Abstract:
---------------
The Hardware Crypto Wallet industry witnessed a remarkable growth during the last years, after the market expansion of cryptocurrencies in 2017. Users’ demand for self-custody hardware wallets to store and protect their private keys needed to access blockchain-based digital assets. The user’s seed is the top-most asset from which all these keys are derived. Protecting it efficiently is a big challenge to undertake. In order to achieve this objective, many vendors have chosen to embed other secure components into the architecture to resist hardware attacks. However, the choice of weak components, their misuse, and their bad configuration may lead to critical vulnerabilities.
This presentation deals with the hardware security analysis of the OneKey wallet, which uses an STM32F405 as MicroController Unit (MCU) coupled with an ATECC608 as secure memory. By evaluating the security level of this architecture, we discovered a combination of weaknesses in the usage of the MCU and the secure element configuration.
First, the pairing key used to protect the user's private key (user’s seed) is stored in the OTP of the MCU which has been attacked by a homemade electromagnetic fault injection (EMFI) setup. Second, the pairing key is the only element needed to read out the user’s seed, due to a misconfiguration of the PIN authentication process. Third, this pairing key is also stored in the secure memory, which is known to be vulnerable to laser fault injection (LFI) attacks. Finally, we discovered that the vendor was mistaken in configuring the random number generator (RNG) of the secure element. As a result, all the OneKey wallets in the market have the same paring key to protect the user’s seed.
The discovered vulnerabilities are unfixable and all the users of OneKey are exposed to an actual threat.
#hardwaresecurity #hardwarewallet #hardwear_io #hw_ioUSA2023
---------------------------------------------------------------------------------------------------------------------
Website: hardwear.io
Twitter: / hardwear_io
LinkedIn: / hardwear.io-hardwarese...
Facebook: / hardwear.io