Ledger Reveals Five Vulnerabilities In Trezor Wallets
Ledger, one of the leading manufacturers, has discovered a number of vulnerabilities in devices created by its main competitor. The company says that there are five different security flaws distributed between the and the Trezor Model T. However, Trezor has contested some of the bugs, so it is not clear how serious the issues are.
Ledger’s findings are the result of the company’s recently-formed “Attack Lab,” which works to bug-test the company’s own devices as well as those of its competitors. Ledger says that it gave Trezor about four months to fix the bugs. Now that the responsible disclosure period has ended, Ledger has decided to its findings publicly.
The Bugs In Detail
One of the bugs has already been fixed by Trezor: A now-patched vulnerability could have allowed attackers to measure power consumption in a device in order to guess its PIN and gain access to its wallet. The fix for this bug lessens the impact of another still-unpatched bug, which allows attackers who know a device’s PIN to extract a secret key.
Two more vulnerabilities—or, rather, one bug in two different Trezor models—have also been found. These vulnerabilities could allow attackers to extract data from a device’s flash memory and drain the wallet’s funds. Solving this problem would require an entire design overhaul; however, users can prevent an attack by using a strong passphrase.
The Possibility of Counterfeiting
Finally, one vulnerability involves counterfeiting. Ledger shows that Trezor’s tamper-proof seal can be easily removed and reapplied. This would allow an attacker to open a Trezor device, then replace the hardware or install a backdoor. Ledger says that it was personally able to manufacture a convincing Trezor clone, and other Trezor wallets have emerged in the past.
As such, this line of attack is plausible. However, Trezor suggests that this problem does not exist as long as users buy their hardware wallet from the official Trezor store. Ledger responds that attackers could buy a wallet, install a backdoor, and return it to the company—although it is not apparent that Trezor is reselling previously-owned devices.
Are the Problems Serious?
All of the above attacks (except for counterfeiting) require attackers to have direct physical access to their victim’s wallet. Ironically, Ledger previous concerns about physical access, noting that using a camera to record user input is often more practical than exploiting various types of bugs.
Ledger’s article is not quite a “hit piece” on Trezor, but Ledger obviously has the upper hand when it comes to disclosing its findings. As of March 11, Trezor has not responded publicly to Ledger’s claims. However, Trezor’s latest firmware update one of the bugs, along with a bug and a third vulnerability.
News – CCN South Africa, Malaysia, Indonesia Outpace Europe in Crypto Awareness and Ownership: Survey A survey commissioned by crypto firm Luno has found that the level of ownership and familiarity with cryptocurrencies was higher […]
Stanford University hosted the fourth edition of the
conference over the weekend of November 4–5: “ 2017: Scaling the Edge.”
The annual conference, sometimes referred to as a “workshop,” has in its short history grown into somewhat of an institute within the bitcoin space. It aims to be the main stage for bitcoin’s technical and academic communities, with little room for commercial interests — and perhaps even less for the “scaling drama” that has grown to be the norm online.
“This is the place where we want to focus on engineering, not politics,” said Anton Yemelyanov, this year’s planning committee chair, as he introduced the event on Saturday morning. “We want everyone to have objective discussions from an engineering standpoint.”
The first two conferences were hastily organized one after the other in the second half of 2015, both in direct response to the new-at-the-time block size limit dispute and a looming hard fork through XT. The edition, the first of the two conferences, was instrumental in bringing together bitcoin’s technical community, which had up until that point mostly communicated through chat channels and mailing lists. And the second edition in introduced bitcoin’s mostly Chinese mining community onto the stage for the first time, quite literally. Faced with a contentious hard fork, the events were instrumental in building community among developers and across continents.
And the conferences proved pivotal in averting the crisis — at least temporarily. Hong Kong saw the introduction of, presented by engineer and major Core contributor Dr. Pieter Wuille. This innovation was included as a centerpiece in bitcoin’s scaling, proposed by Blockstream CTO and bitcoin Core maintainer Gregory Maxwell right after the conference, and was endorsed by large parts of the bitcoin ecosystem. It finally on the bitcoin network this summer.
