Research Team Demonstrates Hard Wallets Vulnerabilities, Trezor Promises Firmware Update

Researchers have reportedly shown how they were able to hack the Trezor One, Ledger Nano S and Ledger Blue at the 35C3 Refreshing Memories conference.

The research team behind the dubbed "Wallet.fail" hacking project is made up of hardware designer and security researcher Dmitry Nedospasov, software developer Thomas Roth and security researcher and former submarine officer Josh Datko.

During the conference, the researchers announced that they have been able to extract the private key out of a Trezor One hardware wallet after flashing - overwriting existing data - a custom firmware.

The same group of hacker researchers also claimed during the talk that they were able to install any firmware on a Ledger Nano S, a leading hardware wallet.

The team also demonstrated that they found a vulnerability in the Ledger Blue, the most expensive hardware wallet produced by the company, that comes with a color touchscreen.

The signals are transported to the screen by an unusually long trace on the motherboard, the researcher explained, which is why it leaks those signals as radio waves.

When a USB cable is attached to the device, the aforementioned leaked signals get strong enough that, according to the researchers, they could be easily received from several meters.

Employing an artificial intelligence software deployed on the cloud, the team has been reportedly able to obtain the pin of the device from a dump of the leaked radio signal from the moment when the pin has been entered.

When asked about BitFi, the hardware wallet promoted as being "Unhackable" by crypto advocate John McAfee in July, a team member said that "We only talk about somewhat secure wallets" before concluding that "We didn't want to use a Chinese phone in this talk."

Also in August, a group of researchers declared to have successfully sent signed transactions from the BitFi wallet, claiming to meet the conditions of the bounty program.