Bitcoin – Hack a Hardware Wallet – Cointribune

8:00 p.m. ▪ 9-minute reading ▪ by Nicolas T.

The security of your Bitcoins increases significantly through the use of hardware wallets. However, they are vulnerable to many types of attacks.

Bitcoin wallet

The role of a wallet is to generate public/private key pairs:

-The public key is used to receive Bitcoins (“Bitcoin addresses” are public key encodings).

-The private key (mathematically linked to the corresponding public key) is used to sign a transaction. The latter is then passed from the wallet to the miners, who engrave it into the marble of a block.

These are the two main functions of the wallet: generating/storing private keys and signing transactions.

Nowadays all wallets are called HD for “Hierarchical Deterministic” (BIP44). This type of wallet creates billions of key pairs from a single seed (the famous 12 or 24 words).

Beyond this common architecture, we distinguish the traditional wallet that is installed on your PC or smartphone. And then hardware wallets that perform the same function but do not offer the same security guarantees.

The first ones are simpler because only one program is enough. However, they are vulnerable to malware. As Ledger recalled in his blog last year, some spyware such as “Pegasus” is capable of exfiltrating text messages, messages from the encrypted Signal application, phone calls, etc.

Several malicious programs are specifically designed to drain wallets. Specifically, KPOT or ElectroRAT, which capture the wallet password when entered via the keyboard, decrypt the wallet configuration data, and filter out the seed from which all private keys are derived.

The second type of wallet is a small device, usually the size of a large USB stick. These devices come with a wallet installed on your PC. They allow transactions to be signed without the seed ever ending up on a potentially infected PC.

However, a Bitcoin hardware wallet remains vulnerable to a physical attack.

In a Bitcoin hardware wallet

The heart of a hardware wallet is a microelectronic chip (or microcontroller). It is essentially a silicon slab a few square millimeters in size with millions of transistors engraved on it. These transistors are connected together via microscopic traces to form logic gates through which electrons flow.

Additional interconnect layers are overlaid to combine the logic gates into more complex functions: microprocessor/controller, memory, etc.

While the inside of chips can be a microscopic labyrinth, it is still possible to destroy them during their operation, sometimes surgically, to extract information.

Dungeon Ledger is a specialist here. Your team also recently took a soft approach against competitor Trezor:

However, we would like to point out that Ledger’s attack will be nullified if the user uses a passphrase. Additionally, Trezor will soon come with an open source Secure Element (SE) developed by Tropic Square. Meanwhile, the latest Trezor Safe model, unveiled in October, includes an operating system (not open source).

However, the problem is very real. Many attack techniques are well documented and are becoming increasingly available to more people. Some physical attacks have even become very cost-effective.

Many techniques are actually a misappropriation of tools and methods from the field of error analysis. For example, when engineers in the space industry use lasers to introduce errors into their circuits to test their resistance to cosmic radiation.

Preparation techniques (decapsulation of packages, removal of technological layers from a chip, etc.) and imaging techniques (thermal, X-ray, etc.) are also abused to hack electronic chips.

In short, it is more or less easy to extract the seed from a Bitcoin hardware wallet. It depends on whether the circuit has a secure element or not.

Physical attacks

The first type of attack is called a side channel attack. A description can be found in the latest issue of MISC, the magazine for offensive and defensive cybersecurity.

Its goal is to analyze physical properties of the circuit such as its power consumption, electromagnetic radiation, calculation times, etc. This is a physical quantity that is measurable and directly related to the information that the attacker wants to extract.

These attacks are called non-invasive. The attacker simply observes the operation of the circuit. For example, power consumption. After sufficient measurements, statistical tools enable the reconstruction of the information sought, typically a password.

Demonstration in this video produced by Ledger: Side Channel Attacks | Enter the dungeon.

A second category involves more invasive attacks, called “injections,” that physically alter the circuit. We are talking about error attacks, the principle of which is to introduce computational errors during the operation of the circuit.

The goal is to influence the operation of the circuit in order to extract information or authorize a normally forbidden operation. There are a whole range of “error attacks”:

– “Power Glitch”: This attack consists of cutting the power to the circuit to interrupt its processing. Stopping flash memory writing can corrupt the data being written and cause errors that allow a logic attack the next time the flash memory is powered on.

Demonstration of Ledger: Power Glitch Attacks | Enter the dungeon

– “Voltage Glitch”: Short-term drop in the supply voltage of the circuit. This cost-effective technology only requires a transistor and a pulse generator.

– “Clock Glitch”: Short-term change in the processor clock frequency (overclocking). This method is just as simple as tension disorders, but also easy to combat.

–”Electromagnetic interference”: Emission of a strong electromagnetic pulse using an antenna placed near the chip. This creates currents in the conductor tracks that change the values ​​of the logic signals (0 or 1).

– “Laser defect injection”: The silicon is illuminated with a powerful, focused laser. This makes it possible to generate unwanted currents in the transistors through the photoelectric effect. You must have access to the silicon chip.

The laser attack has the advantage of being very surgical, as it directly targets small groups of transistors. This technique provides the best results but is more expensive and complex to perform.

Demonstration of Ledger: Laser Bug Attacks | Enter the dungeon.

Highly invasive attacks

This third category of attacks is generally as complex as it is costly. The silicon chip must be exposed in order to directly sample the circuit’s internal signals with fine needles.

The aim of the game is to record signals passing through the electrical conductors that connect multiple components. The attacker can even modify the circuit itself by adding traces or removing connections.

This microsurgical work is carried out using a FIB (Focused Ion Beam), which combines the effects of an ion beam and a gas to engrave materials or create new connections.

The preparation and imaging work is extremely complex and tedious if the attackers do not have the chip blueprints. It takes several months to understand how the circuit works in detail and figure out which transistors to target.

It must really be worth carrying out an attack of this magnitude. Typically a Bitcoin wallet that we suspect is full…

In conclusion, let’s say that many protection measures are required to effectively protect a chip. Secure Elements have many of these, which makes them much more resistant to physical attacks than traditional microcontrollers.

Get a round-up of the latest news from the cryptocurrency world by subscribing to our new daily and weekly newsletter service so you don’t miss out on Cointribune’s top stories!

Nicolas T. Avatar

Nicholas T.

Journalist reports on the Bitcoin revolution. In my articles I discuss Bitcoin from geopolitical, economic and libertarian perspectives.