The latest governor of devices in Trezor, Safe 3 and Safe 5, has some serious security problems, according to a LEDGER report issued on March 12.
The report said that the security research team, Ledger Dungon, found that these devices have a lot of weaknesses in their control, which could allow infiltrators to reach distance from user money.
Disadvantages come despite the Trezor upgrade to a dual -chips design that includes a safe, EAL6+approved element. While the safe element protects nails and special keys, the LEDger report reveals that all encryption operations are still being carried out on a controller, which is subject to voltage offensive attacks.
If exploited, the attacker can extract the secrets of encryption, adjust fixed programs, and bypass security examination, which leaves the user’s money in danger.
Trezor’s new security design failed to protect critical operations
Trezor Safe 3 was launched in late 2023, followed by Safe 5 in mid -2014, and both conservatives presented a design of numerical, in efforts to move away from the same structure used in the oldest Trezor models.
The upgrade also added a safe component of the Infineon Optiga Trust M, which will be a safety chip for storing nails and encryption secrets.
According to To the results of Ledger, this safe element prevents access to sensitive data unless the correct pin is entered. It also prevents hardware attacks such as voltage removal, which was previously used to extract seed phrases from models such as Trezor One and Trezor T.
But despite these improvements, Ledger Dongon’s research shows that the main encryption functions – including the signing of transactions – are still on a controller, which are still a great security point.
Microcontroller used in Safe 3 and Safe 5 TRZ32F429, which is actually the Stm32F429 chip packed on demand.
This slide has weaknesses, specifically the scales of voltage removal that allow the attackers to completely reach the reading/writing to the flash memory.
Once the striker adjusts the fixed program, they can handle the generation of anthropia, which plays a major role in the safety of encryption. This may lead to a remote theft of special switches, giving infiltrators full access to the user’s money.
The ratification system failed to verify a controlled safety
Trezor uses an encryption authentication to verify its devices, but Ledger Donjon found that this system does not verify the fixed -colored programs.
The safe Optiga Trust M element generates a key pair between the public and private sectors during production, and Trezor signs the public key, which leads to its inclusion in a certificate. When the user connects his wallet, Trezor Suite sends a random challenge that the device should sign with its own key. If the signature is valid, the device is considered authentic.
But Ledger’s research shows that this process is only validated by the safe element, not controlling or its fixed programs.
Trezor tried to connect the safe element and control a previously shared secret, which is programmed in both chips during manufacturing. The safe element will only respond to signing requests if the control control is proven by this secret.
The problem? This common secret is stored in the flash memory in a controller, which is offered by voltage attack attacks.
The Leedger team managed to extract the secret, reprogram the slide, and exceed the entire ratification process. This means that the attacker can adjust fixed programs while continuing to pass the security checks of Trezor.
The LEDger report describes how they built a dedicated attack panel, allowing them to dismantle the TRZ32F429 pads on the standard heads.
This setting allows them to control their attack system, extract the secret of participation in advance, and reprogram the device without discovery.
Once the programming, the device still appears legitimate when connected to the Trezor wing since the encryption witness remains unchanged.
This creates a dangerous position, where Trezor Safe 3 and Safe 5 can be sold as original devices, while secretly works on harmful fixed programs that steal user money.
The authenticity of the fixed programs has been exceeded, leaving users exposed
Trezor includes a fixed -handed software safety examination, but Ledger Dungon has found a way to completely overcome this protection.
A fixed program examination works by sending a random challenge to the device, which then calculates the encryption fragmentation using both the challenge and its fixed programs. Trezor Suite checks this retail versus an original fixed version database.
At first glance, this method seems somewhat effective – the attacker cannot just coding a fake fragmentation because they will not know the random challenge in advance, so the device must calculate the retail in real time, which proves that it works to operate real fixed programs.
However, Ledger Dongon discovered a way to completely overcome this protection. Since the arithmetic control controller, the attacker can adjust his fixed programs to falsify a valid response.
By processing how to calculate the device for retail, the attacker can make any version of the fixed programs look authentic. This is a serious problem because it allows the attackers to run modified programs while continuing to pass the Trezor Suite checks.
As a result, Trezor Safe 3 or Safe 5 can remain illegal while leaking special keys or changing transactions data.
The LEDger report concludes that the only way to secure Safe 3 Safe 3 and Safe 5 is a safer controlled replacement. Trezor Safe 5 does not include a more modern controller, STM32U5, which has no known injection attacks publicly – at least at the present time.
But since it is still a standard control, not a dedicated safe element, the risk remains that the new attack methods can be discovered.
Trezor has already corrected weaknesses, but the basic security concerns are still. Until Microcontroller is fully secured, users will have to trust Trezor programs, which have already proven Ledger Donjon research.
Cryptopolitan Academy: Tired of market fluctuations? Learn how Defi can help you build a fixed negative income. Score
