The hardware manufacturer Wallets Trezor recently corrected a critical vulnerability in his SAFE 3 models, following a discovery made by his direct competitor, LEDGER. This flaw, located at the microcontroller of these devices, could have allowed sophisticated attackers to bypass certain security measures and, potentially, to access sensitive data.
Trezor: an attack by “Voltage glitching”
The vulnerability identified by LEDGER on the Trezor model 3 was based on a technique called “glitching voltage”. This method allows an attacker to induce errors in the microcontroller of the device, by precisely modifying the power supply. By exploiting this fault, it became possible to bypass the integrity controls of the firmware and to execute a malicious code on the device.
👉🏻 How to buy and protect your Bitcoin with Ledger?
Ledger Donjon, the Ledger cybersecurity research unit, published its results while welcoming Trezor's efforts to strengthen the safety of its products. Charles Guillemet, the CTO of Ledger, commented the situation:
“Strengthening the security of the entire ecosystem is essential to promote a broader adoption of cryptocurrencies”.
Ledger: the best solution to protect your cryptocurrencies 🔒
Trezor reacts with a security update
Faced with this discovery, Trezor quickly reacted By publishing a security update for its SAFE 3 wallets and SAFE 5, the latter sharing the same chip. However, the company indicated that this correction could not be applied via a simple software update, suggesting that the problem was deeper and involved hardware limitations.
In an official declaration, Trezor assured that user funds were safe and that no immediate action was required from them. The company also recalled that the purchase of TREZOR keys via official sources remains the best practice to avoid any risk of alteration during the supply chain.
Although Trezor has succeeded in clogging this breach, this affair recalls an essential reality in the world of cybersecurity, No solution is completely invulnerable. The material wallets, although offering a high level of protection, remain exposed to advanced physical attacks, especially if an attacker manages to access the device.
🗞️ in the news – Massive corruption in the European Parliament? A wave of searches is underway at the 4 corners of Europe
Ironically, the Ledger company itself is not free from flaws. The company has experienced several security incidentsespecially in 2023 when a hacker compromised his connection library, making it possible to steal $ 484,000 in cryptos. Similarly, in 2020, a massive leak of personal data had exposed the email and physical addresses of 270,000 Ledger customers.
Zengo: the ultra-secure mobile wallet for your cryptos
Source : X
The crypto newsletter n ° 1 🍞
Receive a summary of crypto news every day by email 👌
Certain links present in this article may be affiliated. This means that if you buy a product or register on a site from this article, our partner gives us a commission.
Investments in cryptocurrencies are risky. There is no guaranteed high yield, a product with high performance potential implies a high risk. This risk taking must be in line with your project, your investment horizon and your ability to lose part of this savings. Do not invest if you are not ready to lose all or part of your capital