Trezor Responds to Ledger Report on Vulnerabilities in Its Hardware Wallets

EU hardware wallet manufacturer Trezor has responded to a report from its competitor Ledger that described vulnerabilities in Trezor’s devices.
EU hardware wallet manufacturer Trezor has responded to a report from its competitor Ledger that described vulnerabilities in Trezor’s devices.

Prague-based crypto wallet manufacturer Trezor has responded to а report about hardware vulnerabilities from its competitor Ledger on Tuesday, March 12.

Trezor claims that none of the weaknesses revealed by Ledger in a detailed report on March 10, are critical for hardware wallets. As per Trezor, none of them can be exploited remotely, as the attacks described require “physical access to the device, specialized equipment, time, and technical expertise.”

Trezor further cites the results of a recent security survey performed in partnership with major cryptocurrency exchange Binance. According to the survey, only around 6 percent of respondents believe that physical attack is the biggest threat to their crypto funds, while 66 percent claim they consider remote attacks a main problem.

Furthermore, Trezor noted that a “$5 wrench attack” — a targeted theft when the user is forced by intruders to disclose his password — cannot be prevented by a hardware barrier set by the manufacturer. Nonetheless, in the case of accidental thefts, the probability of cracking a Trezor wallet is relatively small, as the criminals will not be able to find the necessary equipment, the company states.

Of the five vulnerabilities in Trezor One and Trezor T disclosed by Ledger, Trezor said that four of them are patched, non-exploitable or require a pin. Trezor also noted that the manufacturing process for its devices is closely monitored.

Trezor’s response to the recent Ledger report on their wallet vulnerabilities. Source: blog.trezor.io

Trezor’s response to the recent Ledger report on their wallet vulnerabilities. Source: blog.trezor.io

Ledger initially disclosed its findings during the #MITBitcoinExpo at the Massachusetts Institute of Technology this weekend. The company focused on hacking attacks that require access to device. In particular, Ledger described an option to extract a secret key via a side-channel attack, and the possibility of stealing confidential data from the device.