Another thing worth mentioning is how multiple public\u2013private key pairs are generated in cryptocurrency systems for multiple wallets belonging to the same person. It might be inconvenient to store several completely independently generated key pairs. So what cryptocurrency systems really do is generate just one big number called a cryptographic seed and derive multiple public\u2013private key pairs from the seed in a predictable manner for multiple wallets.<\/p>\n
This one big number \u2014 the cryptographic seed \u2014 is what a user of a cryptocurrency system actually stores.<\/p>\n
Unlike traditional financial systems, cryptocurrencies usually have no centralized authority, no registration mechanisms, nothing like chargeback insurance, and no account recovery options. Anyone who owns the cryptographic seed and therefore the keys derived from it, owns the corresponding cryptocurrency wallets. And if the seed is stolen or lost, so are the coins in the wallets.<\/p>\n
By the way, formally a wallet is a pair of public\u2013private keys. However, most of the time means of storing those keys<\/em><\/em> are also referred to as wallets<\/em><\/em>. If you put it this way, a hardware wallet is a device that stores cryptocurrency wallets. Easy, right?<\/p>\n As you can imagine, it\u2019s a good idea to keep this Very Important Seed as safe as possible. There are plenty of ways to store the seed, each with pros and cons<\/a>. The most convenient method is storing the seed either in your computer or smartphone, or, even handier, online. However, malware hunting for cryptocurrency wallets is not uncommon at all. As for the online wallet services, they can be hacked<\/a> and even go bankrupt, with large amounts of coins disappearing<\/a>.<\/p>\n On top of that, further problems<\/a> plague wallets, including phishing, payment information spoofing, loss of wallets due to hardware failure, and so on and so forth \u2014 so much so that at some point people decided to solve the mess by making hardware cryptocurrency wallets, dedicated devices designed to store cryptographic seeds reliably and safely.<\/p>\n The main idea behind a hardware cryptocurrency wallet is to store the cryptographic seed in a manner that it never leaves the device. All the cryptosigning stuff is done inside the wallet, not on a computer that it is connected to. Therefore even if your computer gets compromised, the invaders won\u2019t be able to steal your keys. In addition it would be nice to have some access-protection measures \u2014 like locking the device with a PIN code. And of course it would be quite useful for a hardware wallet user to be able to verify the actual transaction on the device<\/em><\/em> and to either confirm or deny it.<\/p>\n All these considerations define the most suitable design: Usually a hardware cryptocurrency wallet is a relatively small USB-connected dongle that has a display and some buttons that are used for PIN entering and transaction confirmation.<\/p>\n However, the inner workings of such devices can vary. The two leading manufacturers of hardware wallets \u2014 Trezor and Ledger \u2014 represent two different approaches to the hardware design.<\/p>\n <\/p>\n Ledger\u2019s devices \u2014 namely Ledger Nano S and Ledger Blue \u2014 have two main chips. One is Secure Element<\/a>, a microcontroller designed to store highly sensitive cryptographic data. More specifically, these chips are used in SIM cards, in chip-and-PIN banking cards, and in Samsung Pay\u2013 and Apple Pay\u2013 compatible smartphones.<\/p>\n The second chip is a general purpose microcontroller that handles peripheral tasks: maintaining USB connection, controlling display and buttons, and so on. In effect, this microcontroller acts like a middleman between the Secure Element and everything else, including the user. For example, every time the user has to confirm a transaction, they are actually going through this general purpose microcontroller, not the Secure Element chip. However, even storing cryptographic seeds in a protected chip doesn\u2019t make Ledger\u2019s device entirely impenetrable. For one thing, although it is very hard to hack into a Secure Element directly and steal a cryptographic seed, it\u2019s relatively easy to compromise a general purpose microcontroller and thereby deceive a hardware wallet to confirm an outsider\u2019s transactions.<\/p>\n Researchers inspected the Ledger Nano S firmware and found that it can be re-flashed with a compromised version if a certain value is written to a certain memory address. This memory address is blocked to make it unwritable. However, the microcontroller that is used in the device supports memory remapping, which changes the address to accessible. Researchers exploited this feature and uploaded modified firmware into the Nano S. For demonstration purposes, this modified firmware contained a Snake game. However, this modified firmware could contain, for example, a malicious module that changes wallet addresses in all outgoing transactions.