Now, two years and three Scaling bitcoin conferences after the Montreal edition, another controversial hard fork looms. — maintained by former bitcoin Core contributor and CEO Jeff Garzik — is scheduled to hard fork next week as per the in order to double bitcoin’s block weight limit — an effort dubbed “SegWit2x.”
Yet, this upcoming hard fork did not demand much attention in Stanford. Apart from subtle remarks buried throughout some of the talks, the topic of SegWit2x was almost completely absent from the Scaling bitcoin program. Illustratively, Bobby Lee, CEO of and one of the few outspoken SegWit2x proponents on stage,even refused to take any questions on the hard fork after his invited talk — instead focusing on bitcoin’s meteoric price rise over the past years.
The Talks and the Science
Scaling bitcoin instead continued on the path set out last year at the, hosted in. With a broader scope than scaling alone, privacy and fungibility were prominent topics, while smart contracts, fees, mining and more were part of the program as well.
Perhaps the biggest innovations presented throughout the weekend, at least within the realm of features that could feasibly be implemented on bitcoin without rigorous protocol changes, were presented by some of the veterans (by now) in the space.
Tadge Dryja, co-author of and currently employed by the, presented “Discreet Log Contracts.” If the math checks out like he thinks it does, these could effectively realize trustless oracle systems, arguably offering a superior (being simpler) alternative to the bulk of advanced smart contracts. Put bluntly, think these kinds of solutions could make resource-intensive systems like Ethereum obsolete.
Along similar conceptual lines, Blockstream mathematician Andrew Poelstra presented “scriptless scripts.” Utilizing clever cryptography — specifically, signature aggregation — smart contracts could be anchored into a basic blockchain without needing to embed the entire smart contract code itself. Originally designed for the protocol, the concept could be leveraged by bitcoin, too.
And speaking of veterans in the space, Nick Szabo — partnered with (among others) Bloomberg contributor Elaine Ou — presented his proposal to broadcast bitcoin transactions over radio waves. Not so subtly referencing China’s recent, the two detailed how bitcoin could travel around the globe (and over the great firewall of China) without so much as needing an internet connection.
When the topic of bitcoin’s block size limit — the “original” scaling issue that spawned the conferences — came up at all, it was mostly in the context of propagation speed. Perhaps no coincidence, the two most relevant presentations on this topic were based on work by some of the people involved with previous hard fork attempts. The Unlimited team presented their test results on the “Gigablock” network, which they believe safely supports blocks that exceed current limits by several orders of magnitude. And UMass Amherst professor Brian Levine presented the “Graphene” block propagation protocol, co-designed by bitcoin’s former lead developer Gavin Andresen.
To the extent that next week’s hard fork was discussed, Anthony Towns’s presentation probably came closest. Towns detailed how support for future protocol changes could be cleverly determined through market dynamics. Though, while interesting, this type of solution will not be ready in time for the SegWit2x hard fork.
The Hard Forks and the Politics
Indeed, in contrast to some of the previous events, a sense of urgency was mostly absent in Stanford.
This could be in part because most of bitcoin’s technical community has by now roughly settled on a path forward — and SegWit2x is no part of it. Similarly, the question is not so much whether bitcoin will scale predominantly through second layers; for them, at least, it will. Rather, topics of research now focus on how these second-layer technologies can be optimized for performance, privacy and more.
Additionally, as a somewhat loosely organized volunteer effort, the team overseeing the conferences consists of slightly varying people from one event to the next. And resulting from a difference in vision for the 2017 edition, some of the earlier organizers as well as a segment of bitcoin’s technical communitywere absent for this round.
Perhaps as a result, the sense of community building typical for some of the previous events was not as prominent in Stanford. And the question of how to deal with a looming hard fork was a more central topic at the similar but more informal conference in Paris several weeks ago. In little over two years, Scaling bitcoin instead transformed from what is best described as an emergency summit to something perhaps more akin to a regular academic conference — even though an emergency summit would not have seemed entirely inappropriate at this point in time.
For a complete overview and videos of all presentations, visit . (Or follow for transcripts.)
The bitcoin Genesis Block, mined by Satoshi Nakamoto on January 3, 2009, is the inaugural block of the blockchain. It’s hardcoded, contains the embedded message ‘The Times 03/Jan/2009…’ and fixed reward.
