Connect with us


Trezor hits back at Ledger; releases report to counter claims of its wallets being vulnerable to attacks




Trezor hits back at Ledger; releases report to counter claims its wallets being vulnerable to attacks
Source: Pixabay

Trezor wallet responded to Ledger’s claims that its devices were vulnerable to attacks. At the recently held MIT Bitcoin Expo in Boston, Charles Guillemet, the Chief Security Officer at Ledger, had made news after he publicly stated that four of Trezor’s devices were “completely broken.” Ledger later went on to release a report titled “Our Shared Security: Responsibly Disclosing Competitor Vulnerabilities,” which detailed five key vulnerabilities in their competitor’s products.

A day after Ledger published their report, Trezor responded to the assertions made by their competitor, with a report of their own titled, “Our Response to Ledger’s #MITBitcoinExpo Findings.”

Trezor began by stating that the attacks mentioned in their competitor’s report were not “exploitable.” It said,

“Starting off, we would like to highlight the fact that none of these attacks are exploitable remotely. All of the demonstrated attack vectors require physical access to the device, specialized equipment, time, and technical expertise.”

In the Ledger report, the third, fourth and fifth vulnerabilities pertained to the anonymity of data and secret key hacking, requiring physical access to the wallet.

Referencing a report by Binance, Trezor’s report stated that only 5.93 percent of respondents suggested physical attacks or thefts as being the most pertinent threat, with 66 percent suggesting that remote attacks presented a more urgent concern. Based on the study, Trezor stated that the customers concerned with physical attacks can be “protected using a passphrase.”

They further stated that remote attacks were the main purpose of wallet manufacturers,

“The primary purpose of a hardware wallet has always been to protect users and funds against malware attacks, computer viruses, and various other remote dangers (like stealing all funds from Ledger via the Stealth Change Address).”

To Ledger’s first claim that the integrity of Trezor devices can be imitated, Trezor replied,

“There is no way a piece of hardware can inspect itself and verify its integrity. Hardware attestation is not a solution, as hardware modifications can be (and have been) added, resulting in the device confirming it is genuine.”

With respect to the Side Channel Attack vulnerability claimed by Ledger, Trezor stated that this vulnerability was “close by back-porting the way to store data,” relating to the Trezor Model T to Trezor One.

Once the PIN vulnerability is resolved, the secret key extraction using the Side Channel Scalar Multiplication can also be rectified, stated the hardware manufacturer. The aforementioned claims are pegged on the assumption that the attacker has access to the users’ PIN and physical access, which Trezor disputed.

Trezor stated that they were asked by Ledger not to mention the surprise concluding attack due to its wider implications for the microchip industry. They further added that the company refrained from giving any more information to this effect.

Finally, Trezor appealed to its users to set up a passphrase-protected wallet with multiple passphrases for additional security. Marek Palatinus, the CEO of SatoshiLabs and the creator of Trezor hardware wallets, concluded,

“We would like to thank Ledger for practically demonstrating the attack that we have been aware of since designing Trezor. Because we realize no hardware is 100% safe, we introduced the concept of passphrase; that besides plausible deniability eliminates many kinds of physical attacks, like this one.”

Trezor’s response to the claims made by their competitor were summed up as,

Source: Trezor

Subscribe to AMBCrypto’s Newsletter


Bitcoin [BTC] is still going to $100,000, claims Heisenberg Capital’s Max Keiser




'Bitcoin is still going to $100,000', says Max Keiser
Source: Unsplash

CNBC’s Crypto Trader Ran NeuNer, spoke to Max Keiser, Co-founder of Heisenberg Capital on the sidelines of the Magical Crypto Conference and discussed Bitcoin’s current trends.

Keiser said that he was bullish on Bitcoin in the long term, adding that he would be sticking by his “$100,000” prediction for Bitcoin. He stated,

“I never stopped make price prediction… I said it [Bitcoin] was going to a hundred thousand dollars and it was only a dollar and I said that all publicly… it is still going to a hundred thousand dollars”

He added that the timing of when Bitcoin would reach the mark was not important, but that it would outperform every other asset over the next 15 years. Additionally, he said that timing was only for people who were waiting to buy crypto at a better price and “that is a bad way to approach crypto.”

Keiser displayed his enthusiasm for crypto, commenting that, “Stack Satoshis… Stack SATs… you should be stacking SATs.” Giving his opinion on Bitcoin’s recent rally, Keiser said,

“I think that it goes back to when Federal Reserve issued a statement saying that they’re moving the policy to permanent quantitative easing… which means money printing without end. As you know Bitcoin is hard money, like gold, and it is going to respond well to hyperinflation and hyper-money printing.”

Further, Keiser claimed that Bitcoin bottomed when the Federal Reserve announced this a few weeks ago and that this was due to a couple of reasons. The first being Bitcoin’s upcoming halving which highlights the scarcity of Bitcoin. According to Keiser, the second reason was that the sellers were exhausted. All the above reasons, in totality, contributed to Bitcoin’s price rise, claimed Keiser.

Since Bitcoin has already proven itself as a store of value, Keiser remarked that it would be best to concentrate on Lightning Network, a layer-two scalability solution for Bitcoin and improve it as a medium of exchange.

Subscribe to AMBCrypto’s Newsletter

Continue Reading