Whether you think cryptocurrency is a scam or a salvation, those digital coins can store real-world value. The safest place to keep them is in what’s known as a “hardware wallet,” a device like a USB drive that stores your currency and private keys locally, without connecting to the internet. But “safest” doesn’t mean “perfect,” which new research into two popular hardware wallets reinforces all too well.
Researchers from Ledger—a firm that makes hardware wallets itself—have demonstrated attacks against products from manufacturers Coinkite and Shapeshift that could have allowed an attacker to figure out the PIN that protects those wallets. The vulnerabilities have been fixed, and both hacks would have required physical access to the devices, which minimizes the danger to begin with. But Ledger argues that it’s still worth holding hardware wallets to the highest standards, just as you would a closet safe.
“You can put millions or even billions if you want in a hardware wallet,” says Charles Guillemet, the chief technology officer of Ledger, who also runs the company’s Donjon security team. “So this is definitely a big thing if an attacker has physical access to a hardware wallet and the wallet is not secure. Some cryptocurrency exchanges are even using hardware wallets for cold storage,” another term for systems that keep holdings offline.
Shapeshift fixed a vulnerability in its KeepKey wallet with a firmware update in February. If you haven’t already, connect your KeepKey wallet to the desktop app to download the update onto your device. A hardware flaw in Coinkite’s Coldcard Mk2 wallet persists, but it is fixed in the company’s current Coldcard model Mk3, which started shipping in October. The researchers will present their attack on the Mk2 at the French security conference SSTIC in June.
The attack the researchers developed against KeepKey wallets took time to prepare, but with enough planning a hacker could have quickly grabbed a target’s PIN in the field. The assault hinges on information that KeepKey wallets inadvertently revealed even when they were locked.
“The fact is that there’s no way to prevent a highly sophisticated attacker with physical possession of the device, and lots of time, technology, and resources, from completely ‘pwning’ that device—eventually,” ShapeShift said in a June 2019 statement in response to different DonJon findings. “ShapeShift recommends that you secure your device with the same caution you would with other investments or valuables. Protect your KeepKey like it could be stolen tomorrow.”
The other new findings from Donjon focus on the Coldcard Mk2 wallet. The attack would be difficult for a hacker to carry out, because Coldcard uses special secure memory that blocks the type of side-channel attack the researchers launched against the KeepKey wallet and strictly limits PIN guessing. Coldcard manufacturer Coinkite outsources the chip from the microcontroller company Microchip. But the researchers still found that they could use what’s called a “fault injection attack”—a hack that causes a strategic glitch triggering unintended, exploitable computer behavior—to force the chip into an insecure debugging mode. In this state, the chip’s PIN guess limit isn’t in effect, meaning an attacker could “brute force” the PIN by trying every possible combination until the wallet unlocks.
To trigger the special glitch, the researchers used an impressively outlandish attack, though one that is not inconceivable for a motivated and well-funded adversary. The fault injection comes from carefully opening the physical case of the Coldcard wallet, exposing the secure chip, physically grinding down its silicon without damaging it, and shining a high-powered, targeted laser on the chip in exactly the right location with precise timing. Laser fault injection rigs cost roughly $200,000 and require special skills to operate. They are typically used for security and performance testing in smart cards, like those in your credit card or passport.
“It’s an amazing report, and very exciting to see the extreme level of resources put into research of our products,” Coinkite said in a statement about the research. “First things first, none of their research affects the security of the Mk3 Coldcard, which is the product we are selling today (and for the last year). Fundamental changes were made between mark 2 and 3.”
Microchip has marked the status of the secure element used in the Coldcard Mk2 as “Not Recommended for new designs.” The Donjon researchers point out, though, that the vulnerable chip was incorporated in embedded devices beyond cryptocurrency wallets.
A lot of time and effort went into producing this research. Given that Ledger is a competitor of KeepKey and Coldcard, the potential conflict of interest in the work is obvious. And the Donjon team has a history of finding and disclosing vulnerabilities in wallets from its prominent rivals. But the researchers say that they spend the vast majority of their time attacking Ledger wallets, and that when they find notable vulnerabilities in their own product they patch them and then post detailed analyses of the bugs. The group has also open-sourced two of its side-channel analysis, measurement, and fault injection tools for other researchers to use.
The Donjon researchers emphasize that the most important thing you can do to secure your hardware wallet is to keep it physically safe. If you’re storing a few thousand dollars’ worth of cryptocurrency, you likely won’t have elite criminal hackers or nation-backed spies breaking into your house to shuttle your wallet to their state-of-the-art laser lab. But it’s worth keeping in mind that even when you intentionally prioritize security by opting for something like a hardware wallet, it can still have weaknesses.
Regular memory chips, like those used in hardware wallets, give off different voltage outputs at different times. In some situations, researchers can establish a link between these power consumption fluctuations and the data the chip is processing when it displays those changes. Such physical tells are known as “side channels,” because they leak information through an indirect physical emanation rather than through any direct access to data. In examining the KeepKey memory chip that stores a user’s authentication PIN, the Donjon researchers found that they could monitor voltage output changes as the chip received PIN inputs to determine the PIN itself.
This doesn’t mean the researchers could magically read PINs from a wallet’s chip voltage. They first needed to use real KeepKey test devices to take thousands of measurements of the PIN processor’s voltage output for each value of known PINs. By collecting a sort of decoder of voltage outputs for each phase of PIN retrieval, an attacker could later identify the PIN of a target wallet.
“On the attacked device we compare the measurement to our dictionary to determine the best match and that is the most probable value of the correct PIN,” Guillemet says.
ShapeShift patched the vulnerability in a firmware update that enhanced the security of the PIN verification function. The fix makes it more difficult to develop a reliable catalog of power consumption outputs that map to PIN values. Even if a wallet hasn’t received the update, though, KeepKey owners can still add a passphrase—preferably over 37 characters long—to their wallets that acts as a second layer of authentication.