Trezor — security glitches reveal your private keys!

STM32F05 chip (Keepkey wallet)

1. We start with an empty Trezor device:

2. Let’s name it “Leak55”:

3. Usually people have 4 digit PINs. Let’s have an insane 9 digit PIN. No need to remember it anyway…

4. Now the Trezor device is ready to display us 24 words that make up the private key. We assume that these words are only kept inside the Trezor device and stored really securely...

5. OK, let’s disconnect and shut down the device.

6. And now, without knowing the PIN or anything about the device, just in 15 seconds it can be hacked and all private information can be extracted! Detailed steps are described in the second part of my article HERE. This is a combination vulnerabilities of both in hardware and software design that can’t be fixed without replacing the devices. After hacking, the device can be left in it’s original state, all data intact. You will never know that it was hacked!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store