According to CoinDesk, Unciphered, a renowned cybersecurity firm specializing in recovering lost cryptocurrency, announced that it has discovered a method to physically hack into the popular Trezor T hardware wallet.
“Security is that the threat can often be coming from inside the house. We can be our own worst enemy. So this is a huge part of it,” Unciphered Head of Marketing Nick Federoff told CoinDesk.
Unciphered is a cybersecurity firm that recovers lost cryptocurrency. According to Trezor, it was aware of an attack vector with a similar sound several years ago. An organization of cybersecurity experts that specializes in retrieving lost or stolen cryptocurrency claims to have discovered a technique to get into the well-known Trezor T hardware wallet once they have it in their possession.
In a lengthy series of emails and discussions, Unciphered explained to CoinDesk that it used an "unpatchable hardware vulnerability with the STM32 chip that allows us to dump the embedded flash and one-time programmable data."
All of it is fairly complicated, but the team was able to successfully hack into a Trezor T wallet provided by CoinDesk and recover their seed phrase and pin in a laboratory demonstration that was captured on camera. Unciphered had already breached the Ethereum Wallet and retrieved crypto that had been locked up, while stating on their website that they "do support every wallet in the market."
While noting that it appeared to be a "RDP (Read Protection) downgrade attack," which was openly identified as a concern three years ago, Trezor informed CoinDesk that its team lacked sufficient information about the precise attack Unciphered carried out to effectively respond. Even though RDP downgrade attacks "require physical theft of a device, extremely sophisticated technological knowledge and advanced equipment," as stated on their blog in early 2020, a press representative for the manufacturer of hardware wallets claimed they were not aware of any attempts by Unciphered to get in touch directly.
Contacted for additional comments, Unciphered declined to provide further details about their discovery, stating that they were prioritizing responsible disclosure and planning to share their findings with relevant stakeholders in the cybersecurity community.
As the story unfolds, the implications for the future of cryptocurrency security are sure to capture the attention of investors, industry professionals and enthusiasts worldwide.
