Whether you think cryptocurrency is a scam or a salvation, those digital coins can store real-world value. The safest place to keep them is in what’s known as a “hardware wallet,” a device like a USB drive that stores your currency and private keys locally, without connecting to the internet. But “safest” doesn’t mean “perfect,” which new research into two popular hardware wallets reinforces all too well.
Researchers from Ledger—a firm that makes hardware wallets itself—have demonstrated attacks against products from manufacturers Coinkite and Shapeshift that could have allowed an attacker to figure out the PIN that protects those wallets. The vulnerabilities have been fixed, and both hacks would have required physical access to the devices, which minimizes the danger to begin with. But Ledger argues that it’s still worth holding hardware wallets to the highest standards, just as you would a closet safe.
“You can put millions or even billions if you want in a hardware wallet,” says Charles Guillemet, the chief technology officer of Ledger who also runs the company’s Donjon security team. “So this is definitely a big thing if an attacker has physical access to a hardware wallet and the wallet is not secure. Some cryptocurrency exchanges are even using hardware wallets for cold storage,” another term for systems that keep holdings offline.
Shapeshift fixed a vulnerability in its KeepKey wallet with a firmware update in February. If you haven’t already, connect your KeepKey wallet to the desktop app to download the update onto your device. A hardware flaw in Coinkite’s Coldcard Mk2 wallet persists, but is fixed in the company’s current Coldcard model Mk3, which started shipping in October. The researchers will present their attack on the Mk2 at the French security conference SSTIC in June.
The attack the researchers developed against KeepKey wallets took time to prepare, but with enough planning a hacker could have quickly grabbed a target’s PIN in the field. The assault hinges on information that KeepKey wallets inadvertently revealed even when they were locked.
Regular memory chips, like those used in hardware wallets, give off different voltage outputs at different times. In some situations, researchers can establish a link between these power consumption fluctuations and the data the chip is processing when it displays those changes. Such physical tells are known as “side channels,” because they leak information through an indirect physical emanation rather than through any direct access to data. In examining the KeepKey memory chip that stores a user’s authentication PIN, the Donjon researchers found that they could monitor voltage output changes as the chip received PIN inputs to determine the PIN itself.
This doesn’t mean the researchers could magically read PINs from a wallet’s chip voltage. They first needed to use real KeepKey test devices to take thousands of measurements of the PIN processor’s voltage output for each value of known PINs. By collecting a sort of decoder of voltage outputs for each phase of PIN retrieval, an attacker could later identify the PIN of a target wallet.
“On the attacked device we compare the measurement to our dictionary to determine the best match and that is the most probable value of the correct PIN,” Guillemet says.
ShapeShift patched the vulnerability in a firmware update that enhanced the security of the PIN verification function. The fix makes it more difficult to develop a reliable catalog of power consumption outputs that map to PIN values. Even if a wallet hasn’t received the update, though, KeepKey owners can still add a passphrase—preferably over 37 characters long—to their wallets that acts as a second layer of authentication.