Unciphered Found Vulnerability in Trezor Model T Hardware Wallet

Article reading time:
2 minutes.

Information security company Unciphered said it was able to hack into the popular Trezor Model T hardware wallet and obtain the private key.

In the demo video, Unciphered specialistsuse some kind of “hardware vulnerability” in the Model T wallet. The video shows how the mnemonic passphrase is extracted. At the same time, hacking requires physical access to the wallet.

Startup team researched and developed a methodon the use of the "internal vulnerability" of the wallet. This vulnerability allowed to extract the firmware of the device. Then, with the help of specialized software and the power of video accelerators, they managed to crack the pin code of the device.

“We uploaded the received firmware to ourhigh-performance computing clusters for hacking. We have about 10 GPUs working on this task, and after some time we got the keys,” said Unciphered co-founder Erik Michaud.

Michaud also noted that it is impossible to fix this vulnerability in the Trezor Model T using software methods. The manufacturer will have to recall all sold hardware wallets to fix the vulnerability.

Trezor representatives said they knowThis vulnerability is called Read Protection Downgrade (RDP). It was discovered back in 2020, but its use requires physical access to the device, and "extremely deep technological knowledge, as well as sophisticated equipment."

“Even with such knowledge and equipment,you can set a complex passphrase that will add an extra layer of protection and make the RDP attack useless,” said Trezor CTO Tomas Susanka.

In April, it was reported that the Trezor Model T hardware wallet will receive transaction anonymization functions.