Company representatives have revealed several vulnerabilities affecting Trezor hardware crypto wallets, the company has announced.
The first identified vulnerability is related to the genuineness of the devices: according to Ledger, the Trezor device can be easily infected with malware and re-sealed imitating the original label designed to protect the device against unauthorized access (which according to the company is easy to remove). Ledger also claims that this vulnerability can only be solved by modifying the entire design of the Trezor wallets.
The second bug used to allow potential hackers to get the PIN of a Trezor wallet through a side-channel attack. However, Trezor solved this problem in the firmware update 1.8.0.
Ledger also claims that, any attacker with physical access to the Trezor One and Trezor T wallets could extract all the information from the flash memory and control the assets stored in the wallets.
Moreover, according to Ledger, the crypto-library of the Trezor One wallet is not protected against hardware attacks: a hacker with physical access to the device could get the secret key through a side-channel attack even though Trezor claims that its wallets are resistant to this type of attacks.
Ledger representatives said they have informed Trezor about this vulnerabilities.
Subscribe to our Telegram channel to stay up to date on the latest crypto and blockchain news.