InvestorsHub Logo
Boards
News
Market Data
Markets
Discover
Discover
Subscribe Login/Register
S&P 500
5,245.35
(
0.46%
)
US TECH 100
17,844.80
(
0.69%
)
Dow Jones
39,572.20
(
0.36%
)
Brent Oil
82.21
(
-1.20%
)
Bitcoin
61,583.50
(
-2.10%
)
Post# of 248868
Next 10
Reply Private New
Public Reply Private Reply New Post
Keep Last Read
Keep Next 10 Report Keyboard Shortcuts
Next 10 Prev Next

Genz2

Send PM Follow Ignore
Followers 5
Posts 2617
Boards Moderated 0
Alias Born 09/06/2006

Genz2

Re: None

Saturday, 06/23/2018 10:36:29 AM

Saturday, June 23, 2018 10:36:29 AM

Post# of 248868
Software Attacks on Hardware Wallets

If EXO5 is still owned by Wave, it could have positive implications for Wave given that the typical phone can be hacked when a hacker is in possession of the phone as summarized in the Black Hat presentation. EXO5 could possibly kill the phone before the hacker has a chance to hack it or find it. Could a hacker have a more difficult time with the Boeing phone which has a TPM? Could there be a Samsung TPM in a phone in the future? Samsung/Wave agreement was a 15 year agreement.

https://www.blackhat.com/us-18/briefings/schedule/index.html#software-attacks-on-hardware-wallets-10665

Almost all security research has a question often left unanswered: what would be the financial consequence, if a discovered vulnerability is maliciously exploited? The security community almost never knows, unless a real attack takes place and the damage becomes known to the public. Development of the cryptocurrencies made it even more difficult to control the impact of an attack since all the security relies on a single wallet's private key which needs to stay secure. Multiple breaches of private wallets and public currency exchange services are well-known, and to address the issue a few companies have come up with secure hardware storage devices to preserve the wallet's secrets at all costs.

But, how secure are they? In this research, we show how software attacks can be used to break in the most protected part of the hardware wallet, the Secure Element, and how it can be exploited by an attacker. The number of identified vulnerabilities in the hardware wallet show how software vulnerabilities in the TEE operating system can lead to a compromise of the memory isolation and a reveal of secrets of the OS and other user applications. Finally, based on the identified vulnerabilities an attack is proposed which allows anyone with only physical access to the hardware wallet to retrieve secret keys and data from the device. Additionally, a supply chain attack on a device allowing an attacker to bypass security features of the device and have full control of the installed wallets on the device.
Public Reply Private Reply New Post
Keep Last Read
Keep Last Read Next 10 Report Keyboard Shortcuts
Next 10 Prev Next

Join the InvestorsHub Community

Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.

Sign Up