In a recent security assessment, Ledger has identified persisting vulnerabilities within Trezor’s Safe 3 and Safe 5 hardware wallets, specifically tied to supply chain attacks. While Trezor maintains that user funds are secure, apprehensions regarding unpatched vulnerabilities and firmware integrity continue to linger.
Ledger's comprehensive security report scrutinizes the latest iterations of Trezor's wallets, uncovering notable security enhancements compared to earlier models. However, even with these advancements, Ledger cautions that the new devices are still exposed to certain supply chain attacks, primarily due to their dependence on a microcontroller for cryptographic tasks.
Ledger’s Insight on Trezor’s Security Architecture
Since its founding, Ledger's Donjon has been dedicated to conducting open security evaluations of various hardware wallets, including earlier versions of Trezor like the Trezor One and Trezor T. Previous models were found to be vulnerable to physical seed recovery attacks, largely due to their reliance on generic microcontrollers, which lack the resilience against hardware exploitation, such as voltage glitching.
The launch of the Trezor Safe 3 in late 2023, followed by the Safe 5 in mid-2024, significantly enhanced Trezor's security posture. These updated models now feature an EAL6+-certified Secure Element paired with a microcontroller.
Charles Guillemet, CTO of Ledger, stated that this Secure Element is responsible for managing PIN authentication and key storage, making it substantially more challenging for adversaries to extract private keys through standard methods.
Ongoing Vulnerabilities in Trezor Devices
Despite the technological upgrades, Ledger's research indicates that Trezor devices still harbor certain vulnerabilities. Specifically, all cryptographic operations, such as transaction signing, are executed on a microcontroller that is susceptible to firmware manipulation.
In cases where an attacker absconds with a device during its manufacturing or transit stages (i.e., a supply chain attack), they might alter the software running on the microcontroller, thereby compromising the device even before it reaches the consumer.
Ledger’s report details that this type of attack could facilitate the remote theft of a user's assets without their awareness, even if they believe their hardware wallet to be secure.
Supply Chain Attack Threats and Their Consequences
A principal concern in Ledger's findings is the hazards posed by supply chain attacks. The method of verifying firmware integrity in the Trezor Safe 3 and Safe 5 models exhibits significant flaws. While the Secure Element in these wallets ensures robust PIN protection, it does not verify the authenticity of the firmware operating on the microcontroller.
Ledger's analysis revealed that the TRZ32F429 microcontroller (a customized STM32F429 chip) used in Trezor Safe devices is vulnerable to voltage glitching. This sophistication allows adept attackers to read and modify the firmware stored within the device's flash memory.
Given that Trezor relies on a pre-shared secret between the Secure Element and the microcontroller for authenticity verification, an adversary could leverage a glitching attack to extract this secret, subsequently reprogramming the device to seem genuine to unsuspecting users.
Thus, if a supply chain infiltration occurs during the manufacturing or distribution phases, attackers may inject malicious firmware that operates seamlessly, yet discreetly compromises user keys or alters transaction information. Unlike direct physical assaults, which necessitate an attacker physically handling the wallet, a supply chain breach could lead to widespread compromise before devices reach consumers.
Trezor's Assurance regarding User Funds
In light of Ledger's revelations, users have expressed concerns regarding the safety of their funds. Responding to inquiries on X, the Trezor team reiterated that assets remain secure and that the vulnerability discovered pertains to a known exploit.
Nonetheless, questions persist as to why this acknowledged issue remains unpatched. Compounding these concerns, a January 2024 report indicated a security breach that exposed the personal information of nearly 66,000 Trezor users. To date, the Trezor team has not made an official statement regarding the report, leaving users eager for updates on potential solutions or patches.
