Author Topic: Trezor Bitcoin wallet hacked - Dave was bang on with his teardown.  (Read 2834 times)

0 Members and 1 Guest are viewing this topic.

Offline funkyantTopic starter

  • Supporter
  • ****
  • Posts: 125
  • Country: au
    • YouTube Channel
https://medium.com/@Zero404Cool/trezor-security-glitches-reveal-your-private-keys-761eeab03ff8

Dave wondered why it wasn't potted. Dave wondered why they didn't have any tamper mechanisms.

If they had have had those features, the hack wouldn't be possible.

 :-+
 

Offline EEVblog

  • Administrator
  • *****
  • Posts: 37664
  • Country: au
    • EEVblog
Re: Trezor Bitcoin wallet hacked - Dave was bang on with his teardown.
« Reply #1 on: August 17, 2017, 11:48:04 am »
https://medium.com/@Zero404Cool/trezor-security-glitches-reveal-your-private-keys-761eeab03ff8
Dave wondered why it wasn't potted. Dave wondered why they didn't have any tamper mechanisms.
If they had have had those features, the hack wouldn't be possible.

And I said they should have used a secure processor.
Any/all of these would have prevented this embarrassing hack.
I do believe they replied on here saying they didn't need a secure processor because they could make it secure in software, oops  :palm:
 

Offline funkyantTopic starter

  • Supporter
  • ****
  • Posts: 125
  • Country: au
    • YouTube Channel
Re: Trezor Bitcoin wallet hacked - Dave was bang on with his teardown.
« Reply #2 on: August 17, 2017, 11:55:14 am »
That's a mighty big oops.
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23018
  • Country: gb
Re: Trezor Bitcoin wallet hacked - Dave was bang on with his teardown.
« Reply #3 on: August 17, 2017, 12:40:19 pm »
Well there's some shitty tactics going on here. The device is flawed for certain, but Zero404Cool stuck a 2 BTC price on the source which is currently ~ 8900 USD. Responsible disclosure not. This is asking the vendor to pay up a ransom or handing vulnerabilities over to the highest bidder.

Both the device and the attackers are a bunch of dicks  :-- ... total circus.
 

Offline Cerebus

  • Super Contributor
  • ***
  • Posts: 10576
  • Country: gb
Re: Trezor Bitcoin wallet hacked - Dave was bang on with his teardown.
« Reply #4 on: August 17, 2017, 04:32:35 pm »
Well there's some shitty tactics going on here. The device is flawed for certain, but Zero404Cool stuck a 2 BTC price on the source which is currently ~ 8900 USD. Responsible disclosure not. This is asking the vendor to pay up a ransom or handing vulnerabilities over to the highest bidder.

Both the device and the attackers are a bunch of dicks  :-- ... total circus.

What are you talking about? There's nothing in the link above that tallies with what you're saying, so you must have some information that we don't. (Either that or you're talking out of your hat, which wouldn't be unique on this forum.  :) ) Can you give us some more info, or a link, or at least a small clue?
Anybody got a syringe I can use to squeeze the magic smoke back into this?
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23018
  • Country: gb
Re: Trezor Bitcoin wallet hacked - Dave was bang on with his teardown.
« Reply #5 on: August 17, 2017, 04:41:32 pm »
Try and download the source code from the medium article and you'll see.
 

Offline firewalker

  • Super Contributor
  • ***
  • Posts: 2450
  • Country: gr
Re: Trezor Bitcoin wallet hacked - Dave was bang on with his teardown.
« Reply #6 on: August 17, 2017, 04:49:38 pm »
The article could very well be a scam effort.

Alexander.
Become a realist, stay a dreamer.

 

Offline senso

  • Frequent Contributor
  • **
  • Posts: 951
  • Country: pt
    • My AVR tutorials
Re: Trezor Bitcoin wallet hacked - Dave was bang on with his teardown.
« Reply #7 on: August 17, 2017, 05:12:06 pm »
It sends you here:
https://satoshibox.com/fwipady7nvbqoqreeso4cf82

And I didn't find another place that as the code.
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23018
  • Country: gb
Re: Trezor Bitcoin wallet hacked - Dave was bang on with his teardown.
« Reply #8 on: August 17, 2017, 05:31:28 pm »
It's ether a scam or asshats:

1. Find a flaw in something and publish as an alias on an anonymous publication platform.
2. Demand 0.5 BTC for a canned exploit or 2 BTC for the source. All anonymous.

There's no guarantee that's not a zip with "fuck-you.txt" in it.

Versus Responsible disclosure:

1. Contact vendor with disclosure and give them three months to sort it (in this case, close shop because the product is shit). Vendor can get a CVE sorted for it.
2. Release the source publicly.
3. Self promo based on (2).

This is all about selling this exploit. GCHQ, NSA, Israeli gov, Russian federation, NK have probably already paid up now because it's chump change which helps no one.

The flaw is probably legit but the researchers are dicks.
 

Offline hans

  • Super Contributor
  • ***
  • Posts: 1626
  • Country: nl
Re: Trezor Bitcoin wallet hacked - Dave was bang on with his teardown.
« Reply #9 on: August 17, 2017, 08:15:12 pm »
To be honest the article was annoying to read.

Also, the picture shows a button at the reset pin. Personally I don't see how this can be used to glitch the device, unless you have a trained magic finger (or there is a huge fault in STM32s I'm currently ignorant of).

There also seems to be some steps between prepared hardware and the final "memory dump" missing. Of course they want to have 8k$+ worth of BTC for that information. But as far as my ignorance stretches, I hope the STM32 has protection fuses set to block read/write SRAM/FLASH via SWD until you completely erase the chip.

I suppose a custom application can be flashed via the bootloader (are firmware upgrades signature checked?) that takes the non-zero initialized SRAM memory dump from the bootloader and dumps it. Assuming that indeed that piece of information is true. But if that is the case, that certainly would be a huge flaw in the design.

All in all I'm not convinced. Anyone can post a few pictures online with a button soldered to the reset pin of a board, an image of hand-crafted HEX dump and then ask thousands of dollars for the exact details that may indeed contain FU in it.
« Last Edit: August 17, 2017, 08:17:09 pm by hans »
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf