Home Blockchain OneKey addresses vulnerability that allowed hardware wallet to be hacked

OneKey addresses vulnerability that allowed hardware wallet to be hacked

0
OneKey addresses vulnerability that allowed hardware wallet to be hacked

Source: blockchain.news

OneKey, a company that provides cryptographic hardware wallets, has said that it has already fixed a flaw in its firmware that allowed one of its hardware wallets to be compromised in less than a second.

Unciphered, a firm in the cybersecurity field, said in a video uploaded to YouTube on February 10 that it discovered a means to “crack” a OneKey Mini by taking advantage of a “massive major flaw” and exploiting it.

It was possible, according to Eric Michaud, a partner at Unciphered, to return the OneKey Mini to “factory mode” and bypass the security pin by disassembling the device and inserting the encryption. This would allow a potential attacker to remove the mnemonic phrase used to recover a wallet. This was made possible by returning the device to “factory mode”.

“You have the central processing unit and the security element. Your cryptographic keys will always be stored in the secure element. Michaud noted that in a typical situation, the connections between the central processing unit (CPU), which is where the processing is done, and the secure element is encrypted.

“Well, it turns out, in this particular case, it wasn’t built to do it. What you could do is put a tool in the middle that monitors communications and intercepts them and then injects its own commands,” he said. he said, adding: “That said, with passphrases and basic security practices, even the physical attacks revealed by Unciphered won’t affect OneKey users.”

The company went on to emphasize that even though the vulnerability was concerning, the attack vector discovered by Unciphered cannot be used remotely. Instead, it requires “disassembly of the device and physical access via a dedicated FPGA device in the lab” to be possible to run.

According to OneKey, after a discussion with Unciphered, it was reported that other wallets were found to have similar difficulties. This was revealed when other wallets were found to have the same problem.

OneKey said they have compensated Unciphered with bounties as a way of expressing gratitude for their contributions to the company’s security.

OneKey has said in a blog post that it has already taken significant precautions to ensure the safety of its customers. These precautions include protecting customers against supply chain attacks, which occur when a hacker replaces a real wallet with one under their control.

Tamper-evident packaging for shipments has been one of the steps OneKey has taken, along with the use of Apple’s own supply chain service providers to ensure strict management of supply chain security. of supply.

They have aspirations to add on-board authentication in the not too distant future and upgrade newer hardware wallets with higher level security components.

According to what OneKey said, the main objective of hardware wallets has always been to safeguard users’ financial assets from cyber attacks, computer viruses and other potential threats; unfortunately, however, nothing can be completely secure.

“When we look at the entire hardware wallet manufacturing process, from silicon crystals to chip code, from firmware to softwareIt’s safe to say that any hardware barrier can be broken with enough money, time, and resources; even if it is a nuclear weapons control system.” “When we look at the entire manufacturing process of hardware wallets, from silicon crystals to chip code, from firmware to software,”

Read More at blockchain.news