35C3 - wallet.fail
Video Statistics and Information
Channel: media.ccc.de
Views: 34,370
Rating: undefined out of 5
Keywords: tuwat, leipzig, congress, chaos, 2018, Security, Day 1, Borg, 35c3 ov, 35c3 eng, Thomas Roth, Dmitry Nedospasov, Josh Datko, 35c3
Id: Y1OBIGslgGM
Channel Id: undefined
Length: 61min 57sec (3717 seconds)
Published: Thu Dec 27 2018
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.
The part about getting your private keys off Trezor is actually quite scary. It means you cannot afford to lose your trezor. Any insight if the same hack is possible via the ledger?
The ledger team has responded to the presented vulnerabilities: https://www.ledger.fr/2018/12/28/chaos-communication-congress-in-response-to-wallet-fails-presentation/
So, if I buy a trezor from a hacker with exceptional knowledge and patience for doing these attacks and he finds me and hacks my computer, then all he needs to do is to sit in my garden for 24/7 with a huge antenna and a laptop and wait for me to plug the trezor into my hacked computer and he can steal all of my 0.0000001 USD in crypto?
Sounds reasonable. /s
What I take from this is that nano s is safe.
It's impossible to protect against a supply chain attack, so presenting that as a vulnerability is misleading. The point of a secure chip is that without your pin, someone with a physical possession of your nano s can't steal your funds. An untampered device should also be 100% resistant to attacks from a connected hacked pc. That's it, nothing more is possible and should be expected.
Trezor only provides protection from a hacked pc due to lack of a secure element.
This is why i have memorized my private key
I have an important question for the ledger audience:
Has it become clear that the ledger nano S can be hacked, WITHOUT having physical acces to the device/chips?
I'm terribly sorry, I watched the segment 2x but I can't figure it out.
The ledger response on medium: https://medium.com/ledger-on-security-and-blockchain/chaos-communication-congress-in-response-to-wallet-fails-presentation-17bcd166a052
Letโs not panic.... the work involved to carry out these attacks is enormous. First youโve got to find the right Nano or Trezor making it your worthwhile... these guys are specialists... average Tom isnโt. Itโs actually good that these people do this stuff... as now Ledger will close the loops... make the cases less accessible or roomy inside... Iโm not panicking.
Never liked hardware wallets.
I use a separate air gapped SSD with bit locker encryption with my Pvt keys inside ...