In the demo video, Unciphered uses a “hardware vulnerability” in the Model T wallet. The video shows how the mnemonic passphrase is extracted. At the same time, hacking requires physical access to the wallet.
The startup team has researched and developed a method to exploit the “intrinsic vulnerability” of the wallet. This vulnerability allowed to extract the firmware of the device. Then, with the help of specialized software and the power of video accelerators, they managed to crack the pin code of the device.
“We uploaded the resulting firmware to our high-performance computing clusters for hacking. We have about 10 GPUs working on this task, and after some time we got the keys,” said Unciphered co-founder Erik Michaud.
Michaud also noted that it is impossible to fix this vulnerability in the Trezor Model T using software methods. The manufacturer will have to recall all sold hardware wallets to fix the vulnerability.
Trezor representatives said that they are aware of this vulnerability and it is called Read Protection Downgrade (RDP). It was discovered back in 2020, but its use requires physical access to the device, and “extremely deep technological knowledge, as well as sophisticated equipment.”
“Even with such knowledge and equipment, it is possible to set a complex passphrase that will add an extra layer of protection and make an RDP attack useless,” said Trezor CTO Tomas Susanka.
In April, it was reported that the Trezor Model T hardware wallet will receive transaction anonymization functions.
Source: Bits
I am an experienced journalist, writer, and editor with a passion for finance and business news. I have been working in the journalism field for over 6 years, covering a variety of topics from finance to technology. As an author at World Stock Market, I specialize in finance business-related topics.
