{"id":124957,"date":"2025-03-13T04:16:02","date_gmt":"2025-03-13T04:16:02","guid":{"rendered":"http:\/\/cryptospotters.net\/?p=124957"},"modified":"2025-03-13T04:16:02","modified_gmt":"2025-03-13T04:16:02","slug":"hardware-wallet-ledger-helps-competitor-trezor-resolve-security-vulnerability","status":"publish","type":"post","link":"http:\/\/cryptospotters.net\/?p=124957","title":{"rendered":"Hardware wallet Ledger helps competitor Trezor resolve security vulnerability"},"content":{"rendered":"<p>Source: Cointelegraph.com NewsHardware wallet provider Trezor has patched up a security flaw in two of its latest models after competitor firm Ledger\u2019s open-source research arm discovered a vulnerability in their microcontrollers.\u00a0<br \/>\nLedger Donjon acknowledged Trezor has made several security advancements of late but found cryptographic operations could still be performed on the microcontroller of Trezor\u2019s Safe 3 and 5 models, which could make them \u201cvulnerable to more advanced attacks.\u201d<br \/>\nFortunately, Trezor has since addressed the vulnerabilities found, Ledger\u2019s chief technology officer Charles Guillemet said in a March 12 X post.<br \/>\n\u201cWe believe that making the ecosystem more secure helps everyone, and is critical as we push towards broader adoption of crypto and digital assets,\u201d Guillemet added.<br \/>\nSource: Charles GuillemetTrezor had already implemented \u201cSecure Elements\u201d \u2014 chips designed to protect the user&#8217;s PIN code and cryptographic secrets \u2014 as some of Trezor\u2019s devices could be tampered with by modifying the software running on it, potentially allowing threat actors to steal user funds.<br \/>\nThe Secure Elements feature \u201ceffectively thwarts any inexpensive hardware attack, in particular voltage glitching,\u201d Ledger said in a March 12 post.<br \/>\n\u201c[This] gives users confidence that their funds are safe even if their device gets misplaced or stolen.\u201d<br \/>\nHowever, Ledger found another potential attack vector stemmed from the microcontroller, the other main part of Trezor\u2019s two-chip design for its Safe 3 and 5 models.<br \/>\nTrezor implemented a firmware integrity check to detect modified software, but Ledger was able to demonstrate that an attacker could still bypass this security check.<br \/>\nThis issue has since been resolved by Trezor \u2014 though neither Ledger nor Trezor have explained how. Cointelegraph reached out to Trezor but didn\u2019t receive an immediate response.<br \/>\nTrezor\u2019s microcontroller in the Trezor Safe 3 model. Source: LedgerTrezor confirmed on X that user funds remain safe and that no action is required.<br \/>\nRelated: \u2018Dark Skippy\u2019 method can steal Bitcoin hardware wallet keys<br \/>\nHowever, when asked whether Trezor was able to patch this issue via firmware, the hardware wallet provider responded: \u201cUnfortunately not.\u201d<br \/>\n\u201cIn cybersecurity, the golden rule is simple: nothing is fully unbreakable. That\u2019s why we have already implemented a multi-layer defense against supply chain attacks and always advise our users to purchase from official sources.\u201d<br \/>\nLedger isn\u2019t immune to security vulnerabilities either.<br \/>\nIn December 2023, a hacker committed a security breach into Ledger\u2019s connector library and stole $484,000 worth of crypto assets.<br \/>\nAnother threat actor who breached Ledger\u2019s systems published the mailing addresses of around 270,000 Ledger customers in June 2020.<br \/>\nMagazine: Crypto fans are obsessed with longevity and biohacking: Here\u2019s why<a href=\"https:\/\/cointelegraph.com\/news\/trezor-resolves-security-flaw-identified-by-ledger?utm_source=rss_feed&amp;utm_medium=rss&amp;utm_campaign=rss_partner_inbound\" target=\"_blank\" class=\"feedzy-rss-link-icon\" rel=\"noopener\">Read More<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Source: Cointelegraph.com NewsHardware wallet provider Trezor has patched up a security flaw in two of its latest models after competitor firm Ledger\u2019s open-source research arm discovered a vulnerability in their&hellip; <\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[],"_links":{"self":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts\/124957"}],"collection":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=124957"}],"version-history":[{"count":0,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts\/124957\/revisions"}],"wp:attachment":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=124957"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=124957"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=124957"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}