The well-known hacker conference Def Con 25 is happening once again at Caesars Palace in Las Vegas on July 27-30. The event schedule has a vast array of hacking exhibits and keynote presentations, but one notable group of Def Con demonstrators on the list claims they will show the audience how to break a bitcoin hardware wallet.
The Cryptotronix Presentation: ‘Helping You Get Started Breaking Your Own Wallet!’
The Def Con conference is one of the world’s biggest hacker conventions held in Nevada every year since 1993. The event hosts a multitude of tracks, demonstrations, and speakers from computer security experts, tech journalists, hackers, and government cyber specialists. This year’s Def Con 25 will have a lot going on as the audience will hear about jailbreaking Android and Apple gear, Opsec techniques, the evolution of DDoS attacks, abusing certificates, drone defense markets, and more.
One demonstration dubbed “Breaking Bitcoin Hardware Wallets” has sparked interest within the bitcoin ecosystem. The 20-minute presentation will showcase Josh Datko, and Chris Quartier of the company Cryptotronix sharing their tools and methods that allegedly can break a bitcoin hardware wallet.
“In this presentation, we will quickly overview fault injection techniques, timing, and power analysis methods using the Open Source Hardware tool, the Chip Whisperer,” explains the Cryptotronix demonstration summary.
We then show how to apply these techniques to the STM32F205 which is the MCU on the Trezor and Keepkey. Lastly, we will present our findings of a timing attack vulnerability and conclude with software and hardware recommendations to improve bitcoin hardware wallets.
A Study In 2015 Extracts a Private Key Using a $70 Oscilloscope
Cryptotronix backs their claims with a study done in 2015 by developer Jochen Hoenicke who was able to extract a Trezor’s private key using a $70 oscilloscope. The tool is an electronic testing instrument which allows the observation of various signals within devices. Many people believe side channel attacks like the one Hoenicke demonstrated are difficult tasks to achieve, but Hoenicke believes they are relatively easy to perform.
“Side channel attacks are not as difficult as many people think,” details Hoenicke in 2015. “A simple power analysis requires only a simple oscilloscope, and that can hardly be called expensive laboratory equipment. You also need basic soldering skills and deep knowledge of the code that is running.”
The 2015 Hardware Wallet Vulnerabilities Were Patched, But Cryptotronix Claims There May Be Additional Side Channel Attacks
Since then Trezor has patched these vulnerabilities found in 2015, and Hoenicke was in contact with the manufacturer Satoshi Labs throughout his investigation. However, Cryptotronix says in their demonstration summary, that although the vulnerability was patched the hardware wallets still do not have a “Microcontroller” and “[They] may be vulnerable to additional side channel attacks.”
Across forums, many bitcoiners are skeptical of the upcoming demonstration that will be taking place in Vegas next month, but stated they would be watching this closely. Some proponents said they hoped Cryptotronix would also release a responsible disclosure first to bitcoin hardware manufacturers before showcasing the hack. Others said research and tools like this might up the stakes so that next generation bitcoin devices can protect themselves in the future.
“Bitcoin hardware wallets help protect against software-based attacks to recover or misuse your key. However, hardware attacks on these wallets are not as well studied,” reveals the Cryptotronix demonstration synopsis.