Kraken: Hacking KeepKey Hardware Crypto Wallet In 15 Minutes
Cybersecurity researchers have uncovered a vulnerability in the KeepKey hardware wallet, which they say allows an attacker with physical access to a device to steal assets in just 15 minutes..On the exchange's blog, Kraken Security Labs describe a “power outage” attack that can extract an encrypted seed to gain access to a cryptocurrency stored on a device. Then cybercriminals can brute-force crack the seed-phrase, which is protected by a PIN-code containing from 1 to 9 digits, which the authors call a "trivial" task.
At the same time, they say, it will be quite problematic to eliminate the vulnerability, since the KeepKey team will not be able to do anything unless they change the wallet at the hardware level. "The attack is possible due to a vulnerability inherent in the microcontroller used in KeepKey," writes Kraken Security Labs.
The distribution of KeepKey wallets is carried out by the crypto-exchange platform ShapeShift, which bought the manufacturing company in 2017 year.
A voltage failure attack is carried out by malicious manipulation of the microcontroller power supply. Researchers estimate that it will cost about $ 75 to build an easy-to-use device to carry out such an attack. With its help, an attacker will be able to influence the first piece of software loaded by the device, in this case the "BootROM code".
“While the majority of KeepKey's codebase is based on Trezor One, their codebases have become quite different. The KeepKey team has added several mechanisms to make its firmware immune to the crash attacks demonstrated at the Wallet.Fail event during the 35th Chaos Communications Congress. Now, however, these measures have proven ineffective, ”explains Kraken Security Labs.
Similar articles
-
Intruder kidnapped from above $ 250 000 users non-custodian exchange Bisq Stop trading on non-custodial Bisq exchange this night turned out...
-
"Bitcoin SV does not match our listing criteria"- Kraken credits tokens fork Bitcoin Cash Cryptocurrency this Kraken exchange confirmed at night,...
-
American Express uses Ripple blockchain for implementation of instant transfers between UK and USA American financial company American...
-
IN Google play appeared phishing application cryptocurrency exchanges Poloniex Despite controversial reputation, Poloniex was and remains one of the most...
-
Second largest World Bank will issue bonds by $ 3 billion from possibility of exchange to bitcoin China Construction Bank (CCB) entered into cooperation from...
Комментариев нет:
Отправить комментарий