<\/p>\n An alternative approach to compromise a hardware wallet is to use a hardware implant. Josh Datko managed to insert into a Ledger Nano S a cheap RF-triggered implant that pushes the confirmation button upon receiving a malicious radio command. The same method probably works with any hardware wallet; the researcher chose Ledger Nano S because it is one of the smallest, and therefore the most challenging for this physical attack.<\/p>\n Another device by the same manufacturer, the Ledger Blue, turned out to be vulnerable to side-channel attacks. Ledger Blue is a hardware wallet with a really large display and a big battery. It has a circuit board design flaw that leaks pretty distinguishable RF signals when the user is entering a PIN code. Researchers recorded the signals and trained a machine-learning algorithm to recognize them with 90% accuracy. <\/p>\n Trezor\u2019s devices work a bit differently. They don\u2019t use a Secure Element, so everything in the device is controlled by a single chip, a general purpose microcontroller based on ARM architecture. This chip is responsible both for cryptographic data storage and processing, and for managing the USB connection, display, buttons, and so on.<\/p>\n Theoretically this design approach could make it easier to hack the device\u2019s firmware and thus get access to the cryptographic seed stored in the microcontroller\u2019s flash memory. However, as the researchers said, Trezor did a really good job with hardening the firmware, so researchers had to go for hardware hacking, where they found success. Using a hacking technique called voltage glitching<\/em><\/em> (applying lowered voltage to a microcontroller, which causes funny effects in the chip) they switched Trezor One\u2019s chip state from \u201cno access\u201d to \u201cpartial access,\u201d which allowed them to read the chip\u2019s RAM, but not the flash storage. After that they found out that when the firmware upgrade process is started, the chip places the cryptographic seed into RAM to retain it while the flash is being overwritten. In this manner, they managed to get all memory contents. Finding the cryptographic seed in this dump turned out to be no problem; it was stored in RAM unencrypted, in the form of a mnemonic phrase<\/a> (meaning actual words instead of random number) that was easy to spot.<\/p>\n The memory dump contains the cryptographic seed in the form of mnemonic phrase and PIN (in this case, it\u2019s 1234), stored in plain text<\/p><\/div>\n I have to mention here that most of the hacks described by Thomas Roth, Dmitry Nedospasov, and Josh Datko are quite sophisticated \u2014 and they require physical access to the device. So don\u2019t rush to throw your Ledger or Trezor into a trash bin. As long as no one has access to it, your bitcoins should be fine (though somewhat depreciated).<\/p>\n Nevertheless, it\u2019s a good idea to keep in mind the existence of supply chain attacks. Hardware wallets are relatively easily tampered with and can be compromised even prior to purchase. Of course, the same goes for regular laptops or smartphones. However, attackers can\u2019t be sure if a particular laptop will be used for cryptocurrency storage. Hardware wallets, in this context, are a sure thing.<\/p>\n Manufacturers of hardware wallets are trying to address the problem, for example by using security stickers on devices\u2019 packages and creating pages on their websites that allow customers to perform online security checks of their wallets. However, these measures may not be helpful enough, and they can even be confusing.<\/p>\n Anyway, unlike some other hardware wallets<\/a>, Ledger\u2019s and Trezor\u2019s devices are designed with security in mind. Just don\u2019t assume that they are 100% unhackable. Take a few additional steps to protect your cryptofortune:<\/p>\n Extra Trezor tips:<\/p>\n Here\u2019s the original talk. Have a look \u2014 it\u2019s both entertaining and helpful for hardware wallets users.<\/p>\nWhy would anyone need a hardware cryptocurrency wallet?<\/h3>\n
How hardware cryptocurrency wallets work<\/h3>\n
![\"Why](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2019\/01\/10124945\/hardware-wallets-hacked-idea.jpg\")
<\/a><\/p>\nLedger\u2019s approach: The cryptographic seed is stored in the Secure Element chip<\/h4>\n
![\"The](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2019\/01\/10124954\/hardware-wallets-hacked-ledger-security-model.jpg\")
<\/a><\/p>\n![\"Hacking](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2019\/01\/10125001\/hardware-wallets-hacked-buzzword-bingo.jpg\")
<\/a><\/p>\nTrezor\u2019s approach: The cryptographic seed is stored in the general-purpose microcontroller\u2019s flash memory<\/h4>\n
![\"Trezor](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2019\/01\/10125009\/hardware-wallets-hacked-trezor-security-model.jpg\")
<\/a><\/p>\n![\"Trezor](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2019\/01\/10125016\/hardware-wallets-hacked-trezor-pwned.jpg\")
<\/a>Conclusions<\/h3>\n
\n
\n