I’m speaking at 35c3

I’m happy to announce that I’ll be speaking with two amazing colleagues, Dmitry Nedospasov and Thomas Roth, at the 35th Chaos Communication Congress next month in Leipzig, Germany. Our talk, wallet.fail covers the following:

In this presentation we will take a look at how to break the most popular cryptocurrency hardware wallets. We will uncover architectural, physical, hardware, software and firmware vulnerabilities we found including issues that could allow a malicious attacker to gain access to the funds of the wallet. The attacks that we perform against the hardware wallets range from breaking the proprietary bootloader protection, to breaking the web interfaces used to interact with wallets, up to physical attacks including glitching to bypass the security implemented in the IC of the wallet. Our broad look into several wallets demonstrates systemic and recurring issues. We provide some insight into what needs to change to build more resilient hardware wallets.

There are a few new attacks here and a nice continuation of some of the fault injection testing we looked at last year at DEF CON. Personally, I’m very excited to be attending CCC and I’m looking forward to sharing our findings with the larger community.

If you are interested in this kinda of work, please go the CCC website and vote for our talk:


2 thoughts on “I’m speaking at 35c3

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s