Kraken Security Labs was doing some substantial hacking on the KeepKey wallet. They managed to find several critical bugs.
The experts found an easy way of extracting the SEED mnemonic keyphrase. They require physical access to the wallet, for no more than 15 minutes. The attack uses voltage glitching to record a SEED phrase, using special hardware. This can be successful if performed by a well-prepared person. Some estimations even claim anyone can create such a glitching recording device for $75.
Using such machines, hackers can not only intercept your encrypted SEED from a KeepKey. They can also decrypt it, gaining access to your coins. If the SEED is protected with encryption, how can the malware crack it? Correct question. That’s where one more security flaw shows up. It appears that the wallet has a 1 to 9 digits password. As you may assume, such a password is easy to pick if you’re a good hacker making use of brute force software. Per the research:
“Moreover, since the encryption key is directly derived from the user’s PIN, the keyspace is small, especially for 4 digit PINs. Hence, the encryption key can be brute-forced in a fraction of a second on any modern PC, allowing an attacker to recover the unencrypted PIN and cryptographic seed.”
STM32 Microcontroller Spoils the KeepKey Wallet
The attack is successful not only because of the casual passwords. It also facilitates a flawed microcontroller device within the wallet itself. Thus Kraken researchers were able to connect to it and modify the loading sequence.
They claim that KeepKey hardware wallet designers have to stop producing the wallets. Kraken suggests performing a complete rethink of the security model. How much news will affect sales and the return rate?
KeepKey failed to provide the “next frontier of crypto security” they wrote about on the official website. The company received a reputation hit. Evil Naysayers from Telegram channels emit criticism all over the place.
Tips to Protect Yourself against the Attackers
Within your KeepKey Client, enable the BIP39 mnemonic keyphrase, and write down the words on a paper sheet. The mnemonic of this kind will not be stored within the device, so it is not vulnerable to the attack. Some find this passphrase a bit difficult to use. However, when it comes to storing hundreds or even thousands of dollars within a cryptocurrency wallet, you learn fast.
While the team behind the wallet considers the ways to solve such an unexpected problem, you can consider protecting your wallet from other people. KeepKey engineers already know about such type of attacks. They just have this standard notion that their wallet is set to protect the keys from remote access, not from the physical one.
Bug Details Reported to KeepKey Engineers
Kraken warned the public in their press release that they have sent the bug’s details to KeepKey on September 11, 2019. Now, they are releasing the information to the public so that the KeepKey owners could make some moves to protect their money. Follow their technical explanation for the in-depth dive into this new and sophisticated KeepKey vulnerability.
This is somewhat weird because such an attack vector is the one wallet users want protection from. When they visit a cafe, or a bar or some fishing club, safety’s first. You never know who wants to steal the shiny device, no matter whether it is: TREZOR, Open Dime, KeepKey, Ledger, Ledger Nano S, Digital Bitbox, Cool Wallet S, Satochip or any other wallet. When stolen, the device should be able to keep secrets.
next