Until not so long ago, cryptocurrency wallets were seen as the safest payment method in the online environment. But, researchers managed to discover significant security problems when it comes to the hardware of some of these wallets. According to the unrolled study, both the firmware and chip of these wallets showed consistent vulnerabilities during testing.
What kind of tests were used? Attacks on the side-channel and supply-chain were utilized to see just how well such a wallet can handle the situation. The study started in June by Dmitry Nedospasov, Josh Datko and Thomas Roth, and during several months, researchers found quite a few ways to compromise the security of a cryptocurrency wallet. This means that they are not as safe as everybody believed.
When these wallets are sold, they come with a seal. It can be applied on the case or box of the device, in order to show the buyer that the item was never utilized before or had its internal components touched by anyone. Unfortunately, a mere sticker that comes with the name of “seal” is not sufficient to keep attackers at bay.
Believe it or not, it is very easy to remove the seal of a cryptocurrency wallet with the help of a , as long as it is not used at high temperature. This was something tested by the researchers themselves, who managed to remove the seals of several wallets by using this method. They saw how the seals came out easily and with no trace. In the worst case scenario, they left a small amount of glue behind. But, it can be removed with liquids made specially to clean electronic devices.
Some devices don’t even come with an anti-tampering seal. Instead, they are equipped with a chip that is supposed to protect the wallet against interception or replacement of any of its internal parts. The chip is activated each time the wallet is turned on. The device will automatically run an integrity check to make sure that it is intact.
After the researchers removed the seal, they tried to remove the outer case, in order to gain access to the internal parts. To their surprise, this was a task not too difficult to achieve, leaving the device’s hardware at their disposal. This enables attackers to replace the device’s microcontroller or gain access to the chip by using a hardware debugger. If a cryptocurrency wallet is compromised this way, an attacker can authorize transactions without the intervention of the user by using a hardware implant that is very cheap.
What this study brought to life will definitely raise a series of questions on how well these wallets are made. As it is obvious, anyone can gain access to the hardware components of the device with minimum effort. Also, the functionality of some wallets can be compromised by replacing some of their components with cheap counterparts.
While cryptocurrency is safer to be used, in comparison with regular currency, it appears that the devices we use for making payments could get us in trouble. We can only hope that these matters will rapidly be resolved, now that they manage to see the daylight.