It is highly recommended you back up your crypto wallets recovery phrase if you have not done so already.

Table of Contents

Store Your Recovery Seed Offline

The best method of storing your recovery seed is by actually writing it down on a piece of paper and storing it away somewhere safe, like a deposit box. It is completely ill advised to store your recovery seed on a note taking app, computer, cloud storage, Google Drive, or Dropbox due to the risk of your computer getting hacked and your seed stolen.

Purchasing a new USB for the sole purpose of storing your recovery seed is a good idea, but only if you don’t intend to utilize the USB for anything else. Even so, only store your recovery seed on a USB device after you have written it down on a piece of paper. USB drives can be lost or even fail occasionally. It’s never a great idea to rely solely on technology for storing crucial and extremely sensitive data.

If you have a larger investment in Bitcoin or other Cryptocurrency, we highly recommend you take a look at what is called a “Hardware wallet“. These are special devices designed to hold the keys to your wallets without exposing them to your local computer. That way if your machine has been compromised, ether by a hacker, virus or malware then your keys will remain safe. These devices come with special cards on which you can write down your seed for safe storage. On top of that, your device must be in your possession to send any digital currency.

My two personal favorites are:

You can get either at a fair price that won’t break the bank.

More Tips on How to Store Your Bitcoin Seed Securely

Don’t wait too long to record your recovery seed. Instead, when you are presented with it, write it down and store it away somewhere safe immediately. Paper is one of the most secure ways to handle and store critical data. As a matter of fact, archeologists are constantly discovering rolls of paper that are who knows how many hundreds of years old but that still contain vital historical information. Quite impressive, as a computer would definitely not be able to store data for that long, especially a recovery seed.

You might want to write down or make more than one copy of your recovery seed. What if your home is sabotaged by a natural disaster, like a fire? Well, you would most likely lose your recovery seed. Just imagine the emotional turmoil you would experience if you ended up losing access to all your digital assets for good. That’s why it is critical to have more than one copy of your recovery phrase tucked safely away somewhere, so that in case of a fire or flood, your seed will remain safe! If you are in possession of a significantly large number of bitcoins, then consider laminating the sheet of paper carrying your recovery seed and storing it in a secure vault.

It is ill advised to take pictures of your recovery seed or even make digital copies. Never store your seed on your email, cloud storage service, or hand-held device’s photo library, as you run the risk of getting hacked and losing your recovery phrase.

However, you may consider adding an advanced recovery phrase to your seed, if you are provided with that feature when you generate it. An advanced recovery phrase allows you to add a custom passphrase to your seed. This means that if your recovery seed is compromised by some ill-willed individual, he or she will essentially not be able to steal your funds due to the custom passphrase protecting your precious assets. Some users even go the extra mile and memorize their whole recovery seed!

Certain users have had great luck with storing their recovery seed phrases through cold storage methods that companies like Cryptosteel provide. Cryptosteel creates custom and secure steel plates with engraved recovery seed phrases. There have also been situations in which individuals in possession of wallets holding substantial amounts of bitcoins have passed away, leaving their families in the unknown regarding how they can retrieve their inherited cryptocurrencies. In certain situations, it makes sense to record your recovery seed and key in a will for your family members, including instructions for those unfamiliar with crypto assets.

Keep Your Bitcoins Safe for Good

It’s impossible to stress how important it is to keep your recovery seed as safe and secure as possible. You need to be very cautious regarding your wallet, bitcoins, and recovery seed. With the above advice, you should better understand how you can keep your recovery seed as safe as possible. Being smart and taking the necessary precautions can really help put you and your assets out of harm’s way!

It’s important for you to understand that you are responsible for your possessions and assets. There are many techniques and tricks out there that can be used to keep your assets and recovery seeds safe. However, it’s important to pick a method or two that you like and feel confident in. You can even use the same methods to store your recovery seed as you would other paper assets and documents, such as your will, birth certificate, or home mortgage. With the right precautions, you can keep your recovery seed as secure as possible and protect your digital currencies from thieves!

Looking For Cryptocurrency Project/Token/ICO/Gambling Site or Company Promotion?

We are the best in the business! Learn more here

If This Article Was Beneficial In Any Way feel free to Subscribe to Our Blog! (It’s Free)

If you are looking for an exchange to join, we would certainly appreciate it if you used our referral links to join.

Happy Trading! If you’re just here to learn that’s great too!

To register for Binance use the link below. My referrals link are here and I would appreciate it, if you used them!

Binance

If Binance Is Still Closed to New Member Registration, You Can Get Access and Register Now Here

Best Binary Options Brokers 2020:
  • Binarium
    Binarium

    The Best Binary Broker 2020!
    Perfect For Beginners!
    Free Trading Education!
    Free Demo Account!
    Get Your Sign-up Bonus Now!

  • Binomo
    Binomo

    Good Broker For Experienced Traders!

Like this post? Please share to your friends:
How To Do Binary Options Trading?
Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!: