I’m happy to announce that I’ll be speaking with two amazing colleagues, Dmitry Nedospasov and Thomas Roth, at the 35th Chaos Communication Congress next month in Leipzig, Germany. Our talk, wallet.fail covers the following:
In this presentation we will take a look at how to break the most popular cryptocurrency hardware wallets. We will uncover architectural, physical, hardware, software and firmware vulnerabilities we found including issues that could allow a malicious attacker to gain access to the funds of the wallet. The attacks that we perform against the hardware wallets range from breaking the proprietary bootloader protection, to breaking the web interfaces used to interact with wallets, up to physical attacks including glitching to bypass the security implemented in the IC of the wallet. Our broad look into several wallets demonstrates systemic and recurring issues. We provide some insight into what needs to change to build more resilient hardware wallets.
There are a few new attacks here and a nice continuation of some of the fault injection testing we looked at last year at DEF CON. Personally, I’m very excited to be attending CCC and I’m looking forward to sharing our findings with the larger community.
If you are interested in this kinda of work, please go the CCC website and vote for our talk: