Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin...

Software Attacks on Hardware Wallets

Introduction • Security Analyst at Riscure, Netherlands • Likes:

• Smart cards • TEE • Secure devices • Breaking stuff

• Doesn’t like: • Delayed visas Sergei Volokitin

(not Alyssa)

What is a hardware wallet? • Connects to smartphone / PC

• Stores and uses private keys

• Mainly used for cryptocurrency private keys

• Super secure

https://www.ledgerwallet.com/products/ledger-nano-s https://www.keepkey.com/wp-content/uploads/2014/08/12121301/shapeshift-large.jpg

https://trezor.io/start/ https://bitfi.com/bitfi-wallet

Software Attacks on Hardware Wallets – Sergei Volokitin

Who is the attacker?

Physical access

Supply chain Malware on PC Software Attacks on Hardware Wallets – Sergei Volokitin

What are the defenses?

• Secrets don’t leave device

• Tamper-resistant

• Keep secrets in a Secure Element

• Secure software updates

Why Ledger?

• Fairly new/interesting

• Based on a certified Secure Element

• Multi-app support (Btc, Eth, …)

• Support for custom applications on SE

Who is the attacker?

Malware app

Physical access

Supply chain

Ledger Nano S hardware

• STM32 MCU • Screen, buttons, USB…

• Communication with the SE

• ST31 SE

• BOLOS

• Wallets (Trusted Apps)

• Secure Flash Memory

https://www.ledger.fr/2016/06/09/secure-hardware-and-open-source/

• MPU isolates memory

• Application has

• ~16 KB of Flash

• ~1 KB of RAM

• Over 100 syscalls

Secure Flash

Memory

Trusted App

sha256() syscall

returns SHA256 hash

User RAM BOLOS RAM

0xFFFFFFFF

0x20000000

0x00000000

0 1 2 ...

sha256() syscall

• Sadly: stops working after 8kB!

PTR LEN OUTPUT – HASH SHA256

0x00000000 0x00000001 6e340b9c…17afa01d

0x00000000 0x00000002 2ee78837…907c894c

0x00000000 0x00000003 df236376…9017eaac

Partial memory disclosure in cx_hash()

• cx_hash() syscall takes a pointer to a context structure

• Only values from 0 to 8 are valid algorithms!

You can tell whether ANY byte in memory

is between 0-8 .. or between 9-255.

struct cx_hash_header_s {

cx_md_t algo;

unsigned int counter;

if (!known_algo(context->algo)) return [invalid hash algorithm]; if (!access_allowed(context, needed_len(context)) return [security error];

Debug app installation flag

• There are per-application flags you can set, such as:

• Application with debug flag can read ~16kB of flash belonging to another app!

U2F App Flash

BTC App Flash

System Flash

Debug App Flash

U2F App Flash

BTC App Flash

System Flash

Debug App Flash

BTC App Flash

System Flash

BTC App Flash

System Flash

Debug App Flash

BTC App Flash

System Flash

Debug App Flash

BTC App Flash

System Flash

Debug App Flash

Flash is not cleared upon device reset

• User applications are not removed after device wipe…

• Good news: the global seed is reset!

• Wallet keys should be derived from seed at runtime

• most apps (e.g. Btc) do this...

uid counter init_flag hmacKey padding

U2F flash contents before/after reset

Summary

• Several vulnerabilities identified in Ledger Nano S

• Most severe consequence: U2F keys were not safe

• Ledger fixed all these vulnerabilities in a timely manner

• Bounty programs work!

• Closed source SE firmware => No community code reviews

What did we learn?

• Don’t trust Trusted Applications

• Hardware wallets still have software flaws

• Reset means reset – clear all that data!

Sergei Volokitin

volokitin@riscure.com

I wish I was giving this talk

V7. Supply chain attack • Attacker can install open-source bitcoin wallet

• CustomCA keys can be enrolled to ease development process

• CustomCA keys are not deleted upon reset

Supply chain attack:

• Buy bunch of hardware wallets

• Enroll CustomCA keys

• Install modified malicious Bitcoin application signed with CastomCA keys

• indistinguishable from genuine

• Enter the PIN three times so it goes to the reset state

• Sell devices for half-the-price

• Only reinstallation of the applets can prevent an attack Software Attacks on Hardware Wallets – Sergei Volokitin

Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin...

Documents

Mobile Wallets

Wallets Bags Footwear

Wallets for Women

Bitcoin Keys, Addresses & Wallets

Work @ Parfois - Wallets

WALLETS, PURSES & HANDBAGS

Using maternity wallets to aid safer pregnancies · Wallets, please contact: Using maternity wallets to aid safer pregnancies MAMA Wellbeing Wallets are durable PVC zip-lock pouches

PRECISE BIOMETRICS INTERIM REPORT · PRESENTATION OF THE INTERIM REPORT ... quarter, including USB keys and crypto wallets with fingerprint readers, which increases security for the

Introduction to Mobile Wallets

Grundstrukturen des mobile Wallets

Armory offline wallets

SECURITY SCREENING · 2017. 11. 15. · belts watches & jewelry wallets coins cell phones cameras keys other large metal objects please remove: don’t remove: security screening

Virtual Wallets

Leather wallets Specification

Phat Athletes, Fat Wallets

Attention Deficit Hyperactivity Disorder—State of the Art · Attention Deficit Hyperactivity Disorder—State of the Art Christopher Okiishi, MD ... tools, wallets, keys, paperwork,

PAYMENT WALLETS

English 105 Friday, May 13, 2011 Melissa Gunby. Emergency Evacuation Procedures Take only personal items: purses, wallets, car keys, identification Leave

Wallets and back Pain

Managing Oracle Database Encryption Keys in Oracle Cloud ... · In Database and BYOL bare metal instances, TDE master keys are normally provisioned in Oracle Wallets on bare metal