Trezor comments on recent vulnerabilities report by Ledger

Posted 14 March, 2019

The producer of hardware crypto wallets – Trezor – eventually responded to the report made by its main rival Ledger that cited a number of discovered vulnerabilities in its products.

The company has released an official statement regarding the recent report by Ledger, in which it unveiled a number of vulnerabilities in Trezor's wallets. At the same time, Trezor representative highlighted that the market lacks the product that would provide 100% security, and thus every producer is striving to find ways to eliminate this problem.

The company noted in the report:

"Starting off, we would like to highlight the fact that none of these attacks is exploitable remotely. All of the demonstrated attack vectors require physical access to the device, specialized equipment, time, and technical expertise."

Trezor's team has studied the vulnerabilities discovered and reported by the Ledger experts and provided comments on each of them.

Specifically, supply chain issue is said to create challenges for all players in the market, as "a piece of hardware" cannot check itself regarding integrity. However, the company stated that all production facilities are located in Europe and thus it strictly supervises and monitors all the phases of the process. 

Trezor also fixed the problem which might allow side channel PIN attack via back-porting data storage method at the subject wallets.

"Side-channeling the PIN on Trezor One was indeed impressive and we commend Ledger’s effort," commented the company.

Notably, another issue covering side channel attack via scalar manipulation was also settled down. In particular, it was mentioned in the report that hackers could not apply this method as they would be asked to enter PIN anyway.

Trezor spokesperson also added citing the fifth issue that the company recommends setting up phrase password to boost protection of the wallets against physical attacks. This option is said to "completely mitigate this attack vector".

For reference, Ledger released its findings regarding Trezor's vulnerabilities on March 12 released its findings regarding Trezor's vulnerabilities on March 12.

"We would like to thank Ledger for practically demonstrating the attack that we have been aware of since designing Trezor. Because we realize no hardware is 100% safe, we introduced the concept of passphrase; that besides plausible deniability eliminates many kinds of physical attacks, like this one," summarized Marek Palatinus.

Previous story

14 March, 2019 15:25

← Another banking sector regulator cites risks entailed by cryptocurrencies

The Basel banking regulator has stated that cryptocurrency spreading may be bad news for the future of the global banking system. The representative of the Basel Committee of Banking Supervision cited the increasing popularity of the cryptocurrencies though they bring heavy risks and feature strong volatility. Thus, the Committee has determined and unveiled the list of the standards that should be followed by the banks while dealing with the cryptos.

Another banking sector regulator cites risks entailed by cryptocurrencies

Next story

14 March, 2019 12:11

CoinFLEX backed by Polychain and DCG →

Hong Kong's CoinFLEX aimed at bitcoin futures was reportedly funded by the top-2 venture crypto companies – Polychain Capital and Digital Currency Group. The platform made a statement about the received investments on March 13. It noted that Polychain Capital and Digital Currency Group have joined other companies that have already expressed intentions to support the exchange.

CoinFLEX backed by Polychain and DCG
Write a comment
 
Prove you’re not a bot + 15 = 22